Abstract image of a woman sitting on books and studying on a laptop

Continuous Monitoring and Real Time Risk Scoring

Q1 Labs, profile picture
Q1 Labs

This document discusses continuous monitoring and real-time risk scoring. It describes how continuous monitoring can detect vulnerabilities and potential threats by monitoring network changes and comparing configurations to network activity. A two-phased compliance timeline is mentioned. Continuous monitoring provides a single console view of risk exposure needed to meet federal requirements. Metrics and risk-relevant data are discussed. The benefits of security intelligence across infrastructure for anomaly detection and actionable, informative outputs are presented.

TechnologyBusiness
1 of 19
Downloaded 60 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
Continuous Monitoring and Real Time Risk Scoring Erich Baumgartner, VP Federal Q1 Labs – An IBM Company J.R. Cunningham, Director of Federal Strategy Accuvant
Meeting the Information Requirements of Federal Agencies Two-phased compliance and security timeline 2
Security Intelligence for Continuous Monitoring  Monitors network changes to detect vulnerabilities in the network  Changes may be potential threats and policy/compliance violations, resulting in security gaps  Compares configuration data from network security devices with layer 7 network activity analysis  Continuously checks rule policy effectiveness and raises alerts  Provides single console view of risk exposure needed to meet continuous monitoring requirements (risk management, log management, SIEM, network behavior analysis) 3
Continuously Manage Risk with Security Intelligence Move beyond traditionally reactive security management Multi-vendor network Automated compliance Predictive threat configuration monitoring & and risk assessment modeling & simulation audit Risk Indicators Configuration/  Topology Network  Activity Vulnerability  Management Network &  vulnerability context 4
Accuvant & Q1 Labs Traditional SVARs Technology Driven Traditional Consulting Audit/Compliance Driven 5
J.R. Cunningham Accuvant 6
What is Continuous Monitoring? “…determine if the complete set of planned, required, and deployed security controls within an information system or inherited by the system continue to be effective over time…” NIST SP 800-37 7
Why is Continuous Monitoring Critical? (Beyond the Obvious Answer – “It’s Required”) Intelligent Cyber Security- Applying countermeasures to only systems needing those controls Threat Intelligence – Understanding as much about the enemy and threat vectors as possible Acquisition excellence – find the “big ROI” Situational Awareness – decision superiority delivered with “speed of need” “If an agency has $1 to spend today, where should they spend it and why?” 8
Continuous Monitoring and Situational Awareness Endpoint Protection Network Defenses Encryption DLP SIEM Countermeasure RBAC Situational Threat Awareness Malware Insider Threat Device/Data Theft Leakage DDoS Espionage 9
Choosing Meaningful Metrics Organizational Data • Accurate Vulnerability & Patch • Repeatable • Potential for Risk Relevance Management Software & Data Asset (either alone or with other Management data) Network & Configuration • Should be known in industry Management • Not Necessarily Actionable Compliance & Audit • Can sometimes validate or Management invalidate other data Security Information & Event Management 10
Industry Standard Metrics (measurablesecurity.mitre.org) 11
Finding the Risk Relevant Data Organizational Data Vulnerability & Patch Management Software & Data Asset • Some level of aggregation Management • Also a repeatable process Risk Relevant • Begins to inform SA Network & Data • Not necessarily actionable Configuration Management • Centrally managed Compliance & Audit Management Security Information & Event Management 12
Security Intelligence Across the Infrastructure – Anomaly Detection 13
Squelching the Noise 14
Informative and Actionable Output Q1 Report Screen Here 15
Pre-built NIST reporting 16
Risk Based Decisions * NIST SP 800-39 17
What to do next?  Watch our recent webcasts http://q1labs.com/resource- center/media-center.aspx  Download the “Gartner SIEM Critical Capabilities” report http://q1labs.com/resource-center/analyst- reports/details.aspx?id=17  Download the “Continuous Monitoring for Government Agencies” paper http://q1labs.com/resource-center/white- papers/details.aspx?id=137  Read our blog http://blog.q1labs.com/  Follow us on Twitter: @q1labs @ibmsecurity 18
Thank You! More info: info@Q1Labs.com Twitter: @q1labs @accuvant Blog: blog.q1labs.com 19

More Related Content

PDF
Cylance_Protect_Datasheet
Tiana Henriks
 
PPT
002.itsecurity bcp v1
Mohammad Ashfaqur Rahman
 
PPTX
Information security principles
Dan Morrill
 
PDF
Five Essential Enterprise Architecture Practices to Create the Security-Aware...
UBM_Design_Central
 
