Network Mission Assurance

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Network Mission Assurance"

Transcription

1 Network Mission Assurance Michael F. Junod, Patrick A. Muckelbauer, PhD, Todd C. Hughes, PhD, Julius M. Etzl, and James E. Denny Lockheed Martin Advanced Technology Laboratories Camden, NJ Abstract The doctrine of Network Mission Assurance (NMA) evaluates the value of information assurance and the risk of computer threats based upon their impact on the organizational functions supported by the network. The NMA framework is comprised of four technical functions: Asset Identification, Infrastructure Model and Control, Threat Analysis and Prediction, and Response Coordination. Our research in support of the NMA investigates technical solutions for trust-based resource control, reflective and reconfigurable network services, autonomic network defense, and cyber-attack representation. We contend that NMA unifies the purpose and function of separate information assurance programs into a holistic, network-centric solution. 1. Introduction This document describes the Network Mission Assurance (NMA) doctrine of Lockheed Martin Advanced Technology Laboratories (ATL). This doctrine is used as a guide to focus our information assurance efforts in different research areas and ensure these efforts can work together in a dynamic distributed network environment and effectively leverage and incorporate point security solutions into a robust information assurance architecture. It is our belief that one cannot simply back-fit existing security point solutions onto existing architectures and expect to have an improved security infrastructure. In fact, this can result in a less secure architecture that requires a great deal of manual effort in maintenance and monitoring.

2 Point security products (e.g., vulnerability scanners, intrusion detection systems, firewalls) often operate in isolation. In contrast, according to NMA, security solutions should not only be integrated with, but orchestrated among, the components of a network infrastructure. NMA is a high level concept that spans a large area of information security and information assurance. In support of this doctrine, ATL is leveraging its applied research strengths in quality of service (QoS), distributed processing, data fusion, and intelligent agents to apply to the information assurance domains. We believe that research and technologies from many other academic, commercial, and government sources also support the NMA doctrine. 2. Network Mission Assurance Approach The ability to launch successful cyber attack campaigns is far outpacing the ability to defend against them. A fundamental problem in the information assurance arms race is simply its current scope. Since most security systems focus on relatively atomic attack actions (e.g., port scans, buffer overflows), they have difficulty defending against coordinated attack campaigns. An attack campaign has an overall goal and is composed of many atomic actions over time that must be carefully and successfully carried out to achieve the desired goal. The need for rapid assembly of tactical networks exacerbates the difficulty. In a dynamic coalition environment, one does not have the opportunity to perform the vulnerability assessment and red team testing one would on static configurations. Further, one cannot assume that the systems will always provide the same mission critical functionality. With future reconfigurable systems using open system architectures, what parts of the system are critical at any given time in the mission becomes a run-time rather than design-time decision. The goal of the Network Mission 2

3 Assurance (NMA) is to keep the missioncritical systems operational while under a cyber attack. This implies the ability to identify and map critical assets to operational support capabilities. It also requires efficient and judicious use of resources by focusing additional resources on threatened assets. In addition, we believe there is great value in leveraging offensive attack campaign or threat knowledge for better defense. This allows us to explore full life cycle response through simulation before reflecting any changes onto the infrastructure components. NMA is intended to work in concert with of new technologies to future operational environments. 3. ATL NMA Research Areas With these concepts in place the four main research areas of Lockheed Martin Advanced Technology Laboratories Network Mission Assurance (NMA) are: (1) Asset Identification, (2) Infrastructure Model and Control, (3) Threat Analysis and Prediction, and (4) Response Coordination. Figure 1 provides a conceptual overview that illustrates the functional relationship between the technology components of the NMA research areas. existing information assurance efforts, which we believe are both necessary and effective. However, we also contend that there must be a higher level vision that drives requirements, metrics, and capabilities for transition Figure 1. Network Mission Assurance conceptual overview 3

4 3.1 Asset Identification The functions of asset identification are to identify critical mission objectives dynamically and continuously and to map, possibly through multiple levels of abstraction, the criticality of mission objectives to low-level infrastructure assets. For example, in mission terms it might be important to identify at the high level a critical unmanned autonomous vehicle (UAV) video feed. In system terms, this video feed would map at the low level to network flows, ports, and processors on hosts in the operational equipment. While others have recognized the need for critical asset identification, we believe there is a need to make this process continuous and dynamic, and we have outlined an approach for realizing this process. In addition, we have identified how to integrate the results of critical asset identification with other security components of a distributed system. For example, results from critical asset identification can enable more effective, reactive, and proactive responses by protecting assets that are most relevant to mission success, and provide a valuable discriminator for resource allocation. 3.2 Infrastructure Model and Control We believe that infrastructure models for information assurance must satisfy two important conditions. First, they must represent the state of the infrastructure in a manner that allows a system to reason about itself. Second, they must actuate changes in the model in the infrastructure itself. The models we have in mind are, therefore, reflective. Specifically, the reflective infrastructure provides a representation of the infrastructure that maintains infrastructure state and critical asset analysis; threat history, analysis, and projection; and responses and status. Changes to the model, however, need not be reflected immediately into the actual infrastructure but rather be considered as a 4

