CIPSEC architecture CIPSEC workshop Frankfurt 16102018 Rubn Trapero
CIPSEC architecture CIPSEC workshop Frankfurt 16/10/2018 Rubén Trapero Burgos, ATOS Co-funded by the Horizon 2020 Framework Programme of the European Union 1
CIPSEC Framework Design Principles Critical Infrastructures Commonalities Security Threats CIPSEC pilot requirements Data Lifecycle in Critical Infrastructures CIPSEC architecture 2
Host and Network Sensors SOC Expertise Agents, sensors, Data Acquisition sniffing, etc Security Decision-Making Security Compliance Dashboards Visualization Human End-Usersof data (CI System admins) Recommendations Post-Mortem System Incident Analysis administration Security Operation Center Personnel n t Da o a. C Status Heartbeats Reports Da n o i pt sum Activity and Security Data (LOG) ta User Credentials Events/Alarms Tokens Software updates Security Data Insights Dis sem ina tio n Security Apps PKI Infrastructure Aggregate data Filter. Repository Data Sotware Reasoning Document Detect anomalies Management Repository Security and Activity monitoring engine
Host and Network Sensors SOC Expertise Agents, sensors, Acquisition Data Acquisition sniffing, etc CIPSEC Core Framework Security Decision-Making Security Compliance Dashboards at D Human End-Users Aggregate data (CI Presentation System admins) Filter Data Post-Mortem Reasoning User/System Incident Analysis manager n o a. C Status Heartbeats Reports Da n o i pt sum Activity and Security Data (LOG) ta User Credentials Events/Alarms Tokens Software updates Security Data Insights Network Security Dis sem ina Security Apps tio n PKI Infrastructure Visualization. Layer of data Detection Sotware Repository Recommendations System Document Management Repository Dataadministration Processing Critical Infrastructure Components Security Operation Security and Activity (sensors, computers, network, servers, routers, …) Center Personnel monitoring engine
High Level CIPSEC Framework Critical Infrastructure Platform CIPSEC Core Framework Compliance Management User/System manager Layer contingency (reconfigurations, etc) aggregated info (reports, etc) Presentation Layer CIPSEC security features inferred threats, risks Data Processing Layer events/alerts correlator admin Critical Infrastructure events/alerts. Platform Detection Layer logs Acquisition Layer security data Updating/Patching Compliance report security data Network Security CI security requirements Critical Infrastructure Components (sensors, computers, network, servers, routers, …) User training 6
CIPSEC Framework Reference Architecture
Partners’ role in CIPSEC Reference Architecture Critical Infrastructure Platform CIPSEC Core Framework User/System manager Layer System manager Recommendations Forensics Analysis Visualization tool Presentation Layer Data Processing Layer Dashboard Anonymized Sensitive Data Historic anomalies DB Forensics service Updating/Patching Compliance Management Contingency plan Data anonymization and Privacy Detection Layer Anomaly detection reasoner Acquisition Layer Identity Access Management Vulnerability Assessment Endpoint Detection and Response External Security Services Integrity Management Future security services plugged Crypto services Network Security (DPI firewalls, routers with ACL, network segmentation, DMZ, NAC, etc. ) Critical Infrastructure Components (sensors, computers, network, servers, routers, …) User Training 8
CIPSEC Blocks Covered with Products Reference Architecture Block Products Involved Dashboard Forensics Analysis Visualization tool Data anonymization and Privacy Anomaly detection reasoner Identity Access Management Integrity Management Crypto services Endpoint Detection and Response CIPSEC Pilots 9
CIPSEC Blocks Covered with Services CIPSEC Core Services Service Leader Contingency Plan Compliance Management Forensics Service Vulnerability Assessment Updating / Patching User Training CIPSEC Pilots 10
Innovation targeted by CIPSEC Framework § CIPSEC proposal is not centred on providing an isolated solution for cybercrime but a more broad solution. § CIPSEC which is not addressing individual aspects of large crisis but provides a global solution including additional services related with CIP. § CIPSEC provides a more generic solution, focusing not only on securing network edge services of cloud infrastructures in CI scenarios, but also on the global picture, taking into account existing interdependencies. § CIPSEC offers a close-to-market security platform with real validation trials on real CI operational scenarios. 11
Thanks for your attention! Questions? Contact: Antonio Álvarez ATOS antonio. alvarez@atos. net Rodrigo Díaz ATOS rodrigo. diaz@atos. net Rubén Trapero ATOS ruben. trapero@atos. net www. cipsec. eu @CIPSECproject https: //www. linkedin. com/in/cipsec-project/ https: //www. youtube. com/channel/UCekxic. SFAw. Zd. IPAV 3 i. LHtt g CIPSEC Technical Review Meeting Barcelona 22/11/2017 12
- Slides: 11