PDF
Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...
Raffael Marty
 
PDF
2012-12-12 Seminar McAfee ESM
Pinewood
 
PPTX
Core security utcpresentation962012
Seema Sheth-Voss
 
PDF
From SIEM to SA: The Path Forward
EMC
 
Cylance_Protect_Datasheet
Tiana Henriks
 
002.itsecurity bcp v1
Mohammad Ashfaqur Rahman
 
Information security principles
Dan Morrill
 
Five Essential Enterprise Architecture Practices to Create the Security-Aware...
UBM_Design_Central
 
Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...
Raffael Marty
 
2012-12-12 Seminar McAfee ESM
Pinewood
 
Core security utcpresentation962012
Seema Sheth-Voss
 
From SIEM to SA: The Path Forward
EMC
 

What's hot (20)

PDF
Vulnerability Management
asherad
 
PPT
Layered Approach - Information Security Recommendations
Michael Kaishar, MSIA | CISSP
 
PDF
Redefining siem to real time security intelligence
Brendaly Marcano
 
PDF
kaspersky presentation for palette business solution June 2016 v1.0.
Onwubiko Emmanuel
 
PPTX
Security Information Event Management - nullhyd
n|u - The Open Security Community
 
PPTX
Gainful Information Security 2012 services
Cade Zvavanjanja
 
PDF
Cylance Protect-Next-Generation Antivirus-Overview
Innovation Network Technologies: InNet
 
PPTX
Challenges of Vulnerability Management
Rahul Neel Mani
 
PDF
Cylance Information Security: Compromise Assessment Datasheet
Innovation Network Technologies: InNet
 
PPTX
Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...
Sirius
 
PPTX
Security Analytics for Data Discovery - Closing the SIEM Gap
Eric Johansen, CISSP
 
PDF
Qradar ibm partner_enablement_220212_final
Arrow ECS UK
 
PDF
Lessons Learned Fighting Modern Cyberthreats in Critical ICS Networks
Angeloluca Barba
 
PDF
Defense In Depth Using NIST 800-30
Kevin M. Moker, CFE, CISSP, ISSMP, CISM
 
PPTX
Računalna forenzika i automatizirani odgovor na mrežne incidente
Damir Delija
 
PPTX
Identity intelligence: Threat-aware Identity and Access Management
Prolifics
 
PPTX
Actionable Threat Intelligence
OWASP Delhi
 
PPTX
Vulnerability Assessment Presentation
Lionel Medina
 
PPTX
Cyber threat detection by siem tools
mrigakshi goel
 
PDF
Top Cybersecurity Threats and How SIEM Protects Against Them
SBWebinars
 
Vulnerability Management
asherad
 
Layered Approach - Information Security Recommendations
Michael Kaishar, MSIA | CISSP
 
Redefining siem to real time security intelligence
Brendaly Marcano
 
kaspersky presentation for palette business solution June 2016 v1.0.
Onwubiko Emmanuel
 
Security Information Event Management - nullhyd
n|u - The Open Security Community
 
Gainful Information Security 2012 services
Cade Zvavanjanja
 
Cylance Protect-Next-Generation Antivirus-Overview
Innovation Network Technologies: InNet
 
Challenges of Vulnerability Management
Rahul Neel Mani
 
Cylance Information Security: Compromise Assessment Datasheet
Innovation Network Technologies: InNet
 
Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...
Sirius
 
Security Analytics for Data Discovery - Closing the SIEM Gap
Eric Johansen, CISSP
 
Qradar ibm partner_enablement_220212_final
Arrow ECS UK
 
Lessons Learned Fighting Modern Cyberthreats in Critical ICS Networks
Angeloluca Barba
 
Defense In Depth Using NIST 800-30
Kevin M. Moker, CFE, CISSP, ISSMP, CISM
 
Računalna forenzika i automatizirani odgovor na mrežne incidente
Damir Delija
 
Identity intelligence: Threat-aware Identity and Access Management
Prolifics
 
Actionable Threat Intelligence
OWASP Delhi
 
Vulnerability Assessment Presentation
Lionel Medina
 
Cyber threat detection by siem tools
mrigakshi goel
 
Top Cybersecurity Threats and How SIEM Protects Against Them
SBWebinars
 
Ad

Similar to Continuous Monitoring and Real Time Risk Scoring (20)

PDF
2012 Data Center Security
Szymon Dowgwillowicz-Nowicki
 
PPTX
Sw keynote
gueste69f645
 
PDF
[cb22] Keynote: Underwhelmed: Making Sense of the Overwhelming Challenge of C...
CODE BLUE
 
PDF
Data security in cloud
Interop
 
PDF
PROFILE - NETMONASTERY
Shomiron Das Gupta
 
PDF
SuprTEK Continuous Monitoring
Tieu Luu
 
PPTX
Information Security Cost Effective Managed Services
Jorge Sebastiao
 
PDF
Better security through IT operations
slighltyanon
 
PDF
Security Awareness Training
Daniel P Wallace
 
PPTX
Fs isac fico and core presentation10222012
Seema Sheth-Voss
 
PPTX
Ulf mattsson webinar jun 7 2012 slideshare version
Ulf Mattsson
 
PDF
DSS ITSEC CONFERENCE - Lumension Security - Intelligent application whiteli...
Andris Soroka
 
