Cyber Security Defense Services – Portfolio Development Status

February 2016

1

Agenda

•  Merit’s Six Strategic Thrusts

•  Merit’s current security offerings

•  Member feedback

•  Mission and vision statement for this initiative

•  New cyber security service categories

•  New services under consideration as the portfolio develops

2

Merit’s Six Strategic Thrusts

1.  Network: The highest-performing and most-adopted statewide network in the U.S., connecting diverse communities

2.  Security: Security and information privacy defender

3.  Community: Merit providing a digital commons for continuous statewide IT community collaboration

4.  Diversification: Select portfolio of financially strong services

5.  Workforce: Staffing shared services

6.  Business: Merit as a pre-approved Michigan service provider to streamline business with customers

Merit’s Current Security Offerings

•  Cyber security training and certifications

•  Michigan Cyber Range – exercises and testing in a preconfigured environment

•  Secure Sandbox – custom testing environment

•  QuadMetrics cyber risk posture assessment

•  Duo Security

•  AT&T Managed Firewall Service

•  Above Security Managed Services

4

Enabling services

Defense services

Current Hidden Value-Add in Merit Services

•  Peak flow reports

•  BGP black hole services

•  24x7 Merit Support Center and easy access to real engineering talent

•  Coming: statewide cyber security information sharing via our new Merit Commons, private social network

5

CEO Findings – Member Organizations

•  Trust in Merit •  Community •  Network •  Merit Support Center •  Responsiveness and

flexibility •  Professional development,

training & events

•  Cyber security needs •  Staffing needs

Encouraging Progress

7

Pell  Center  for  Interna-onal  Rela-ons  and  Public  Policy,  “State  of  the  States  on  Cybersecurity”:  (h7p://pellcenter.org/wp-­‐content/uploads/2015/11/Pell-­‐Center-­‐State-­‐of-­‐the-­‐States-­‐Report.pdf).    “The  State  of  Michigan  has  established  itself  as  a  leader  among  states  in  implemenJng  state  government  cybersecurity  measures  and  in  promoJng  cyber  industry  growth.  The  cornerstone  of  Michigan’s  strategy  to  enhance  cybersecurity  has  been  its  collaboraJve  and  inclusive  nature  and  an  enterprise  approach  to  informaJon  security  that  allows  state  agencies  and  private  and  public  sector  organizaJons  to  work  in  a  highly  coordinated  and  efficient  manner”  –  with  recogni-on  of  Merit’s  work  

The Vision of Merit Cybersecurity

8

The Merit security portfolio is designed to be member-focused and member-driven, providing best-in-class services at lower costs. Through the use of these services, the security posture of our membership will increase, making the state of Michigan the security leader.

The Mission of Merit Cybersecurity

9

Merit's cybersecurity mission is to lead and defend the research, education and public sector communities. Merit will raise the security posture of our community in Michigan and beyond through training, knowledge-sharing, and delivering valuable security services.

New Cyber Security Categories

1.  Proactive

2.  Active

3.  Reactive

10

New Services Under Consideration

11

1.  Proactive •  QuadMetrics report and analysis services •  CISO professional services •  Critical infrastructure assessment and recommendations •  Pen testing •  End user education

2.  Active •  Open source embedded/managed firewall (pfSense) •  SOC

3.  Reactive •  DDoS •  Forensics (with 3rd-party expertise)

Merit-Managed Firewall

•  High demand / good alignment with network services

•  Lower cost option to ‘Premium’ managed firewall option

•  E-Rate eligible

•  Evaluating technology options – pfSense open source is a strong contender

•  Staff training required

12

DDoS Threat

Higher Ed DDoS Incidents

•  University of Alaska – August 2014 •  ~500,000 sessions debilitating their border firewall

•  Arizona State University – April 2015 •  Attacks directory toward login systems

•  Rutgers University – April, March & Dec. 2015 •  Six attacks in one year •  March attack last entire weekend •  December attack lasted four days

Merit Network Targeted

•  RADb DDoS attack •  Several day sustained attack •  Attack coupled with normal traffic congested Internet

flow •  Last day 25Gbps

•  Visualization 1

•  Visualization 2

Cyber Defense - DDoS

No solution is perfect or 100%

DDoS detection and mitigation

Service provider approach

Appliance at border (Chicago and Southfield)

Protect the whole network including members

Provide a mechanism for members to view events via a portal

Use cloud service when events exhaust border appliances

Option of additional appliance at member site

16

Will not mitigate member to member

Uniformed policies

Increase mitigation response

Economies of scale

Develop and implement SOC

Fully managed 24/7

Will need to add staff and staff training

Cyber Defense - DDoS

Solution:

Implementing an Arbor Networks TMS 2800 ( Threat Management System) to be installed in Chicago

40 Gbps of inspected throughput

TMS 2310 to be installed in data center

10Gbps of inspected throughput

Atlas Intelligence Feed with automatic content updates across the TMS deployment

17

Arbor Cloud for Service Providers

Large tier protection of 2Gbps of clean traffic diverted using BGP

System Admin, DDoS User/Admin training

Configure and perform ongoing SP administration functions

Administration and support of mitigation of DDoS attacks

10 seats available

CISO Professional Services (CaaS)

•  High demand / trust in Merit

•  Scalable

•  Affordable

•  Value to wide array of Membership: security architecture, security assessment, pen test interpretation, etc.

•  Use QuadMetrics reports as conversation starters

•  Aligned with overall portfolio offerings: §  Proactive §  Active §  Reactive

18