ISE® Northeast Project Award Nominees 2016

Global End-user Micro-Virtualization
Executive Sponsor: Roland Cloutier, Staff Vice President, Chief Security Officer, ADP
Project Team: V.Jay LaRosa, Vice President, Global Security Architecture, Dustin VanWinkle, Director, Global Security Architecture, Toby Cruz, Senior Project Manager, Robert Novak, Design Engineer III, Emmanuel Maroulis, Senior Service Manager, Dennis Baluh, Tech & Apps Mgmt Spec. III, Phil Debruno, Tech & Apps Mgmt Spec. III, Debbie Schwagler-Kuhn, Tech. & Apps Mgmt Spec. Lead, Brian M Davis, Tech. & Apps Mgmt Spec. Lead, Aman Afroz, Bromium Solutions Architect
Location: Roseland, NJ

ADP endpoints are now being protected by a micro-virtualization technology that is designed to prevent attackers from compromising endpoints and stealing client data or funds through the industries’ number one vector of compromise―phishing and drive-by attacks. The technology involves the instantiation of a virtualized micro computer technology that creates a “separate image” each time for untrusted operations (like surfing a web page or getting an email). All functions and validations happen in this “zone”, and are never allowed to communicate directly to the kernel. Once the session is done, the virtual session is “flushed,” as well as all malicious code.

Global Enterprise Behavioral Profiling
Executive Sponsor: Roland Cloutier, Staff Vice President, Chief Security Officer, ADP
Project Team: V.Jay LaRosa, Vice President, Global Security Architecture, Dustin VanWinkle, Director Security Architecture, Daniel Reznick, Lead Consultant Architect, Daniel Sherry, Senior Security Analyst, James Carter, Senior Security Engineer, Craig Butler, Lead Security Analyst, Christophe Gerard, Lead CIRC Analyst, Brian Wippich, Senior Director, Security Engineering and Operations, Chris Olsen, Vice President, Global Technical Security Services
Location: Roseland, NJ

Current tools provide alerts for known bad “events”, but do not consider historical behavior. It is difficult to detect targeted threat actors without taking into account historical behavior through automated mechanisms. In order to solve for this, ADP developed an advanced approach to gain deeper insight into the long-term behavior of associate’s user accounts, systems used, and “act as” functionality of users by implementing a global user behavioral analysis technology.

Enterprise Immune System
Executive Sponsor: Neil Singer, CIO, Billtrust
Project Team: Laura Whitt-Winyard (Win Yard), Director – Information Security; Craig Woodley, Security Engineer
Location: Hamilton, NJ

The Enterprise Immune System project is an intelligence-led behavioral cyber defense solution that uses new machine learning techniques based on biological principles of the human immune systems and Bayesian mathematical probability theory. It is designed to operate on any network data without any pre-configuration or specific data types resulting in a unique behavioral model that defines the pattern of life for each device, user and the network as a whole. Billtrust is now able to detect, classify and investigate, in real-time, the subtlest of cyber-threats without any rules or signatures.

Clarient Entity Hub 1.0
Executive Sponsor: Stephen Scharf, Corporate Security Officer, DTCC
Project Team: Natalia Kory, Chief Technology Officer, Ajoy Kumar, BISO, David Frankauski, Executive Director, Donald Barlow-Kearsley, Director, Andrew Moore, , Technology Risk Analyst, Gu Quianjun, Executive Director, Jaime Rodriguez, Technology Risk Analyst, Andrew DeMann, Project Manager
Location: Jersey City, New Jersey

Clarient Entity Hub is a secure, centralized entity data and document utility that addresses global financial market participants’ needs for greater control, transparency, and cost reduction in response to evolving risk management and regulatory requirements. Clarient Entity Hub collects, maintains and allows for the sharing of legal entity information with counterparties, through one centralized interface. This integrated, global entity data management platform permits granular access controls, fosters standardization and ensures accuracy and data privacy for client data and documents required throughout the client life cycle. The Clarient Entity Hub also streamlines interactions between market participants and their clients, and allows critical data to become digitized and dynamic.

