february 2016 - the quilt€¦ · february 2016 1 . agenda • merit’s six strategic thrusts ......
TRANSCRIPT
Cyber Security Defense Services – Portfolio Development Status
February 2016
1
Agenda
• Merit’s Six Strategic Thrusts
• Merit’s current security offerings
• Member feedback
• Mission and vision statement for this initiative
• New cyber security service categories
• New services under consideration as the portfolio develops
2
Merit’s Six Strategic Thrusts
1. Network: The highest-performing and most-adopted statewide network in the U.S., connecting diverse communities
2. Security: Security and information privacy defender
3. Community: Merit providing a digital commons for continuous statewide IT community collaboration
4. Diversification: Select portfolio of financially strong services
5. Workforce: Staffing shared services
6. Business: Merit as a pre-approved Michigan service provider to streamline business with customers
Merit’s Current Security Offerings
• Cyber security training and certifications
• Michigan Cyber Range – exercises and testing in a preconfigured environment
• Secure Sandbox – custom testing environment
• QuadMetrics cyber risk posture assessment
• Duo Security
• AT&T Managed Firewall Service
• Above Security Managed Services
4
Enabling services
Defense services
Current Hidden Value-Add in Merit Services
• Peak flow reports
• BGP black hole services
• 24x7 Merit Support Center and easy access to real engineering talent
• Coming: statewide cyber security information sharing via our new Merit Commons, private social network
5
CEO Findings – Member Organizations
• Trust in Merit • Community • Network • Merit Support Center • Responsiveness and
flexibility • Professional development,
training & events
• Cyber security needs • Staffing needs
Encouraging Progress
7
Pell Center for Interna-onal Rela-ons and Public Policy, “State of the States on Cybersecurity”: (h7p://pellcenter.org/wp-‐content/uploads/2015/11/Pell-‐Center-‐State-‐of-‐the-‐States-‐Report.pdf). “The State of Michigan has established itself as a leader among states in implemenJng state government cybersecurity measures and in promoJng cyber industry growth. The cornerstone of Michigan’s strategy to enhance cybersecurity has been its collaboraJve and inclusive nature and an enterprise approach to informaJon security that allows state agencies and private and public sector organizaJons to work in a highly coordinated and efficient manner” – with recogni-on of Merit’s work
The Vision of Merit Cybersecurity
8
The Merit security portfolio is designed to be member-focused and member-driven, providing best-in-class services at lower costs. Through the use of these services, the security posture of our membership will increase, making the state of Michigan the security leader.
The Mission of Merit Cybersecurity
9
Merit's cybersecurity mission is to lead and defend the research, education and public sector communities. Merit will raise the security posture of our community in Michigan and beyond through training, knowledge-sharing, and delivering valuable security services.
New Cyber Security Categories
1. Proactive
2. Active
3. Reactive
10
New Services Under Consideration
11
1. Proactive • QuadMetrics report and analysis services • CISO professional services • Critical infrastructure assessment and recommendations • Pen testing • End user education
2. Active • Open source embedded/managed firewall (pfSense) • SOC
3. Reactive • DDoS • Forensics (with 3rd-party expertise)
Merit-Managed Firewall
• High demand / good alignment with network services
• Lower cost option to ‘Premium’ managed firewall option
• E-Rate eligible
• Evaluating technology options – pfSense open source is a strong contender
• Staff training required
12
DDoS Threat
Higher Ed DDoS Incidents
• University of Alaska – August 2014 • ~500,000 sessions debilitating their border firewall
• Arizona State University – April 2015 • Attacks directory toward login systems
• Rutgers University – April, March & Dec. 2015 • Six attacks in one year • March attack last entire weekend • December attack lasted four days
Merit Network Targeted
• RADb DDoS attack • Several day sustained attack • Attack coupled with normal traffic congested Internet
flow • Last day 25Gbps
• Visualization 1
• Visualization 2
Cyber Defense - DDoS
No solution is perfect or 100%
DDoS detection and mitigation
Service provider approach
Appliance at border (Chicago and Southfield)
Protect the whole network including members
Provide a mechanism for members to view events via a portal
Use cloud service when events exhaust border appliances
Option of additional appliance at member site
16
Will not mitigate member to member
Uniformed policies
Increase mitigation response
Economies of scale
Develop and implement SOC
Fully managed 24/7
Will need to add staff and staff training
Cyber Defense - DDoS
Solution:
Implementing an Arbor Networks TMS 2800 ( Threat Management System) to be installed in Chicago
40 Gbps of inspected throughput
TMS 2310 to be installed in data center
10Gbps of inspected throughput
Atlas Intelligence Feed with automatic content updates across the TMS deployment
17
Arbor Cloud for Service Providers
Large tier protection of 2Gbps of clean traffic diverted using BGP
System Admin, DDoS User/Admin training
Configure and perform ongoing SP administration functions
Administration and support of mitigation of DDoS attacks
10 seats available
CISO Professional Services (CaaS)
• High demand / trust in Merit
• Scalable
• Affordable
• Value to wide array of Membership: security architecture, security assessment, pen test interpretation, etc.
• Use QuadMetrics reports as conversation starters
• Aligned with overall portfolio offerings: § Proactive § Active § Reactive
18