PDF
Day 3 p2 - security
Lilian Schaffer
 
PDF
Day 3 p2 - security
Lilian Schaffer
 
PDF
Security Intelligence
IBMGovernmentCA
 
PDF
Building an Intelligence-Driven Security Operations Center
EMC
 
PDF
Cloud Auditing
Jonathan Sinclair
 
PDF
Data Security Metricsa Value Based Approach
Flaskdata.io
 
PPT
Cio ciso security_strategyv1.1
Anindya Ghosh,
 
PPT
PCTY 2012, IBM Security and Strategy v. Fabio Panada
IBM Danmark
 
2012 Data Center Security
Szymon Dowgwillowicz-Nowicki
 
Sw keynote
gueste69f645
 
[cb22] Keynote: Underwhelmed: Making Sense of the Overwhelming Challenge of C...
CODE BLUE
 
Data security in cloud
Interop
 
PROFILE - NETMONASTERY
Shomiron Das Gupta
 
SuprTEK Continuous Monitoring
Tieu Luu
 
Information Security Cost Effective Managed Services
Jorge Sebastiao
 
Better security through IT operations
slighltyanon
 
Security Awareness Training
Daniel P Wallace
 
Fs isac fico and core presentation10222012
Seema Sheth-Voss
 
Ulf mattsson webinar jun 7 2012 slideshare version
Ulf Mattsson
 
DSS ITSEC CONFERENCE - Lumension Security - Intelligent application whiteli...
Andris Soroka
 
Day 3 p2 - security
Lilian Schaffer
 
Day 3 p2 - security
Lilian Schaffer
 
Security Intelligence
IBMGovernmentCA
 
Building an Intelligence-Driven Security Operations Center
EMC
 
Cloud Auditing
Jonathan Sinclair
 
Data Security Metricsa Value Based Approach
Flaskdata.io
 
Cio ciso security_strategyv1.1
Anindya Ghosh,
 
PCTY 2012, IBM Security and Strategy v. Fabio Panada
IBM Danmark
 
Ad

Recently uploaded (20)

PDF
Flame analysis and combustion estimation using large language and vision assi...
IAESIJAI
 
PDF
Hybrid horned lizard optimization algorithm-aquila optimizer for DC motor
IAESIJAI
 
PDF
The influence of sentiment analysis in enhancing early warning system model f...
IAESIJAI
 
PDF
ENT215_Completing-a-large-scale-migration-and-modernization-with-AWS.pdf
ssuser28425f
 
PDF
How ambidextrous entrepreneurial leaders react to the artificial intelligence...
IAESIJAI
 
PDF
sbt 2.0: go big (Scala Days 2025 edition)
Eugene Yokota
 
PPTX
Microsoft Excel 365/2024 Beginner's training
frank yeboah
 
PDF
UiPath Agentic Automation session 1: RPA to Agents
suhanisingh58689
 
PPTX
Custom Battery Pack Design Considerations for Performance and Safety
Epec Engineered Technologies
 
PDF
A contest of sentiment analysis: k-nearest neighbor versus neural network
IAESIJAI
 
PDF
Architecture types and enterprise applications.pdf
ChristopherTHyatt
 
PDF
Convolutional neural network based encoder-decoder for efficient real-time ob...
IAESIJAI
 
PDF
Enhancing emotion recognition model for a student engagement use case through...
IAESIJAI
 
PDF
Zenith AI: Advanced Artificial Intelligence
Biz Preneurs
 
PPTX
Chapter 5: Probability Theory and Statistics
RandyFin
 
PDF
OpenACC and Open Hackathons Monthly Highlights July 2025
OpenACC
 
PPTX
The various Industrial Revolutions .pptx
bandileshozi3
 
PPTX
Benefits of Physical activity for teenagers.pptx
Nokwanda Thabethe
 
PPTX
Final SEM Unit 1 for mit wpu at pune .pptx
anishtilekar08
 
PDF
Credit Without Borders: AI and Financial Inclusion in Bangladesh
Ehsan Tanim
 
Flame analysis and combustion estimation using large language and vision assi...
IAESIJAI
 
Hybrid horned lizard optimization algorithm-aquila optimizer for DC motor
IAESIJAI
 
The influence of sentiment analysis in enhancing early warning system model f...
IAESIJAI
 
ENT215_Completing-a-large-scale-migration-and-modernization-with-AWS.pdf
ssuser28425f
 