Columbia University
Perimeterless Network Security
Executive Sponsor: Medha Bhalodkar, Chief Information Security Officer & AVP, Columbia University
Project Team: Chuck Eigen, Security Program Director, Alan Eiland, AVP, Portfolio Management Office, Joel Rosenblatt, Sr. Director Network Security, Anthony Johnson, Director, Infrastructure Engineering, Joseph Rini, Sr. Director, Infrastructure & Network Support Services, Frank O'Donnell, Mgr, Systems Administration, Aziz Usmani, Sr. Systems Engineer, Martin Wren, Sr. Security Systems Developer, James Bossio, AVP, Infrastructure Services, Alan Crosswell, AVP, Chief Technical Officer
Location: New York City, NY

Our “Perimeter less Network Security project” provides the University Network Infrastructure with Enterprise Zone architecture with Micro-Domain segmentation. This project achieved our prime goal of providing information security where needed, at the same time support the basic mission of the University of sharing of information in an open network to promote exchange of ideas and research. Columbia University is a blend of Corporate and ISP elements that as such, requires a security structure that covers these requirements. We also have strict security requirements for protecting our intellectual property and also applications such as payroll, human resources, financial and student records. Our goal in implementing this project was to improve our security posture by leveraging implementation of CUIT’s Converged Infrastructure project, while it was being designed, developed, and deployed, and support university mission to allow free exchange of information.

Comcast Assets at Risk Program
Executive Sponsor: Myrna Soto, SVP, GCISO, Comcast
Project Team: Myrna Soto, SVP, GCISO, Ramesh Sepehrrad, VP, Charles R. Hudson, Executive Director, Kallol Ray, Director, Joseph Gallagher, Director
Location: Philadelphia, PA

Comcast’s Assets at Risk Program, powered by Bay Dynamics’ Risk Fabric Cyber Risk Analytics platform, is an innovative risk based asset-centric program that protects high-value assets (data, systems, and applications) from threats and vulnerabilities. The program enables Comcast to measure, communicate and reduce cyber risk. It engages Line-of-Business application owners in an innovative way to provide asset value and business context which is used for prioritized investigation and remediation. By involving the right users, understanding the assets at risk, and focusing on the metrics that matter, the program decentralizes risk from the security organization and effectively communicates cyber risk to key stakeholders.

University of Mass
Massachusetts Advanced Secure Technologies (MAST) Cybersecurity Services
Executive Sponsor: Lawrence Wilson, Chief Information Security Officer, University of Massachusetts President’s Office
Project Team: Keith Moran – Chief Technology Officer UMass President’s Office, Larry Wilson – Chief Information Security Officer UMass President’s Office, Gene Kingsley – Security Operations Lead UMass President’s Office, Dan Galvin – Senior Security Analyst UMass President’s Office, Dave Snigier – Security Architect UMass President’s Office, Fran Brian – Senior Business Engagement Analyst UMass President’s Office, Xinwen Fu – Associate Professor UMass Lowell, Larry Wilson – Adjunct Professor UMass Lowell, Nicholas Galang – UMass Student Intern UMass President’s Office, Joseph Newton – UMass Student Intern UMass President’s Office, Artem Holyshevskyi – UMass Student Intern UMass President’s Office
Location: Shrewsbury, Massachusetts

MAST Cybersecurity Services is a new initiative for the University of Massachusetts (UMass). The initiative started in May 2015, when the UMass CISO was approached by The Boston Consortium with a request to provide Cybersecurity Services to under-resourced academic institutions in New England. Key representatives of the UMass President’s Office met with the management team from The Boston Consortium to discuss how UMass could assist consortium members with the design, implementation and operations of their cybersecurity programs. After a detailed discussion and review of the key UMass capabilities, a pilot program was initiated. The pilot program has since expanded to a fully managed offering under MAST Cybersecurity Services.