Beyond Continuous Monitoring: Threat Modeling for Real-time Response

Threat agents to federal systems run the gamut from state-sponsored attacks, to social rebels, and even to spies for hire, making the security of all connected systems a priority for Federal regulatory bodies. As it turns out, most successful intrusions are the result of vulnerabilities. This is why FISMA upgraded requirements from point-in-time audits and reports to continuous monitoring. In its purest sense, continuous monitoring is inwardly focused on activities such as vulnerability assessment and patch management, providing valuable situational awareness of systems and potential vulnerabilities.

This SANS whitepaper will discuss how agencies can leverage the intelligence collected through continuous monitoring to create a real-time threat model that enables active response with situational awareness.