5 hypothetical state. This supports the ability to reason over proposed changes using simulation before actuating the changes back on to the infrastructure components. 3.3 Threat Analysis and Prediction Current network security measures are designed to make it more difficult for attackers to penetrate the boundary of an infrastructure. However, if an adversary is successful in penetrating this line of defense while eluding detection, very little stands in the way of total compromise of the infrastructure. There is a good reason this model is so pervasive: sealing an infrastructure against a potential adversary, for all its complexity, is far less complicated than recognizing and analyzing the attack of an actual adversary. Threat Analysis and Prediction research seeks to reduce this complexity by looking at three types of necessary tasks. First, systems must correlate events occurring throughout the infrastructure and deduce correctly that they constitute threat actions by an adversary. Second, systems must predict what the adversary is likely to do next. Third, systems must project the impact of the adversary s trajectory on infrastructure assets, in particular the assets critical to mission success. These functions are crucial for planning and implementing an effective response to an attack campaign. Performing these tasks in less time than attackers perform their own tasks is particularly difficult now that so many attacks are heavily scripted and distributed. We believe that automation in these areas is crucial. Threat Analysis and Prediction research is necessary to fill this current gap in infrastructure security. 3.4 Response Coordination Information assurance decisions have probabilistic and interdependent effects upon an organization s operations. The complexity of decisions can overwhelm human operators in large infrastructures. Thus, timely response 5

6 for infrastructure defense necessitates automated response coordination. Response Coordination seeks to enable automated threat response decision making. It integrates with components for threat analysis and network control through infrastructure models. We believe decision-theoretic concepts such as belief, action, and utility map well to infrastructure defense concepts such as threat, control, and mission. These mappings can be leveraged to reason about effective responses, even in conditions of uncertainty. 4. ATL Work in Support of NMA This section provides brief overviews of the specific areas of research that Advanced Technology Laboratories (ATL) is working in to support the Network Mission Assurance (NMA). Our goal is to provide mission assurance by ensuring survivability of high value assets and continued operation of critical infrastructure components. 4.1 Dynamic Trust-based Resources Cooperation and sharing of resources on a network requires some degree of trust between the entities involved. In current systems, this degree of trust manifests itself through static configuration of authentication and access control mechanisms that determine trust levels and map them to access rights. This approach requires a great deal of planning and effort. As the time provided to organize collaborative computer infrastructures decreases and their interactions become more complex, it is increasingly unlikely the proper degree of trust can be determined at system configuration time. Clearly this is the case for self-organizing, autonomous systems where cooperating entities may not even be known at configuration time. Current solutions, in and of themselves, are too rigid, require too much human intervention, and are inadequate for managing resources among rapidly assembling, 6

7 dynamic, active network components. What is needed in such cases is a dynamic, adaptive determination of trust that is integrated with resource allocation mechanisms, so that as trust in an entity degrades, so does its access to resources. Such trust-based resource allocation mechanisms are necessary to limit and ultimately completely restrict the disruptive behavior of an entity and ensure fault tolerance. The goal of Dynamic Trust-based Resources (DyTR), which ATL is currently developing under the DARPA Fault Tolerant Networks program, is to go beyond traditional authentication-based approaches to trust and build systems where the trustworthiness of entities adapts over time based on system events. DyTR provides an adaptive trustassessment methodology that allocates resources dynamically to an initial level of credentials, continually assesses trust, and adaptively allocates resources in accordance with changes in perceived trust. DyTR will tightly couple this continually assessed trust with low-level resource-allocation mechanisms to ensure that requesting processes are trusted and, thus, permitted to use system resources. If a requesting process exhibits suspicious behavior, DyTR will degrade its level of trust for that process, and subsequently reduce that process s access to system resources, so that other critical resources can continue to operate to achieve fault-tolerant behavior. 4.2 ATL s Next Generation Infrastructure ATL s Next Generation Infrastructure (ANGI) project has developed technology for building systems that can be deployed in increasingly more dynamic, distributed, and open environments. This includes an integrated set of services for dynamic system modeling as well as for system QoS. ANGI is a library of tools and executable services for developing and deploying distributed objects. Among these services are model sharing and sensor mechanisms that 7

8 allow systems to discover and monitor their own configuration and environment. We have also developed for ANGI a rich set of QoS controls for classifying and shaping traffic flows, which provide the foundation for managing and securing the shared network infrastructure and, in particular, protecting a system against distributed denial of service attacks. The QoS controls are superior to traditional firewall filters because they provide wider and more fine-grained range of influence. They also provide an end-to-end solution allowing greater latitude over where to place the controls. This allows confinement of potentially malicious flows through limits and priorities and protection of critical flows that are necessary to mission success. 4.3 Decision Network Technology Decision networks also known as influence diagrams use a graph structure to represent dependencies between possible decisions and uncertain beliefs, also associating utility (value or cost) with some of those actions and beliefs. It is a probabilistic reasoning technique that extends the concepts of Bayesian networks and decision trees. ATL is applying this technique to information assurance by evaluating sensor findings and specific threat alerts in a model of potential responses and their impact upon network services and assets. Then the decision network selects the action with maximal expected utility, which factors certainty and priority in a holistic manner for mission assurance. The primary challenge of this research is to identify and incorporate a technology for response selection which functions to provide mission assurance under the inherent uncertainty and incompleteness of data/control in large infrastructures. 4.4 Distributed Autonomic Response Coordinator ATL is developing a prototype Distributed Autonomic Response Coordinator (DARC) 8