How ambidextrous entrepreneurial leaders react to the artificial intelligence...
IAESIJAI
 
sbt 2.0: go big (Scala Days 2025 edition)
Eugene Yokota
 
Microsoft Excel 365/2024 Beginner's training
frank yeboah
 
UiPath Agentic Automation session 1: RPA to Agents
suhanisingh58689
 
Custom Battery Pack Design Considerations for Performance and Safety
Epec Engineered Technologies
 
A contest of sentiment analysis: k-nearest neighbor versus neural network
IAESIJAI
 
Architecture types and enterprise applications.pdf
ChristopherTHyatt
 
Convolutional neural network based encoder-decoder for efficient real-time ob...
IAESIJAI
 
Enhancing emotion recognition model for a student engagement use case through...
IAESIJAI
 
Zenith AI: Advanced Artificial Intelligence
Biz Preneurs
 
Chapter 5: Probability Theory and Statistics
RandyFin
 
OpenACC and Open Hackathons Monthly Highlights July 2025
OpenACC
 
The various Industrial Revolutions .pptx
bandileshozi3
 
Benefits of Physical activity for teenagers.pptx
Nokwanda Thabethe
 
Final SEM Unit 1 for mit wpu at pune .pptx
anishtilekar08
 
Credit Without Borders: AI and Financial Inclusion in Bangladesh
Ehsan Tanim
 

Continuous Monitoring and Real Time Risk Scoring

  • 1. Continuous Monitoring and Real Time Risk Scoring Erich Baumgartner, VP Federal Q1 Labs – An IBM Company J.R. Cunningham, Director of Federal Strategy Accuvant
  • 2. Meeting the Information Requirements of Federal Agencies Two-phased compliance and security timeline 2
  • 3. Security Intelligence for Continuous Monitoring  Monitors network changes to detect vulnerabilities in the network  Changes may be potential threats and policy/compliance violations, resulting in security gaps  Compares configuration data from network security devices with layer 7 network activity analysis  Continuously checks rule policy effectiveness and raises alerts  Provides single console view of risk exposure needed to meet continuous monitoring requirements (risk management, log management, SIEM, network behavior analysis) 3
  • 4. Continuously Manage Risk with Security Intelligence Move beyond traditionally reactive security management Multi-vendor network Automated compliance Predictive threat configuration monitoring & and risk assessment modeling & simulation audit Risk Indicators Configuration/  Topology Network  Activity Vulnerability  Management Network &  vulnerability context 4
  • 5. Accuvant & Q1 Labs Traditional SVARs Technology Driven Traditional Consulting Audit/Compliance Driven 5
  • 6. J.R. Cunningham Accuvant 6
  • 7. What is Continuous Monitoring? “…determine if the complete set of planned, required, and deployed security controls within an information system or inherited by the system continue to be effective over time…” NIST SP 800-37 7
  • 8. Why is Continuous Monitoring Critical? (Beyond the Obvious Answer – “It’s Required”) Intelligent Cyber Security- Applying countermeasures to only systems needing those controls Threat Intelligence – Understanding as much about the enemy and threat vectors as possible Acquisition excellence – find the “big ROI” Situational Awareness – decision superiority delivered with “speed of need” “If an agency has $1 to spend today, where should they spend it and why?” 8
  • 9. Continuous Monitoring and Situational Awareness Endpoint Protection Network Defenses Encryption DLP SIEM Countermeasure RBAC Situational Threat Awareness Malware Insider Threat Device/Data Theft Leakage DDoS Espionage 9
  • 10. Choosing Meaningful Metrics Organizational Data • Accurate Vulnerability & Patch • Repeatable • Potential for Risk Relevance Management Software & Data Asset (either alone or with other Management data) Network & Configuration • Should be known in industry Management • Not Necessarily Actionable Compliance & Audit • Can sometimes validate or Management invalidate other data Security Information & Event Management 10
  • 12. Finding the Risk Relevant Data Organizational Data Vulnerability & Patch Management Software & Data Asset • Some level of aggregation Management • Also a repeatable process Risk Relevant • Begins to inform SA Network & Data • Not necessarily actionable Configuration Management • Centrally managed Compliance & Audit Management Security Information & Event Management 12
  • 13. Security Intelligence Across the Infrastructure – Anomaly Detection 13
  • 15. Informative and Actionable Output Q1 Report Screen Here 15
  • 17. Risk Based Decisions * NIST SP 800-39 17
  • 18. What to do next?  Watch our recent webcasts http://q1labs.com/resource- center/media-center.aspx  Download the “Gartner SIEM Critical Capabilities” report http://q1labs.com/resource-center/analyst- reports/details.aspx?id=17  Download the “Continuous Monitoring for Government Agencies” paper http://q1labs.com/resource-center/white- papers/details.aspx?id=137  Read our blog http://blog.q1labs.com/  Follow us on Twitter: @q1labs @ibmsecurity 18
  • 19. Thank You! More info: [email protected] Twitter: @q1labs @accuvant Blog: blog.q1labs.com 19