The Critical Security Controls and the StealthWatch System

50 %
50 %
Information about The Critical Security Controls and the StealthWatch System

Published on February 28, 2014

Author: Lancope



As today’s cyber-attackers become more sophisticated and nefarious, organizations must adopt the right mix of conventional and next-generation security tools to effectively defend their infrastructure from advanced threats. The Critical Security Controls effort is a growing movement that has been helping government agencies and large enterprises prioritize their cyber security spending accordingly.

By leveraging NetFlow and other types of flow data, Lancope’s StealthWatch System delivers continuous network visibility to fulfill a number of the highest priority controls, enhancing timely detection of targeted threats and improving incident response.

Learn the latest about the Critical Security Controls and hear how the StealthWatch System fits in.

Ask the Expert Webcast: The Critical Security Controls and the StealthWatch System John Pescatore, Director, SANS Charles Herring, Lancope 1111

Obligatory Agenda Slide • Housekeeping info • Here’s what we will do – 1:05 – 1:20 The Critical Security Controls– John Pescatore, SANS – 1:20 – 1:45 StealthWatch - Charles Herring, Lancope – 1:45 – 2:00 – Q&A 2

Bios John Pescatore joined SANS in January 2013 with 35 years experience in computer, network and information security. He was Gartner’s lead security analyst for 13 years, Prior to joining Gartner Inc. in 1999, he was Senior Consultant for Entrust Technologies and Trusted Information Systems. Before that, John spent 11 years with GTE developing secure computing and telecommunications systems. Mr. Pescatore began his career at the National Security Agency and the United States Secret Service, He holds a Bachelor's degree in Electrical Engineering from the University of Connecticut and is a NSA Certified Cryptologic Engineer. 3

Bios Charles Herring is Senior Systems Engineer at Lancope and longtime StealthWatch user. While on active duty in the US Navy, Charles leveraged StealthWatch in his role as Lead Network Security Analyst for the Naval Postgraduate School. He was tasked with staffing and training Network Security Group personnel, building the security architecture and developing incident response procedures. After leaving the Navy, he spent six years consulting with Federal government, disaster relief organizations and enterprise on network security, communication and process improvement. 4

Focus on protecting the mission first Effectively and efficiently and quickly Advanced targeted attacks are happening now Compliance must follow security Break the Breach Chain 5555

Disrupting the Breach chain DMZ Monitoring Advanced Threat Detect Source: Neusentry 2012 Monitor internal flows © 2013 The SANS™ Institute – Monitor external flows 6

Critical Security Controls 20) Penetration Tests and Red Team Exercises 19) Secure Network Engineering 18) Incident Response Capability 17) Data Protection 16) Account Monitoring and Control 15) Controlled Access Based on Need to Know 19 1) Inventory of Authorized and Unauthorized Devices 20 1 2 2) Inventory of Authorized and Unauthorized Software 3 3) Secure Configurations for Hardware and Software on Laptops, Workstations, and Servers 4 18 17 4) Continuous Vulnerability Assessment and Remediation 5 16 6 7 15 14) Maintenance, Monitoring and Analysis of Audit Logs 5) Malware Defense 14 13) Boundary Defense 13 12) Controlled Use of Administrative Privileges 12 11 10 11) Limitation and Control of Network Ports, Protocols and Services 9 8 6) Application Software Security 7) Wireless Access Control 8) Data Recovery Capability 9) Security Skills Assessment and Appropriate Training to Fill Gaps 10) Secure Configuration of Devices such as Firewalls, Routers, and Switches 7

Other Benchmarking systemic improvements Detecting advanced attacks Incident response Threat mitigation Compliance to mandates and regulations Situational awareness/gap analysis Improvements to overall risk posture Risk reduction/vulnerability mitigation Benefits: Risk Reduction and Visibility Where have the Controls you implemented made the most improvement and/or helped you close your gaps? (Check all that apply.) 70.0% 60.0% 50.0% 40.0% 30.0% 20.0% 10.0% 0.0%

Critical Security Controls Update • Now maintained by the Council On CyberSecurity • Version 5.0 in public review • Updated prioritization and definitions of subcontrols 9

Getting to Continuous Security Action Threats Regulations Requirements OTT Dictates Discovery/Inventory Vuln Assessment/Pen Test Baseline Security Configuration Policy • SIEM • Situational Awareness • Incident Response • • • • Monitor/ Report Assess Risk Shield Eliminate Root Software Vuln Test Cause Mitigate Training Network Arch Privilege Mgmt • FW/IPS/ATD • Anti-malware • NAC • Patch Management • Config Management • Change Management

The Critical Security Controls and the StealthWatch System Charles Herring Senior Systems Engineer 11

