![Page 1: Continuous Monitoring and Real Time Risk Scoring](https://reader033.vdocuments.mx/reader033/viewer/2022052600/557cf48cd8b42a98158b47a3/html5/thumbnails/1.jpg)
Continuous Monitoring
and Real Time Risk
Scoring
Erich Baumgartner, VP Federal
Q1 Labs – An IBM Company
J.R. Cunningham, Director of
Federal Strategy
Accuvant
![Page 2: Continuous Monitoring and Real Time Risk Scoring](https://reader033.vdocuments.mx/reader033/viewer/2022052600/557cf48cd8b42a98158b47a3/html5/thumbnails/2.jpg)
2
Meeting the Information Requirements of
Federal Agencies
Two-phased compliance and security timeline
![Page 3: Continuous Monitoring and Real Time Risk Scoring](https://reader033.vdocuments.mx/reader033/viewer/2022052600/557cf48cd8b42a98158b47a3/html5/thumbnails/3.jpg)
3
Security Intelligence for Continuous
Monitoring
Monitors network changes to detect vulnerabilities in the
network
Changes may be potential threats and policy/compliance
violations, resulting in security gaps
Compares configuration data from network security devices
with layer 7 network activity analysis
Continuously checks rule policy effectiveness and raises alerts
Provides single console view of risk exposure needed to
meet continuous monitoring requirements (risk management,
log management, SIEM, network behavior analysis)
![Page 4: Continuous Monitoring and Real Time Risk Scoring](https://reader033.vdocuments.mx/reader033/viewer/2022052600/557cf48cd8b42a98158b47a3/html5/thumbnails/4.jpg)
4
Continuously Manage Risk with
Security Intelligence
Move beyond traditionally reactive security management
Multi-vendor network
configuration monitoring &
audit
Automated compliance
and risk assessment
Predictive threat modeling & simulation
Risk Indicators
Configuration/ Topology
Network Activity
Vulnerability Management
Network & vulnerability context
![Page 5: Continuous Monitoring and Real Time Risk Scoring](https://reader033.vdocuments.mx/reader033/viewer/2022052600/557cf48cd8b42a98158b47a3/html5/thumbnails/5.jpg)
5
Accuvant & Q1 Labs
Traditional SVARs Technology Driven
Traditional Consulting Audit/Compliance Driven
![Page 6: Continuous Monitoring and Real Time Risk Scoring](https://reader033.vdocuments.mx/reader033/viewer/2022052600/557cf48cd8b42a98158b47a3/html5/thumbnails/6.jpg)
6
J.R. Cunningham Accuvant
![Page 7: Continuous Monitoring and Real Time Risk Scoring](https://reader033.vdocuments.mx/reader033/viewer/2022052600/557cf48cd8b42a98158b47a3/html5/thumbnails/7.jpg)
7
What is Continuous Monitoring?
“…determine if the
complete set of
planned, required,
and deployed
security controls
within
an information
system or
inherited by the
system continue
to be effective
over time…” NIST
SP 800-37
![Page 8: Continuous Monitoring and Real Time Risk Scoring](https://reader033.vdocuments.mx/reader033/viewer/2022052600/557cf48cd8b42a98158b47a3/html5/thumbnails/8.jpg)
8
Why is Continuous Monitoring Critical? (Beyond the Obvious Answer – “It’s Required”)
Intelligent Cyber Security- Applying
countermeasures to only systems needing those
controls
Threat Intelligence – Understanding as much
about the enemy and threat vectors as possible
Acquisition excellence – find the “big ROI”
Situational Awareness – decision superiority
delivered with “speed of need”
“If an agency has $1 to spend today, where
should they spend it and why?”
