SECURITY INFRASTRUCTURE ENGINEERING SERVICES OVERVIEW
NSSPlus’ rich array of directly relevant, proven resources not only informs our proactive approach to delivering security infrastructure engineering capabilities, but enables comprehensive, seamless coverage and delivery of an integrated set of services:
- Designing, installing and configuring security infrastructure assets
- Maintaining and monitoring the performance of the security infrastructure
- Responding to and mitigating the impact of attacks on the security infrastructure
Cyber Infrastructure Management Team
Our Cyber Infrastructure Management Team designs, implements, operates, and maintains security infrastructure devices, playing a central role in provisioning and sustainment functions. The team ensures that devices perform as required across the Defense-in-Depth specturm:
(1) Perimeter and interior defense security systems—Firewalls, intrusion detection systems [IDSs]/intrusion prevention systems [IPSs], and proxy servers
(2) Operating system and application server security systems— Protection of operating systems, application servers, web servers, and mail servers
(3) Host protection—Protection of data stored on workstations and protection from internal attacks)
(4) Data/information protection—Using standards compliant encryption technologies to meet data at rest requirements and data-in-transit requirements
Cyber Infrastructure Management Team members are skilled in the following areas of responsibility:
- Implement/design/configure antivirus, IDS/IPS, firewall, SIEM, file integrity monitoring, and security appliance technologies
- Perform Linux and Windows administration functions
- Write complex scripts (Perl, Ruby, and Python)
- Develop security policies for cloud based infrastructure (Azure, Amazon Web Services, etc.)
- Leverage knowledge of information security governance frameworks (Risk Management Framework, ISO 27001, etc.)
- Design and build enterprise monitoring capabilities
- Integrate multivendor devices and disparate tools into enterprise solutions
- Use application programming interface calls to enable integration
Perform Asset Management Functions for Equipment
Our Network Security Monitoring Teams maintains physical inventory of equipment and software, generates monthly asset management reports, and supports equipment refreshes at end of life in conjunction with the Cyber Infrastructure Management Team. The team registers the devices to be managed with the monitoring tool suite. This action ensures that logging information like network time and administrative access attempts are accessible via command line and graphical user interfaces (GUIs). Monthly reports to include inventory and trending information. Customized reports are also available as necessary.
Design, Document, Deploy, Administer, and Maintain Security Infrastructure Technologies
Our Cyber Infrastructure Management Team performs the following activities:
High and low level design—Based on business requirements, the team produces topology diagrams for each security infrastructure solution. These diagrams show interfaces and connections to existing components. From the high level design, the team develops the low level design, including:
–Updating the network IP addressing plan
–Ports, protocols, and services identification and analysis
–Integration points with existing network devices
–Detailed network diagrams (logical, physical, and data flow)
Develop deployment configuration—Based on the low level design, the team produces the configuration syntax, test procedures, and rollback plan.
Deploy security infrastructure technology—From the low level design and deployment configuration parameters, and applying the change control process, the team produces a turn up report detailing deployment steps and exceptions to the low level design and planned configuration syntax.
Administer security infrastructure technology—As requirements for connectivity evolve, teams apply change control process for solutions in production. Teams process change requests for new traffic patterns, topology changes, and solutions.
Maintain security infrastructure technology—Teams maintain security infrastructure hardware and software components, apply change control, and documents maintenance activities, including software and firmware updates, in service completion reports. Teams proactively seek replacements for components approaching their end of service life.
Perform Availability and Capacity Management
The NSM Team manages the following processes:
- Monitoring availability of metrics and trending data to produce availability reports and generate tickets for Cyber Infrastructure Management Team responses to sensor outages.
- Threshold monitoring of repository and data store thresholds to proactively generate tickets to expand interface, storage, memory, ruleset, and policy set capacity.
- Identifying and collecting SIEM focused capacity planning metrics such as the amount of incoming data, amount of indexed data, number of concurrent users, number of saved searches, types of search used, and third party integrations.
- Defining capacity thresholds for expansion planning based on capacity thresholds, daily index data volume, data retention requirements, number of concurrent users searching data, number of high performance searches, and data manipulation.