9 that uses the ANGI framework as the foundation to deploy and manage the distributed sensor information as well as ANGI s dynamic QoS capabilities for response mechanisms. The DARC prototype uses existing intrusion detection and vulnerability assessment products as sensors. We intend to apply decision network logic to develop autonomic response to more devastating and more rapid cyber attacks. The challenge is to develop an autonomic response mechanism that can understand an attack campaign to determine the best response in a dynamic environment given the uncertainty of intrusion detection and vulnerability assessment sensor information. This will ensure mission assurance in the presence of an attack. The goal of DARC is to provide a distributed, autonomic response capable of detecting, adapting, and collaboratively responding to cyber attacks. It will enable the coordination and monitoring of start-to-end responses against single- and multi-node attacks. 4.5 Cyber Attack Workstation In keeping with our belief that leveraging offensive attack campaign knowledge makes for better defense, ATL has also developed a prototype Cyber Attack Workstation (CAW). The CAW provides a pluggable API and GUI for adding, integrating, and executing cyber reconnaissance and attack scripts. The interface generates a map of the network as reconnaissance information is gathered, which allows the user to target specific hosts with particular vulnerabilities. The interface also allows users to select the level of risk they are willing to accept, and the CAW will adjust the parameters of attacks accordingly. Future versions of the CAW will automatically and dynamically formulate and execute cyber offensive attack campaigns that meet mission objectives and constraints. The CAW will determine the appropriate steps of the campaign based on the intent of the user 9

10 and the risks the user is willing to accept. The Metabase ( long-term goal is to incorporate the attackcampaign understanding and decision-model logic developed for DARC in order to produce more sophisticated offensive attack campaigns. 4.6 Attacker Capability Ontology A key enabler of ATL s future work in information assurance is the formal representation of, and reasoning about, cyber attack data. Two important aspects of this domain we have attempted to capture are: (1) the relationship between software vulnerabilities and the capabilities that attackers gain by exploiting them on actual systems, and (2) the relationships among these capabilities. For this effort we have developed the Attacker Capability Ontology. The Attacker Capability Ontology is implemented in both Resources Description Framework Schema (RDFS) and DARPA Agent Markup Language (DAML). It has also been integrated with the ICAT Vulnerability meaning that capability attributions have been assigned to the vulnerabilities listed in the database. This formal representation will allow advanced reasoning for correlating, predicting, and projecting attacks. 5. Future Work ATL continues its research and development in information assurance in each of the projects described above, using the NMA doctrine as a guide. As NMA technology matures, we seek to deploy information assurance products technology as well as transfer the results of our research into the broader information assurance community. Acknowledgements Defense Advanced Research Projects Agency/Air Force Rome Laboratory, contract Number F C References NMA Home Page: external.lmco.com/projects/ia/ 10

A Biologically Inspired Approach to Network Vulnerability Identification

A Biologically Inspired Approach to Network Vulnerability Identification A Biologically Inspired Approach to Network Vulnerability Identification Evolving CNO Strategies for CND Todd Hughes, Aron Rubin, Andrew Cortese,, Harris Zebrowitz Senior Member, Engineering Staff Advanced

More information

Continuous Network Monitoring

Continuous Network Monitoring Continuous Network Monitoring Eliminate periodic assessment processes that expose security and compliance programs to failure Continuous Network Monitoring Continuous network monitoring and assessment

More information

Attack Intelligence: Why It Matters

Attack Intelligence: Why It Matters Attack Intelligence: Why It Matters WHITE PAPER Core Security +1 617.399-6980 info@coresecurity.com www.coresecurity.com A Proactive Strategy Attacks against your organization are more prevalent than ever,

More information

APPLICATION OF MULTI-AGENT SYSTEMS FOR NETWORK AND INFORMATION PROTECTION

APPLICATION OF MULTI-AGENT SYSTEMS FOR NETWORK AND INFORMATION PROTECTION 18-19 September 2014, BULGARIA 137 Proceedings of the International Conference on Information Technologies (InfoTech-2014) 18-19 September 2014, Bulgaria APPLICATION OF MULTI-AGENT SYSTEMS FOR NETWORK

More information

DoD Strategy for Defending Networks, Systems, and Data

DoD Strategy for Defending Networks, Systems, and Data DoD Strategy for Defending Networks, Systems, and Data November 13, 2013 Department DoDD of Defense Chief Information Officer DoD Strategy for Defending Networks, Systems, and Data Introduction In July

More information

SANS Top 20 Critical Controls for Effective Cyber Defense

SANS Top 20 Critical Controls for Effective Cyber Defense WHITEPAPER SANS Top 20 Critical Controls for Cyber Defense SANS Top 20 Critical Controls for Effective Cyber Defense JANUARY 2014 SANS Top 20 Critical Controls for Effective Cyber Defense Summary In a

