Federal Deposit Insurance Corporation (FDIC) Security Operations Center (SOC) and Computer Security Incident Response Team (CSIRT) Services:

James Icenogle    August 23, 2021

Project Summary:

Gray Tier’s work on this contract enhances FDIC’s ability to identify, mitigate, and manage security risks to its information supply chain, which involves heavy external hardware and software interdependencies. We support the FDIC Information Security and Privacy Staff (ISPS), Security Operations Center (SOC), and Computer Security Incident Response Team (CSIRT) with advanced security capabilities including incident response, cybersecurity engineering, risk management, compliance audits, and CDM. The FDIC enterprise is a vast complex network that spans all fifty (50) state and foreign areas. To advance this intricate environment’s security posture, Gray Tier delivers intrusion monitoring, triage analysis, event escalation and communication, threat intelligence data reporting, ‘first responder’ responsibilities associated with security incidents, and containing, eradicating, recovering, and analyzing incident events. Gray Tier also supports the FDIC Splunk program, the goal of which is to ensure all applications can migrate from end-of-life Splunk versions (e.g., upgrade Splunk Enterprise 7 to Splunk Enterprise 8), upgrade existing Splunk ES to 6.6, enhance dashboard for workflow management, and integrate Splunk Phantom into the Splunk stack. Updating and enhancing Splunk allows the FDIC CSIRT/SOC to operationalize security and automate repetitive security tasks.

Incident Response and Intrusion Detection:

Gray Tier’s FDIC Splunk Engineering Team integrates event feeds with the Enterprise Logging and Monitoring Program and the Security Information and Event Management System (ELM/SIEM), develops ELM/SIEM content that allows FDIC to automate threat and incident detection, helps system owners comply with FDIC logging and monitoring requirements, and maintains the ELM/SIEM software and hardware deployments. Our Splunk implementation and deployment increased data security visibility across multiple devices and instances, creating common fields across all different sources to make logs searchable. This allowed FDIC to start automating incident response playbooks with Phantom. We reduce FDIC's information supply chain risks by conducting thorough security assessments of all FDIC deployed systems, providing feedback on risk areas, and working with system owners to deliver effective remediation of any findings discovered. Gray Tier establishes requisite technical and operational capabilities to provide security event correlation and management services and incident response services. Gray Tier integrated all existing FDIC cybersecurity tool results into the Splunk stack (e.g., Carbon Black as the endpoint solution, Tenable.sc as the scanning solution, etc.). This allowed the FDIC CSIRT/SOC incident response team to use a common centralized dashboard to view all data and activity. The result lowered the overall mean time to detection, investigation, and mitigation by over 65%.

Share to: