Keep Your Guard: Stay Compliant and Be Secure€¦ · Keep Your Guard: Stay Compliant and Be Secure...
Transcript of Keep Your Guard: Stay Compliant and Be Secure€¦ · Keep Your Guard: Stay Compliant and Be Secure...
![Page 1: Keep Your Guard: Stay Compliant and Be Secure€¦ · Keep Your Guard: Stay Compliant and Be Secure September 14th, 2016 Presenters Director, Product Management IT Security and Risk](https://reader036.fdocuments.us/reader036/viewer/2022071000/5fbcf5b35c79e834b3039d03/html5/thumbnails/1.jpg)
KeepYourGuard:StayCompliantandBeSecureSeptember14th,2016
![Page 2: Keep Your Guard: Stay Compliant and Be Secure€¦ · Keep Your Guard: Stay Compliant and Be Secure September 14th, 2016 Presenters Director, Product Management IT Security and Risk](https://reader036.fdocuments.us/reader036/viewer/2022071000/5fbcf5b35c79e834b3039d03/html5/thumbnails/2.jpg)
Presenters
Director, Product Management IT Security and Risk Strategist
Twitter: @terlin [email protected]
Vice President, Services
Tim Erlin Karl Perman Bill Kearson
Director, Information Security
![Page 3: Keep Your Guard: Stay Compliant and Be Secure€¦ · Keep Your Guard: Stay Compliant and Be Secure September 14th, 2016 Presenters Director, Product Management IT Security and Risk](https://reader036.fdocuments.us/reader036/viewer/2022071000/5fbcf5b35c79e834b3039d03/html5/thumbnails/3.jpg)
3
Current State of Industry Tripwire Research: http://www.tripwire.com/company/research
Could a cyberattack on operational technology in your organization cause physical damage?
* November, 2015, 150 IT professionals in energy, utilities and oil & gas
![Page 4: Keep Your Guard: Stay Compliant and Be Secure€¦ · Keep Your Guard: Stay Compliant and Be Secure September 14th, 2016 Presenters Director, Product Management IT Security and Risk](https://reader036.fdocuments.us/reader036/viewer/2022071000/5fbcf5b35c79e834b3039d03/html5/thumbnails/4.jpg)
4
Current State of Industry Tripwire Research: http://www.tripwire.com/company/research
Does your organization have the ability to accurately track all the threats targeting your OT networks?
* November, 2015, 150 IT professionals in energy, utilities and oil & gas
![Page 5: Keep Your Guard: Stay Compliant and Be Secure€¦ · Keep Your Guard: Stay Compliant and Be Secure September 14th, 2016 Presenters Director, Product Management IT Security and Risk](https://reader036.fdocuments.us/reader036/viewer/2022071000/5fbcf5b35c79e834b3039d03/html5/thumbnails/5.jpg)
5
Current State of Industry Tripwire Research: http://www.tripwire.com/company/research
What compliance requirements are the biggest driver for your purchase of cyber security products?
* November, 2015, 150 IT professionals in energy, utilities and oil & gas
![Page 6: Keep Your Guard: Stay Compliant and Be Secure€¦ · Keep Your Guard: Stay Compliant and Be Secure September 14th, 2016 Presenters Director, Product Management IT Security and Risk](https://reader036.fdocuments.us/reader036/viewer/2022071000/5fbcf5b35c79e834b3039d03/html5/thumbnails/6.jpg)
ComplianceChallenge:Baselines• WhatdoesNERCCIPrequire:
– CIP-010R1:DevelopconfiguraLonbaselines,authorizeanddocumentchangestobaselines(OSincludingfirmware,soQware,ports,securitypatches)
– CIP-010R2:MonitorandinvesLgatechangestobaselines• TipsforAchievingandMaintainingCompliance
– AutomaLon;reducingmanualeffortcandramaLcallyreduceauditburden.