More information

FREQUENTLY ASKED QUESTIONS

FREQUENTLY ASKED QUESTIONS FREQUENTLY ASKED QUESTIONS Continuous Monitoring 1. What is continuous monitoring? Continuous monitoring is one of six steps in the Risk Management Framework (RMF) described in NIST Special Publication

More information

Advanced Threat Protection with Dell SecureWorks Security Services

Advanced Threat Protection with Dell SecureWorks Security Services Advanced Threat Protection with Dell SecureWorks Security Services Table of Contents Summary... 2 What are Advanced Threats?... 3 How do advanced threat actors operate?... 3 Addressing the Threat... 5

More information

Risk Calculation and Predictive Analytics: Optimizing Governance, Risk and Compliance.

Risk Calculation and Predictive Analytics: Optimizing Governance, Risk and Compliance. Risk Calculation and Predictive Analytics: Optimizing Governance, Risk and Compliance. Prevari makes organizations safer by providing instrumentation for managing risks to information. Prevari solutions

More information

Machine-to-Machine Exchange of Cyber Threat Information: a Key to Mature Cyber Defense

Machine-to-Machine Exchange of Cyber Threat Information: a Key to Mature Cyber Defense Machine-to-Machine Exchange of Cyber Threat Information: a Key to Mature Cyber Defense By: Daniel Harkness, Chris Strasburg, and Scott Pinkerton The Challenge The Internet is an integral part of daily

More information

Complete Web Application Security. Phase1-Building Web Application Security into Your Development Process

Complete Web Application Security. Phase1-Building Web Application Security into Your Development Process Complete Web Application Security Phase1-Building Web Application Security into Your Development Process Table of Contents Introduction 3 Thinking of security as a process 4 The Development Life Cycle

More information

Obtaining Enterprise Cybersituational

Obtaining Enterprise Cybersituational SESSION ID: SPO-R06A Obtaining Enterprise Cybersituational Awareness Eric J. Eifert Sr. Vice President Managed Security Services DarkMatter Agenda My Background Key components of the Cyber Situational

More information

Corporate Security Research and Assurance Services

Corporate Security Research and Assurance Services Corporate Security Research and Assurance Services We Keep Your Business In Business Obrela Security Industries mission is to provide Enterprise Information Security Intelligence and Risk Management Services

More information

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL WHAT IS CDM? The continuous stream of high profile cybersecurity breaches demonstrates the need to move beyond purely periodic, compliance-based approaches to

More information

Addressing the Full Attack Continuum: Before, During, and After an Attack. It s Time for a New Security Model

Addressing the Full Attack Continuum: Before, During, and After an Attack. It s Time for a New Security Model White Paper Addressing the Full Attack Continuum: Before, During, and After an Attack It s Time for a New Security Model Today s threat landscape is nothing like that of just 10 years ago. Simple attacks

More information

Cisco Advanced Services for Network Security

Cisco Advanced Services for Network Security Data Sheet Cisco Advanced Services for Network Security IP Communications networking the convergence of data, voice, and video onto a single network offers opportunities for reducing communication costs

More information

Intrusion Detection and Cyber Security Monitoring of SCADA and DCS Networks

Intrusion Detection and Cyber Security Monitoring of SCADA and DCS Networks Intrusion Detection and Cyber Security Monitoring of SCADA and DCS Networks Dale Peterson Director, Network Security Practice Digital Bond, Inc. 1580 Sawgrass Corporate Parkway, Suite 130 Sunrise, FL 33323

More information

Enterprise Security Tactical Plan

Enterprise Security Tactical Plan Enterprise Security Tactical Plan Fiscal Years 2011 2012 (July 1, 2010 to June 30, 2012) Prepared By: State Chief Information Security Officer The Information Security Council State of Minnesota Enterprise

More information

Managing IT Security with Penetration Testing

Managing IT Security with Penetration Testing Managing IT Security with Penetration Testing Introduction Adequately protecting an organization s information assets is a business imperative one that requires a comprehensive, structured approach to

More information

Red Teaming of Advanced Information Assurance Concepts

Red Teaming of Advanced Information Assurance Concepts Red Teaming of Advanced Information Assurance Concepts Bradley J. Wood Red Team Program Manager Distinguished Member of Technical Staff Sandia National Laboratories bjwood@sandia.gov Ruth A. Duggan Red

More information

Cloud Computing Technologies Achieving Greater Trustworthiness and Resilience

Cloud Computing Technologies Achieving Greater Trustworthiness and Resilience Cloud Computing Technologies Achieving Greater Trustworthiness and Resilience Cloud Standards Customer Council Public Sector Cloud Summit March 24, 2014 Dr. Ron Ross Computer Security Division Information

More information

Technical Testing. Network Testing DATA SHEET

Technical Testing. Network Testing DATA SHEET DATA SHEET Technical Testing Network Testing The Dell SecureWorks Technical Testing services deliver the independent expertise, experience and perspective you need to enhance your security posture, reduce