Lancope: The Market Leader in Network Visibility Technology Leadership • Powerful threat intelligence • Patented behavioral analysis • Scalable monitoring up to 3M flows per second • 150+ algorithms Best of Breed • 650 Enterprise Clients • Key to Cisco’s Cyber Threat Defense • Gartner recommended • NBA market leader • Flow-based monitoring © 2013 Lancope, Inc. All rights reserved. 12

Your Infrastructure Provides the Source... 3560-X Atlanta San Jose NetFlow Internet NetFlow NetFlow NetFlow 3925 ISR WAN NetFlow New York NetFlow ASR-1000 NetFlow NetFlow Cat6k ASA NetFlow NetFlow Datacenter NetFlow UCS with Nexus 1000v Cat4k Cat6k NetFlow DMZ NetFlow Access NetFlow NetFlow NetFlow 3850 Stack(s) © 2013 Lancope, Inc. All rights reserved. 13

…for Total Visibility from Edge to Access. 3560-X Internet Atlanta ASR-1000 San Jose WAN 3925 ISR Cat6k New York Datacenter UCS with Nexus 1000v © 2013 Lancope, Inc. All rights reserved. Cat4k Cat6k ASA DM Z Access 3850 Stack(s) 14

SANS Critical Controls Boundary Defense Defense Type L3, L4, Signature Emerging L7 Detection Threat Blocking Detection Targeted Threat Detection Firewalls Yes Limited No No Signature IDS Limited Yes No No Malware Sandbox No No Yes Limited StealthWatch No Limited Yes Yes 15

Flow Statistical Analysis © 2013 Lancope, Inc. All rights reserved. 16 16

SANS Critical Controls Monitoring & Audit Defense Type Detection Mechanism Data Source SIEM Boolean Syslog StealthWatch Algorithmic NetFlow 17

SANS Critical Controls Incident Response and Management Logging Type Data Stored Endpoint Hard Drive/Memory Packet Capture Raw PCAP Log Collection Syslog StealthWatch NetFlow 18

Transactional Audits of ALL activities © 2013 Lancope, Inc. All rights reserved. 19

SANS Critical Controls Secure Network Engineering Monitor Type Data Monitored Firewall Change Control Changes in FW Configuration records Configuration Polling SNMP StealthWatch NetFlow against Policy 20

Thank You Charles Herring Senior Systems Engineer Lancope @Lancope (company) @netflowninjas (company blog) © 2013 Lancope, Inc. All rights reserved. 21


Resources • SANS Reading Room: • Blog – • Sponsor link: • Questions: 23

Add a comment

Related presentations

Presentación que realice en el Evento Nacional de Gobierno Abierto, realizado los ...

In this presentation we will describe our experience developing with a highly dyna...

Presentation to the LITA Forum 7th November 2014 Albuquerque, NM

Un recorrido por los cambios que nos generará el wearabletech en el futuro

Um paralelo entre as novidades & mercado em Wearable Computing e Tecnologias Assis...

Microsoft finally joins the smartwatch and fitness tracker game by introducing the...

Related pages

Upcoming Lancope and SANS Webinar: Critical Security ...

SANS Critical Security Controls Featuring Lancope. ... Lancope’s StealthWatch System provides several powerful features for securing the perimeter of a ...
Read more


Critical Security Controls POSTER ... Intel Security/McAfee StealthWatch = Lancope ... CRITICAL SECURITy CONTROL DESCRIPTION
Read more

Solution PRoViDERS - SANS Information Security Training ...

20 Critical Security Controls ... Solution PRoViDERS 20 CritiCal SeCurity ... penetrated existing controls and compromised critical systems at thousands ...
Read more

SANS Institute - CIS Critical Security Controls

Industrial Control Systems; Software Security; ... Critical Vulnerability Recaps; ... The CIS Critical Security Controls for Effective Cyber Defense Now.
Read more

Mapping to NIST 800-53 and Exceeding the Standard with ...

and maps these changing security controls to Lancope’s StealthWatch ... StealthWatch System ... and Exceeding the Standard with StealthWatch 13
Read more

Lancope Announces StealthWatch System 5.0...

... System. StealthWatch System 5.0 ... control of network ... they become security incidents. As a critical resource ...
Read more

Stealthwatch | LinkedIn

Stealthwatch. Articles, experts, jobs, and more: ... Corporate Trainer (Information Security Domain) at Recknors, Head of Systems and Computing Division ...
Read more

Lancope Ships StealthWatch System 5.0 - IT Security - The ...

... at StealthWatch System 5.0" at ... become security incidents. As a critical ... Security • Access Control ...
Read more

20 Critical Security Controls: Control 8 - Data Recovery ...

Today’s post is all about Control 8 of the CSIS 20 Critical Security Controls ... Know your systems well ... to The State of Security who now ...
Read more