– DefinebaselineprocessforyourorganizaLon– HaveaconfiguraLonchangemanagementsystemincludingchangeauthorizaLonprocess
![Page 7: Keep Your Guard: Stay Compliant and Be Secure€¦ · Keep Your Guard: Stay Compliant and Be Secure September 14th, 2016 Presenters Director, Product Management IT Security and Risk](https://reader036.fdocuments.us/reader036/viewer/2022071000/5fbcf5b35c79e834b3039d03/html5/thumbnails/7.jpg)
ComplianceChallenge:Logging• WhatdoesNERCCIPrequire:
– CIP-007R4:Logsecurityevents,generatealerts,retainandreviewlogs– CIP-006R2.2:Loggingofvisitoraccess– CIP-009R1.5:DatapreservaLonfordeterminingcauseofCyberSecurityIncident– CIP-005R1.5:DetecLngmaliciouscommunicaLons
• TipsforAchievingandMaintainingCompliance– NormalizaLonrules;chooseaproductthatcannormalizelogsfromsystemsinyour
environment.– Don’tpayforlogstorage;chooseatoolthatlicensesbyasset,notbyeventsper
secondordatastored.– ImplementaloggingprocessincludingclearlydefinedrolesandresponsibiliLes
![Page 8: Keep Your Guard: Stay Compliant and Be Secure€¦ · Keep Your Guard: Stay Compliant and Be Secure September 14th, 2016 Presenters Director, Product Management IT Security and Risk](https://reader036.fdocuments.us/reader036/viewer/2022071000/5fbcf5b35c79e834b3039d03/html5/thumbnails/8.jpg)
ComplianceisNotSecurity
![Page 9: Keep Your Guard: Stay Compliant and Be Secure€¦ · Keep Your Guard: Stay Compliant and Be Secure September 14th, 2016 Presenters Director, Product Management IT Security and Risk](https://reader036.fdocuments.us/reader036/viewer/2022071000/5fbcf5b35c79e834b3039d03/html5/thumbnails/9.jpg)
Security:SecureConfiguraLons• WhatgapsdoesCIPcomplianceleaveopen:
– Frequencyofreview;35daysisnotoQenenough!– UseofconfiguraLoninformaLon– Rememberoffenseaswellasdefense
• TipsforgoingbeyondNERCCIPcompliancetosecurity– UseaconfiguraLonbaselinetoolthatcanmonitorinrealLme.– ExpandthebaselineconfiguraLonitemspromulgatedbyCIP– FuseconfiguraLondatawiththreatintelligence
![Page 10: Keep Your Guard: Stay Compliant and Be Secure€¦ · Keep Your Guard: Stay Compliant and Be Secure September 14th, 2016 Presenters Director, Product Management IT Security and Risk](https://reader036.fdocuments.us/reader036/viewer/2022071000/5fbcf5b35c79e834b3039d03/html5/thumbnails/10.jpg)
Security:SecurityEventManagement
• WhatgapsdoesCIPcomplianceleaveopen:– StatefulcorrelaLonofevents;5failedloginsfollowedbysuccess
– TrackeventsthatmafertoyourorganizaLoninaddiLontoCIPrequirements
• TipsforgoingbeyondNERCCIPcompliancetosecurity– Usealogmanagementtoolthatcantrackstateacrossevents– UsekeyperformanceindicatorstomeasureeffecLveness– Eventanalysiscorrelatedwiththreatintelligence
![Page 11: Keep Your Guard: Stay Compliant and Be Secure€¦ · Keep Your Guard: Stay Compliant and Be Secure September 14th, 2016 Presenters Director, Product Management IT Security and Risk](https://reader036.fdocuments.us/reader036/viewer/2022071000/5fbcf5b35c79e834b3039d03/html5/thumbnails/11.jpg)
Conclusion• CIPisonlyabaseline;gofurtherforsecurity• GoodCIPcompliancemaynotprotectyoufromallofthecurrentsecuritythreats
• Aprocessdrivenapproachshouldmakecompliancelessburdensomeinthelongrun(definedandrepeatableprocesses)
• Automatewhereyoucanasmanualprocessesarefraughtwithresourceconstraintsanderrors
![Page 12: Keep Your Guard: Stay Compliant and Be Secure€¦ · Keep Your Guard: Stay Compliant and Be Secure September 14th, 2016 Presenters Director, Product Management IT Security and Risk](https://reader036.fdocuments.us/reader036/viewer/2022071000/5fbcf5b35c79e834b3039d03/html5/thumbnails/12.jpg)
TRIPWIREPROPRIETARY&CONFIDENTIAL.NOTFORDISTRIBUTION.INTERNALUSEONLY.
Questions