More information

U.S. Army Research, Development and Engineering Command. Cyber Security CRA Overview

U.S. Army Research, Development and Engineering Command. Cyber Security CRA Overview U.S. Army Research, Development and Engineering Command Cyber Security CRA Overview Dr. Ananthram Swami, ST Network Science 18FEB 2014 Cyber Security Collaborative Research Alliance A Collaborative Venture

More information

THE ROLE OF IDS & ADS IN NETWORK SECURITY

THE ROLE OF IDS & ADS IN NETWORK SECURITY THE ROLE OF IDS & ADS IN NETWORK SECURITY The Role of IDS & ADS in Network Security When it comes to security, most networks today are like an egg: hard on the outside, gooey in the middle. Once a hacker

More information

New Era in Cyber Security. Technology Development

New Era in Cyber Security. Technology Development New Era in Cyber New Era in Cyber Security Security Technology Technology Development Development Combining the Power of the Oil and Gas Industry, DHS, and the Vendor Community to Combat Cyber Security

More information

CyberSecurity Solutions. Delivering

CyberSecurity Solutions. Delivering CyberSecurity Solutions Delivering Confidence Staying One Step Ahead Cyber attacks pose a real and growing threat to nations, corporations and individuals globally. As a trusted leader in cyber solutions

More information

Applying Internal Traffic Models to Improve Identification of High Fidelity Cyber Security Events

Applying Internal Traffic Models to Improve Identification of High Fidelity Cyber Security Events Applying Internal Traffic Models to Improve Identification of High Fidelity Cyber Security Events Abstract Effective Security Operations throughout both DoD and industry are requiring and consuming unprecedented

More information

Protecting the Extended Enterprise Network Security Strategies and Solutions from ProCurve Networking

Protecting the Extended Enterprise Network Security Strategies and Solutions from ProCurve Networking ProCurve Networking by HP Protecting the Extended Enterprise Network Security Strategies and Solutions from ProCurve Networking Introduction... 2 Today s Network Security Landscape... 2 Accessibility...

More information

The Advanced Attack Challenge. Creating a Government Private Threat Intelligence Cloud

The Advanced Attack Challenge. Creating a Government Private Threat Intelligence Cloud The Advanced Attack Challenge Creating a Government Private Threat Intelligence Cloud The Advanced Attack Challenge One of the most prominent and advanced threats to government networks is advanced delivery

More information

Alcatel-Lucent Services

Alcatel-Lucent Services SOLUTION DESCRIPTION Alcatel-Lucent Services Security Introduction Security is a sophisticated business and technical challenge, and it plays an important role in the success of any network, service or

More information

UNCLASSIFIED. UNCLASSIFIED Office of Secretary Of Defense Page 1 of 8 R-1 Line #50

UNCLASSIFIED. UNCLASSIFIED Office of Secretary Of Defense Page 1 of 8 R-1 Line #50 Exhibit R-2, RDT&E Budget Item Justification: PB 2015 Office of Secretary Of Defense Date: March 2014 0400:,, Test & Evaluation, Defense-Wide / BA 3: Advanced Technology (ATD) COST ($ in Millions) Prior

More information

2011 Cyber Security and the Advanced Persistent Threat A Holistic View

2011 Cyber Security and the Advanced Persistent Threat A Holistic View 2011 Cyber and the Advanced Persistent Threat A Holistic View Thomas Varney Cybersecurity & Privacy BM Global Business Services 1 31/10/11 Agenda The Threat We Face A View to Addressing the Four Big Problem

More information

MEMORANDUM. Date: October 28, 2013. Federally Regulated Financial Institutions. Subject: Cyber Security Self-Assessment Guidance

MEMORANDUM. Date: October 28, 2013. Federally Regulated Financial Institutions. Subject: Cyber Security Self-Assessment Guidance MEMORANDUM Date: October 28, 2013 To: Federally Regulated Financial Institutions Subject: Guidance The increasing frequency and sophistication of recent cyber-attacks has resulted in an elevated risk profile

More information

TUSKEGEE CYBER SECURITY PATH FORWARD

TUSKEGEE CYBER SECURITY PATH FORWARD TUSKEGEE CYBER SECURITY PATH FORWARD Preface Tuskegee University is very aware of the ever-escalating cybersecurity threat, which consumes continually more of our societies resources to counter these threats,

More information

CYBER SECURITY, A GROWING CIO PRIORITY

CYBER SECURITY, A GROWING CIO PRIORITY www.wipro.com CYBER SECURITY, A GROWING CIO PRIORITY Bivin John Verghese, Practitioner - Managed Security Services, Wipro Ltd. Contents 03 ------------------------------------- Abstract 03 -------------------------------------

More information

Protecting Your Organisation from Targeted Cyber Intrusion

Protecting Your Organisation from Targeted Cyber Intrusion Protecting Your Organisation from Targeted Cyber Intrusion How the 35 mitigations against targeted cyber intrusion published by Defence Signals Directorate can be implemented on the Microsoft technology

More information

Unisys Security Solutions

Unisys Security Solutions Unisys Security Solutions Enabling clients to minimize risks, maximize opportunities unisys 2 Web expansion raises risks along with benefits Enterprises are taking advantage of Web-based technologies to

More information

Seven Things To Consider When Evaluating Privileged Account Security Solutions

Seven Things To Consider When Evaluating Privileged Account Security Solutions Seven Things To Consider When Evaluating Privileged Account Security Solutions Contents Introduction 1 Seven questions to ask every privileged account security provider 4 1. Is the solution really secure?

