Transcription
RSA Archer CDMBriefingDan CarayiannisRSA Archer Public Sector Director
30,000 50 million1 billionidentitiesconsumerscustomers20 of the97%TOP 2018 of the TOP 20 TelecomManufacturing16 of the TOP 20 EnergyConsumer product19 of the94%TOP 2010 of the TOP 10 TechnologyFinancial institutions13 of the 15 Executive DepartmentsHealthcare institutionsof U.S. Government / DHS CDM ProgramAll branches of US MilitaryTransportation
RSA PORTFOLIORSA CYBER ANALYTICS PLATFORM
RSA Archer customers1,500 GRC deployments 1B revenue9 of the Fortune 102,700 employees38 of the Fortune 501,000 technology partners69 of the Fortune 10030 years of cybersecurity expertise10 out of 10 biggest U.S. banks*15 years of risk expertiseCustomers in every ARCHER ATA GLANCEGlobal operations-Technology-Retail-GovernmentRSA Archer analystrecognitionA Leader in: Gartner Magic Quadrant forOperational Risk ManagementSolutions (13 December 2016) Gartner Magic Quadrant for IT RiskManagement Solutions (29 June2017) Gartner Magic Quadrant for BusinessContinuity Management PlanningSoftware, Worldwide (12 July 2017) Gartner Magic Quadrant for IT VendorRisk Management (29 June 2017)Gartner does not endorse any vendor, product or service depicted in its research publications and does not advise technology user to select only those vendors with the highest ratings or other designation.Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, withrespect to this research, including any warranties of merchantability or fitness for a particular purpose.* bankrate.com
RSA ARCHER PUBLIC SECTOR ENABLEMENT 100 Federal Agencies 17States 10Countries 12Cities, Counties and Municipalities UseCases Built to Support Government Requirements
RSA ARCHER GOVERNMENT USE CASES Certification & Accreditation / Assessment and Authorization Security Operations Center Efficiencies and Orchestration Continuous Monitoring Enterprise Security Incident Tracking and Management (Cyber and Physical) Cyber Security Visibility and Risk Management Department/Agency Operational Risk Management programs 3rd Party Supply Chain Management Business Resiliency Audit Management (internal and external) IT Portfolio Management Findings Management Top Down and Bottom Up Assessments and Datacalls Process Automation and Government Legacy Application Retirement
RSA ARCHER GRC MATURITY MODELGovernance, Risk and Compliance (GRC) Maturity ModelStep 4:OrchestratingWhere most organizationssee themselves todayStep 3:CollaboratingStep 1:ReactingAcceptancePanic Identify risksAssess exposurePrioritizing actionsReuse technology components formultiple purposesSustainableGRCConsistent Get it done! Operate in isolation Marshall resources as necessary fromwherever Efficiency Automation See connections between multipleprograms Plan future approachCoordination Set enterprise objectives Coordinate analysis and action Complete visibility to risk, exposure,performance Value propositionTransparentStep 2:AnticipatingManage in unisonEfficientMaturity varies by industry / geographyTacticalSource: AMR form”
RSA ARCHER’S RISK MANAGEMENT SUITE
RSA ARCHER AND CMS CMS has been an Archer customer since 2013 Archer being use to support CSCOUT Multiple Archer use cases being leveraged by CMS Assessment and Authorization Continuous Monitoring POAM Management Security Operations Others (Risk and Audit Mgmt)
DHS CDM PROGRAM OVERVIEWWhat Exactly Is CDM? CDM Continuous Diagnostic and Mitigation US Government Risk Management Program Based on NIST RMFWhat’s Its Purpose? Deploy cyber risk monitoring and reporting structure across all USdepartments and agencies Speed remediation and improve the overall government cyber riskposture
DHS CDM CORE CONCEPTSDashboardRisk ScoringThreat AwarenessPolicy Alerting11
DHS CDM GOALS AND OBJECTIVES Establish consistent, government-wide set ofinformation security continuous monitoring tools tohelp protect .gov networks Enhance users’ ability to identify and respond toemerging cyber threats Increased visibility by reducing agenciesunderstanding of cyber risks from weeks andmonths to days and hours Provide dashboards, reports and risk metrics thatimprove situational awareness and help decisionmakers and operators identify and address “worstfirst” problems
CDM Phases – Strategic View
CDM 15 TFAsTechnicalFunctionalAreas (TFA’s)They define thescope of theCDM Program14
CDM Participants By GroupTask Order 2D/AGroup ADHS*Group BEOP, DOE*, DOI*, DOT, USDA*, VA*,OPMGroup CDOC*, DOJ*, DOL*, State*, USAIDGroup DGSA, HHS*, NASA*, SSA, Treasury*,USPSGroup EEducation*, EPA, HUD*, NRC, NSF*,SBAGroup F40 Non-CFO Act agencies* Agencies that were in DO#115
DHS CDM GENERAL ARCHITECTUREArchitectural boundaries Zone A: Tools and Sensors Zone B: CMaaS Integration Zone C: Agency Dashboard Zone D: Federal DashboardDashboard operates as aStandardization Driver Dashboard Provider focused onFederal Level CMaaS Provider focus for AgencyLevel
RSA ARCHER CDM USE CASES Continuous Monitoring Plan of Action & Milestones (POA&MS) Assessment & Authorization (A&A)
RSA ARCHER PLATFORM“Application Builder” tomodify pre-built applications andbuild your own without codingEmbedded reporting enginewith ability to create global andpersonal dashboardsShared data model that crossesprocesses and builds business contextfor all risk and compliance processesSearch engine across alldata enabling analyticsand data visibilityAdvanced workflowcapabilities with visual workflowbuilder and notificationsMultiple options for dataintegration including import,Data Feed Manager and APICommon user experienceincluding branding across yourrisk and compliance processesRobust access control at theApplication, Record and Fieldlevel and System Auditing
RSA ARCHER TECHNOLOGY AGNOSTIC4 0 0 C O M PA N I E S , 1 0 0 0 S O L U T I O N S a n d I N T E G R AT I O N S
UNDERSTAND ASSETS WITH CONTEXT
VISUALIZE AGENCY CONFIGURATIONS RESULTS
REACT UPON AGENCY VULNERABILITIES
RISK DECISION WITH SUPPORT METRICS
RSA Archer Supports DHS CDM RequirementsDefine & enforceownership ofresiliency throughAccountabilityCross organizationallines & missionboundaries forCollaborationConsolidate dataand enable riskAnalytics &VisibilityAutomateprocesses forEfficiencies
RSA innovation & Thought leadership
INSPIREEVERYONETO OWNRISK!QUESTIONS?THANK YOU!
RSA Archer analyst recognition A Leader in: Gartner Magic Quadrant for Operational Risk Management Solutions (13 December 2016) Gartner Magic Quadrant for IT Risk Management Solutions (29 June 2017) Gartner Magic Quadrant for Business Continuity Management Planning Software, Worldwide (12 July 2017) Gartner Magic Quadrant for IT .