![Page 9: Continuous Monitoring and Real Time Risk Scoring](https://reader033.vdocuments.mx/reader033/viewer/2022052600/557cf48cd8b42a98158b47a3/html5/thumbnails/9.jpg)
9
Continuous Monitoring and Situational
Awareness
Thre
at Co
un
term
ea
sure
Malware
Insider Threat
Device/Data Theft
Leakage
DDoS
Espionage
Endpoint Protection
Network Defenses
Encryption
DLP
SIEM
RBAC
Situational
Awareness
![Page 10: Continuous Monitoring and Real Time Risk Scoring](https://reader033.vdocuments.mx/reader033/viewer/2022052600/557cf48cd8b42a98158b47a3/html5/thumbnails/10.jpg)
10
Choosing Meaningful Metrics
Organizational
Data
Vulnerability & Patch
Management
Software & Data Asset
Management
Network &
Configuration
Management
Compliance & Audit
Management
Security Information &
Event Management
• Accurate
• Repeatable
• Potential for Risk Relevance
(either alone or with other
data)
• Should be known in industry
• Not Necessarily Actionable
• Can sometimes validate or
invalidate other data
![Page 11: Continuous Monitoring and Real Time Risk Scoring](https://reader033.vdocuments.mx/reader033/viewer/2022052600/557cf48cd8b42a98158b47a3/html5/thumbnails/11.jpg)
11
Industry Standard Metrics (measurablesecurity.mitre.org)
![Page 12: Continuous Monitoring and Real Time Risk Scoring](https://reader033.vdocuments.mx/reader033/viewer/2022052600/557cf48cd8b42a98158b47a3/html5/thumbnails/12.jpg)
12
Finding the Risk Relevant Data
Organizational
Data
Vulnerability & Patch
Management
Software & Data Asset
Management
Network &
Configuration
Management
Compliance & Audit
Management
Security Information &
Event Management
Risk Relevant
Data
• Some level of aggregation
• Also a repeatable process
• Begins to inform SA
• Not necessarily actionable
• Centrally managed
![Page 13: Continuous Monitoring and Real Time Risk Scoring](https://reader033.vdocuments.mx/reader033/viewer/2022052600/557cf48cd8b42a98158b47a3/html5/thumbnails/13.jpg)
13
Security Intelligence Across the
Infrastructure – Anomaly Detection
![Page 14: Continuous Monitoring and Real Time Risk Scoring](https://reader033.vdocuments.mx/reader033/viewer/2022052600/557cf48cd8b42a98158b47a3/html5/thumbnails/14.jpg)
14
Squelching the Noise
![Page 15: Continuous Monitoring and Real Time Risk Scoring](https://reader033.vdocuments.mx/reader033/viewer/2022052600/557cf48cd8b42a98158b47a3/html5/thumbnails/15.jpg)
15
Informative and Actionable Output
Q1 Report Screen Here
![Page 16: Continuous Monitoring and Real Time Risk Scoring](https://reader033.vdocuments.mx/reader033/viewer/2022052600/557cf48cd8b42a98158b47a3/html5/thumbnails/16.jpg)
16
Pre-built NIST reporting
![Page 17: Continuous Monitoring and Real Time Risk Scoring](https://reader033.vdocuments.mx/reader033/viewer/2022052600/557cf48cd8b42a98158b47a3/html5/thumbnails/17.jpg)
17
Risk Based Decisions
* NIST SP 800-39
![Page 18: Continuous Monitoring and Real Time Risk Scoring](https://reader033.vdocuments.mx/reader033/viewer/2022052600/557cf48cd8b42a98158b47a3/html5/thumbnails/18.jpg)
18
What to do next?
Watch our recent webcasts http://q1labs.com/resource-
center/media-center.aspx
Download the “Gartner SIEM Critical Capabilities” report
http://q1labs.com/resource-center/analyst-
reports/details.aspx?id=17
Download the “Continuous Monitoring for Government
Agencies” paper http://q1labs.com/resource-center/white-
papers/details.aspx?id=137
Read our blog http://blog.q1labs.com/
Follow us on Twitter: @q1labs @ibmsecurity