More information

Security. Security consulting and Integration: Definition and Deliverables. Introduction

Security. Security consulting and Integration: Definition and Deliverables. Introduction Security Security Introduction Businesses today need to defend themselves against an evolving set of threats, from malicious software to other vulnerabilities introduced by newly converged voice and data

More information

2015 Michigan NASCIO Award Nomination. Cyber Security Initiatives: Michigan Cyber Disruption Response Strategy

2015 Michigan NASCIO Award Nomination. Cyber Security Initiatives: Michigan Cyber Disruption Response Strategy 2015 Michigan NASCIO Award Nomination Cyber Security Initiatives: Michigan Cyber Disruption Response Strategy Sponsor: David Behen, DTMB Director and Chief Information Officer Program Manager: Rod Davenport,

More information

North Dakota 2013 IT Security Audit Vulnerability Assessment & Penetration Test Project Briefing

North Dakota 2013 IT Security Audit Vulnerability Assessment & Penetration Test Project Briefing North Dakota 2013 IT Security Audit Vulnerability Assessment & Penetration Test Project Briefing Introduction ManTech Project Manager Mark Shaw, Senior Executive Director Cyber Security Solutions Division

More information

The SIEM Evaluator s Guide

The SIEM Evaluator s Guide Using SIEM for Compliance, Threat Management, & Incident Response Security information and event management (SIEM) tools are designed to collect, store, analyze, and report on log data for threat detection,

More information

CORE INSIGHT ENTERPRISE: CSO USE CASES FOR ENTERPRISE SECURITY TESTING AND MEASUREMENT

CORE INSIGHT ENTERPRISE: CSO USE CASES FOR ENTERPRISE SECURITY TESTING AND MEASUREMENT CORE INSIGHT ENTERPRISE: CSO USE CASES FOR ENTERPRISE SECURITY TESTING AND MEASUREMENT How advancements in automated security testing software empower organizations to continuously measure information

More information

GUIDE TO INFORMATION SECURITY TESTING AND ASSESSMENT

GUIDE TO INFORMATION SECURITY TESTING AND ASSESSMENT GUIDE TO INFORMATION SECURITY TESTING AND ASSESSMENT Shirley Radack, Editor Computer Security Division Information Technology Laboratory National Institute of Standards and Technology A comprehensive approach

More information

An Integrated CyberSecurity Approach for HEP Grids. Workshop Report. http://hpcrd.lbl.gov/hepcybersecurity/

An Integrated CyberSecurity Approach for HEP Grids. Workshop Report. http://hpcrd.lbl.gov/hepcybersecurity/ An Integrated CyberSecurity Approach for HEP Grids Workshop Report http://hpcrd.lbl.gov/hepcybersecurity/ 1. Introduction The CMS and ATLAS experiments at the Large Hadron Collider (LHC) being built at

More information

Delivering Cost Effective IT Services

Delivering Cost Effective IT Services M2 Technology Delivering Cost Effective IT Services Defense agencies have been directed to move towards cloud and shared service models by the Federal Data Center Consolidation Initiative (FDCCI), the

More information

BlackRidge Technology Transport Access Control: Overview

BlackRidge Technology Transport Access Control: Overview 2011 BlackRidge Technology Transport Access Control: Overview 1 Introduction Enterprises and government agencies are under repeated cyber attack. Attacks range in scope from distributed denial of service

More information

White Paper. Intelligent DDoS Protection Use cases for applying DDoS Intelligence to improve preparation, detection and mitigation

White Paper. Intelligent DDoS Protection Use cases for applying DDoS Intelligence to improve preparation, detection and mitigation White Paper Intelligent DDoS Protection Use cases for applying DDoS Intelligence to improve preparation, detection and mitigation Table of Contents Introduction... 3 Common DDoS Mitigation Measures...

More information

Cyber Impact Assessment for Space Mission Assurance

Cyber Impact Assessment for Space Mission Assurance Cyber Impact Assessment for Space Mission Assurance Presented by: Douglas Wiemer d.wiemer@rheagroup.com Mission and system taxonomy contribution: Cédric Seynat cseynat@rheagroup.ca 18 June 2013 1 1 Topics

More information

defending against advanced persistent threats: strategies for a new era of attacks agility made possible

defending against advanced persistent threats: strategies for a new era of attacks agility made possible defending against advanced persistent threats: strategies for a new era of attacks agility made possible security threats as we know them are changing The traditional dangers IT security teams have been

