FloCon 2021

Traditional approaches to risk and compliance management rely primarily on interviews, manual data collection, and static snapshots of evidence. This labor-intensive process results in a disjointed and out-of-date picture of an organization’s risk and compliance posture with little actual security value. Applying Big Data technologies takes a data-driven approach to automate this process based on real-time events collected from the IT assets of the enterprise. This presents a more cohesive and up-to-date picture that can provide real security value. In this presentation, we will discuss and demonstrate our solution built on the Splunk Big Data platform with analytics for monitoring and assessing the NIST 800-53 Rev 4 security controls and an integrated workflow based on the NIST Risk Management Framework (RMF). Our solution integrates with any cyber security tool, application, device, or platform from on-premises or in the cloud to provide a real-time, single source of truth about an organization’s actual security state. We will discuss how this solution augments traditional assessment methodologies with real-time technical data to provide a more accurate, up-to-date understanding of security control effectiveness. We will present the architecture of our solution, describe the typical data sources needed to cover the security domains in NIST 800-53, highlight the key challenges in implementing such a solution, tell how we addressed them, and demonstrate how our solution realizes the objective of Ongoing Assessment and Authorization described in the NIST Risk Management Framework.

Attendees Will Learn:
Attendees will learn how they can use Big Data technologies to streamline and automate their compliance and risk management processes and provide real security value to their organizations. They will learn which data sources are required to implement such a solution. They will see how to take raw log and event messages from these data sources and contextualize them against compliance frameworks and security control standards to automate control assessments. Finally, they will gain an understanding of the required level of maturity in existing security and compliance capabilities that their organizations need to have in order to effectively implement and get value out of such a solution.