12
Keep Your Guard: Stay Compliant and Be Secure September 14 th , 2016

Keep Your Guard: Stay Compliant and Be Secure€¦ · Keep Your Guard: Stay Compliant and Be Secure September 14th, 2016 Presenters Director, Product Management IT Security and Risk

  • Upload
    others

  • View
    1

  • Download
    0

Embed Size (px)

Citation preview

Page 1: Keep Your Guard: Stay Compliant and Be Secure€¦ · Keep Your Guard: Stay Compliant and Be Secure September 14th, 2016 Presenters Director, Product Management IT Security and Risk

KeepYourGuard:StayCompliantandBeSecureSeptember14th,2016

Page 2: Keep Your Guard: Stay Compliant and Be Secure€¦ · Keep Your Guard: Stay Compliant and Be Secure September 14th, 2016 Presenters Director, Product Management IT Security and Risk

Presenters

Director, Product Management IT Security and Risk Strategist

Twitter: @terlin [email protected]

Vice President, Services

Tim Erlin Karl Perman Bill Kearson

Director, Information Security

Page 3: Keep Your Guard: Stay Compliant and Be Secure€¦ · Keep Your Guard: Stay Compliant and Be Secure September 14th, 2016 Presenters Director, Product Management IT Security and Risk

3

Current State of Industry Tripwire Research: http://www.tripwire.com/company/research

Could a cyberattack on operational technology in your organization cause physical damage?

* November, 2015, 150 IT professionals in energy, utilities and oil & gas

Page 4: Keep Your Guard: Stay Compliant and Be Secure€¦ · Keep Your Guard: Stay Compliant and Be Secure September 14th, 2016 Presenters Director, Product Management IT Security and Risk

4

Current State of Industry Tripwire Research: http://www.tripwire.com/company/research

Does your organization have the ability to accurately track all the threats targeting your OT networks?

* November, 2015, 150 IT professionals in energy, utilities and oil & gas

Page 5: Keep Your Guard: Stay Compliant and Be Secure€¦ · Keep Your Guard: Stay Compliant and Be Secure September 14th, 2016 Presenters Director, Product Management IT Security and Risk

5

Current State of Industry Tripwire Research: http://www.tripwire.com/company/research

What compliance requirements are the biggest driver for your purchase of cyber security products?

* November, 2015, 150 IT professionals in energy, utilities and oil & gas

Page 6: Keep Your Guard: Stay Compliant and Be Secure€¦ · Keep Your Guard: Stay Compliant and Be Secure September 14th, 2016 Presenters Director, Product Management IT Security and Risk

ComplianceChallenge:Baselines•  WhatdoesNERCCIPrequire:

–  CIP-010R1:DevelopconfiguraLonbaselines,authorizeanddocumentchangestobaselines(OSincludingfirmware,soQware,ports,securitypatches)

–  CIP-010R2:MonitorandinvesLgatechangestobaselines•  TipsforAchievingandMaintainingCompliance

–  AutomaLon;reducingmanualeffortcandramaLcallyreduceauditburden.

–  DefinebaselineprocessforyourorganizaLon–  HaveaconfiguraLonchangemanagementsystemincludingchangeauthorizaLonprocess

Page 7: Keep Your Guard: Stay Compliant and Be Secure€¦ · Keep Your Guard: Stay Compliant and Be Secure September 14th, 2016 Presenters Director, Product Management IT Security and Risk

ComplianceChallenge:Logging•  WhatdoesNERCCIPrequire:

–  CIP-007R4:Logsecurityevents,generatealerts,retainandreviewlogs–  CIP-006R2.2:Loggingofvisitoraccess–  CIP-009R1.5:DatapreservaLonfordeterminingcauseofCyberSecurityIncident–  CIP-005R1.5:DetecLngmaliciouscommunicaLons

•  TipsforAchievingandMaintainingCompliance–  NormalizaLonrules;chooseaproductthatcannormalizelogsfromsystemsinyour

environment.–  Don’tpayforlogstorage;chooseatoolthatlicensesbyasset,notbyeventsper

secondordatastored.–  ImplementaloggingprocessincludingclearlydefinedrolesandresponsibiliLes

Page 8: Keep Your Guard: Stay Compliant and Be Secure€¦ · Keep Your Guard: Stay Compliant and Be Secure September 14th, 2016 Presenters Director, Product Management IT Security and Risk

ComplianceisNotSecurity

Page 9: Keep Your Guard: Stay Compliant and Be Secure€¦ · Keep Your Guard: Stay Compliant and Be Secure September 14th, 2016 Presenters Director, Product Management IT Security and Risk

Security:SecureConfiguraLons•  WhatgapsdoesCIPcomplianceleaveopen:

–  Frequencyofreview;35daysisnotoQenenough!–  UseofconfiguraLoninformaLon–  Rememberoffenseaswellasdefense

•  TipsforgoingbeyondNERCCIPcompliancetosecurity–  UseaconfiguraLonbaselinetoolthatcanmonitorinrealLme.–  ExpandthebaselineconfiguraLonitemspromulgatedbyCIP–  FuseconfiguraLondatawiththreatintelligence

Page 10: Keep Your Guard: Stay Compliant and Be Secure€¦ · Keep Your Guard: Stay Compliant and Be Secure September 14th, 2016 Presenters Director, Product Management IT Security and Risk

Security:SecurityEventManagement

•  WhatgapsdoesCIPcomplianceleaveopen:–  StatefulcorrelaLonofevents;5failedloginsfollowedbysuccess

–  TrackeventsthatmafertoyourorganizaLoninaddiLontoCIPrequirements

•  TipsforgoingbeyondNERCCIPcompliancetosecurity–  Usealogmanagementtoolthatcantrackstateacrossevents–  UsekeyperformanceindicatorstomeasureeffecLveness–  Eventanalysiscorrelatedwiththreatintelligence

Page 11: Keep Your Guard: Stay Compliant and Be Secure€¦ · Keep Your Guard: Stay Compliant and Be Secure September 14th, 2016 Presenters Director, Product Management IT Security and Risk

Conclusion•  CIPisonlyabaseline;gofurtherforsecurity•  GoodCIPcompliancemaynotprotectyoufromallofthecurrentsecuritythreats

•  Aprocessdrivenapproachshouldmakecompliancelessburdensomeinthelongrun(definedandrepeatableprocesses)

•  Automatewhereyoucanasmanualprocessesarefraughtwithresourceconstraintsanderrors

Page 12: Keep Your Guard: Stay Compliant and Be Secure€¦ · Keep Your Guard: Stay Compliant and Be Secure September 14th, 2016 Presenters Director, Product Management IT Security and Risk

TRIPWIREPROPRIETARY&CONFIDENTIAL.NOTFORDISTRIBUTION.INTERNALUSEONLY.

Questions