More information

PENETRATION TESTING GUIDE. www.tbgsecurity.com 1

PENETRATION TESTING GUIDE. www.tbgsecurity.com 1 PENETRATION TESTING GUIDE www.tbgsecurity.com 1 Table of Contents What is a... 3 What is the difference between Ethical Hacking and other types of hackers and testing I ve heard about?... 3 How does a

More information

future data and infrastructure

future data and infrastructure White Paper Smart Grid Security: Preparing for the Standards-Based Future without Neglecting the Needs of Today Are you prepared for future data and infrastructure security challenges? Steve Chasko Principal

More information

GETTING REAL ABOUT SECURITY MANAGEMENT AND "BIG DATA"

GETTING REAL ABOUT SECURITY MANAGEMENT AND BIG DATA GETTING REAL ABOUT SECURITY MANAGEMENT AND "BIG DATA" A Roadmap for "Big Data" in Security Analytics ESSENTIALS This paper examines: Escalating complexity of the security management environment, from threats

More information

How we see malware introduced Phishing Targeted Phishing Water hole Download (software (+ free ), music, films, serialz)

How we see malware introduced Phishing Targeted Phishing Water hole Download (software (+ free ), music, films, serialz) How we see malware introduced Phishing Targeted Phishing Water hole Download (software (+ free ), music, films, serialz) Domain.Local DC Client DomainAdmin Attack Operator Advise Protect Detect Respond

More information

Software Defined Security Mechanisms for Critical Infrastructure Management

Software Defined Security Mechanisms for Critical Infrastructure Management Software Defined Security Mechanisms for Critical Infrastructure Management SESSION: CRITICAL INFRASTRUCTURE PROTECTION Dr. Anastasios Zafeiropoulos, Senior R&D Architect, Contact: azafeiropoulos@ubitech.eu

More information

Enterprise Security Platform for Government

Enterprise Security Platform for Government Enterprise Security Platform for Government Today s Cybersecurity Challenges in Government Governments are seeking greater efficiency and lower costs, adopting Shared Services models, consolidating data

More information

The Human Element in Cyber Security and Critical Infrastructure Protection: Lessons Learned

The Human Element in Cyber Security and Critical Infrastructure Protection: Lessons Learned The Human Element in Cyber Security and Critical Infrastructure Protection: Lessons Learned Marco Carvalho, Ph.D. Research Scientist mcarvalho@ihmc.us Institute for Human and Machine Cognition 40 South

More information

Web application security Executive brief Managing a growing threat: an executive s guide to Web application security.

Web application security Executive brief Managing a growing threat: an executive s guide to Web application security. Web application security Executive brief Managing a growing threat: an executive s guide to Web application security. Danny Allan, strategic research analyst, IBM Software Group Contents 2 Introduction

More information

Full-Context Forensic Analysis Using the SecureVue Unified Situational Awareness Platform

Full-Context Forensic Analysis Using the SecureVue Unified Situational Awareness Platform Full-Context Forensic Analysis Using the SecureVue Unified Situational Awareness Platform Solution Brief Full-Context Forensic Analysis Using the SecureVue Unified Situational Awareness Platform Finding

More information

A HELPING HAND TO PROTECT YOUR REPUTATION

A HELPING HAND TO PROTECT YOUR REPUTATION OVERVIEW SECURITY SOLUTIONS A HELPING HAND TO PROTECT YOUR REPUTATION CONTENTS INFORMATION SECURITY MATTERS 01 TAKE NOTE! 02 LAYERS OF PROTECTION 04 ON GUARD WITH OPTUS 05 THREE STEPS TO SECURITY PROTECTION

More information

The Protection Mission a constant endeavor

The Protection Mission a constant endeavor a constant endeavor The IT Protection Mission a constant endeavor As businesses become more and more dependent on IT, IT must face a higher bar for preparedness Cyber preparedness is the process of ensuring

More information

Fighting Advanced Threats

Fighting Advanced Threats Fighting Advanced Threats With FortiOS 5 Introduction In recent years, cybercriminals have repeatedly demonstrated the ability to circumvent network security and cause significant damages to enterprises.

More information

Cyber Threat Intelligence Move to an intelligencedriven cybersecurity model

Cyber Threat Intelligence Move to an intelligencedriven cybersecurity model Cyber Threat Intelligence Move to an intelligencedriven cybersecurity model Stéphane Hurtaud Partner Governance Risk & Compliance Deloitte Laurent De La Vaissière Director Governance Risk & Compliance

More information

Introduction. Jason Lawrence, MSISA, CISSP, CISA Manager, EY Advanced Security Center Atlanta, Georgia jason.lawrence@ey.com Twitter: @ethical_infosec

Introduction. Jason Lawrence, MSISA, CISSP, CISA Manager, EY Advanced Security Center Atlanta, Georgia jason.lawrence@ey.com Twitter: @ethical_infosec Introduction Jason Lawrence, MSISA, CISSP, CISA Manager, EY Advanced Security Center Atlanta, Georgia jason.lawrence@ey.com Twitter: @ethical_infosec More than 20 years of experience in cybersecurity specializing

