Empowering NNSA Cyber Professionals Through Enterprise Tools and Data Analytics
NNSA's Office of the Chief Information Officer is enhancing their cybersecurity capabilities by leveraging Enterprise Cybersecurity Data Integration architecture and strategic partnerships. This initiative focuses on expanding data sources, enabling correlation, and using resilient engineering for effective cyber defense. The presentation highlights experiences, challenges, and insights gained, emphasizing the importance of enterprise visibility, data integration, and strong partnerships in enhancing cybersecurity capabilities.
Download Presentation
Please find below an Image/Link to download the presentation.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.
E N D
Presentation Transcript
Enabling NNSA Cyber Professionals with Use- Case Driven Analytics through Enterprise Tools If you experience any accessibility issues with this presentation, please contact the NNSA Section 508 Program. 06/29/2023
Introductions Russ Marsh NA-IM, Cyber Operations Director Ryan Holt SNL, Manager Cyber Security Technologies Mike Morton ShorePoint, Technical Program Manager Ryan McCullough ShorePoint, Strategy and Business Development Beau Nuanes ThunderCat, Systems Engineer Monzy Merza Stealth Cyber Security, CEO 2
Purpose The NNSA, Office of the Chief Information Officer (NA-IM), is expanding enterprise visibility into actionable cyber-data through an Enterprise Cybersecurity Data Integration architecture. This initiative involves expanding data sources and enabling correlation across feeds to drive sustained data ownership and analytics across an integrated data mesh. The selection of appropriate enterprise tools is critical for generating usable security intelligence. Resilient engineering of tools and the data mesh enables sustainable, effective cyber defense capabilities. NA-IM aims to ensure deployed tools allow data collection and sharing. ShorePoint is partnering with NNSA OCIO to meet objectives, currently running a pilot at LLNL. This presentation will showcase experiences, challenges, and insights gained, emphasizing the significance of enterprise visibility, data integration, resilient engineering, and strategic partnerships in strengthening cybersecurity capabilities. 3
Agenda 1. Laying a foundation for future Cyber Ops Move away from inconsistent Cyber Ops site to site Culture change and moving towards a full spectrum 2. What we are doing now Enterprise Tools Data collection 3. The possibilities for the future Next-Gen Architecture and Ops 4. What you can do 4
Enterprise Tools Ryan Holt Highlight Sandia National Lab process Describe what labs would gain from effort Beau Nuanes and Monzy Merza Pilot focus; challenges and insights Enterprise Licensing and ProServe requests Email: NA-IMCyberRequests@nnsa.doe.gov 5
Where We Are Going Cloud-based Federated Data Mesh Architecture Utilizing a Common Data Schema Cyber Defenders Gain the Ability to Cyber Defenders Gain the Ability to Push button/automated data call responses Share and correlate data with other sites On-demand use cases for Hunt/Monitoring Pivot to investigate through enterprise event correlation Leveraging RBAC and aligned to policy/rules of engagement Rapid integration of new data sets (OT/IT monitoring correlation) Interface with data with tool of choice by site/user
SDI Pilot Plan Focus: One site, LLNL One Cloud Service Provider, AWS Evaluate relevant technologies Define interfaces for site interoperability, provides a baseline for deployment Develop guidance for sites implementing this model
How Do We Get There? Pilot AOA, Phased Architecture Component Testing Work Stream One: Work Stream Two: Selected Architecture Implementation and Initial Data Source Integration Data Source ID/Gap Analysis and Remediation Strategy Enterprise Solution: Federated Data Mesh Architecture
What you can do Track your Apps and Share Need help, reach out to Ryan Holt Enterprise Capabilities Catalogue Russ Marsh or Rob Zamani Rob.zamani@nnsa.doe.gov Preparation phase with ShorePoint Contact Ryan or Mike on how to prepare 9
Contact Panel Members Russ Marsh Russell.marsh@nnsa.doe.gov Ryan Holt Rsholt@sandia.gov Mike Morton Michael.morton@nnsa.doe.gov Ryan McCullough Ryan.mccullough@shorepointinc.com Beau Nuanes Bnuanes@thundercattech.com Monzy Merza Monzy@crogl.com 10