More information

Lifecycle Solutions & Services. Managed Industrial Cyber Security Services

Lifecycle Solutions & Services. Managed Industrial Cyber Security Services Lifecycle Solutions & Services Managed Industrial Cyber Security Services Around the world, industrial firms and critical infrastructure operators partner with Honeywell to address the unique requirements

More information

Addressing FISMA Assessment Requirements

Addressing FISMA Assessment Requirements SOLUTION BRIEF Heeding FISMA s Call for Security Metrics and Continuous Network Monitoring Addressing FISMA Assessment Requirements Using RedSeal november 2011 WHITE PAPER RedSeal Networks, Inc. 3965 Freedom

More information

Practical Steps To Securing Process Control Networks

Practical Steps To Securing Process Control Networks Practical Steps To Securing Process Control Networks Villanova University Seminar Rich Mahler Director, Commercial Cyber Solutions Lockheed Martin Lockheed Martin Corporation 2014. All Rights Reserved.

More information

Threat Intelligence: The More You Know the Less Damage They Can Do. Charles Kolodgy Research VP, Security Products

Threat Intelligence: The More You Know the Less Damage They Can Do. Charles Kolodgy Research VP, Security Products Threat Intelligence: The More You Know the Less Damage They Can Do Charles Kolodgy Research VP, Security Products IDC Visit us at IDC.com and follow us on Twitter: @IDC 2 Agenda Evolving Threat Environment

More information

White Paper Integrating The CorreLog Security Correlation Server with BMC Software

White Paper Integrating The CorreLog Security Correlation Server with BMC Software orrelogtm White Paper Integrating The CorreLog Security Correlation Server with BMC Software This white paper describes how the CorreLog Security Correlation Server easily integrates with BMC Performance

More information

The Business Case for Security Information Management

The Business Case for Security Information Management The Essentials Series: Security Information Management The Business Case for Security Information Management sponsored by by Dan Sullivan Th e Business Case for Security Information Management... 1 Un

More information

Hillstone T-Series Intelligent Next-Generation Firewall Whitepaper: Abnormal Behavior Analysis

Hillstone T-Series Intelligent Next-Generation Firewall Whitepaper: Abnormal Behavior Analysis Hillstone T-Series Intelligent Next-Generation Firewall Whitepaper: Abnormal Behavior Analysis Keywords: Intelligent Next-Generation Firewall (ingfw), Unknown Threat, Abnormal Parameter, Abnormal Behavior,

More information

Cyber Security: Confronting the Threat

Cyber Security: Confronting the Threat 09 Cyber Security: Confronting the Threat Cyber Security: Confronting the Threat 09 In Short Cyber Threat Awareness and Preparedness Active Testing Likelihood of Attack Privacy Breaches 9% 67% Only 9%

More information

Software Application Control and SDLC

Software Application Control and SDLC Software Application Control and SDLC Albert J. Marcella, Jr., Ph.D., CISA, CISM 1 The most effective way to achieve secure software is for its development life cycle processes to rigorously conform to

More information

Sourcefire Solutions Overview Security for the Real World. SEE everything in your environment. LEARN by applying security intelligence to data

Sourcefire Solutions Overview Security for the Real World. SEE everything in your environment. LEARN by applying security intelligence to data SEE everything in your environment LEARN by applying security intelligence to data ADAPT defenses automatically ACT in real-time Sourcefire Solutions Overview Security for the Real World Change is constant.

More information

Accelerate Your Enterprise Private Cloud Initiative

Accelerate Your Enterprise Private Cloud Initiative Cisco Cloud Comprehensive, enterprise cloud enablement services help you realize a secure, agile, and highly automated infrastructure-as-a-service (IaaS) environment for cost-effective, rapid IT service

More information

Attack Graph Techniques

Attack Graph Techniques Chapter 2 Attack Graph Techniques 2.1 An example scenario Modern attack-graph techniques can automatically discover all possible ways an attacker can compromise an enterprise network by analyzing configuration

More information

POMPDs Make Better Hackers: Accounting for Uncertainty in Penetration Testing. By: Chris Abbott

POMPDs Make Better Hackers: Accounting for Uncertainty in Penetration Testing. By: Chris Abbott POMPDs Make Better Hackers: Accounting for Uncertainty in Penetration Testing By: Chris Abbott Introduction What is penetration testing? Methodology for assessing network security, by generating and executing

More information

SPEAR PHISHING UNDERSTANDING THE THREAT

SPEAR PHISHING UNDERSTANDING THE THREAT SPEAR PHISHING UNDERSTANDING THE THREAT SEPTEMBER 2013 Due to an organisation s reliance on email and internet connectivity, there is no guaranteed way to stop a determined intruder from accessing a business

More information

Technology Blueprint. Protect Your Email Servers. Guard the data and availability that enable business-critical communications

Technology Blueprint. Protect Your Email Servers. Guard the data and availability that enable business-critical communications Technology Blueprint Protect Your Email Servers Guard the data and availability that enable business-critical communications LEVEL 1 2 3 4 5 SECURITY CONNECTED REFERENCE ARCHITECTURE LEVEL 1 2 4 5 3 Security

More information

Network Security Landscape

Network Security Landscape Cole p01.tex V3-07/28/2009 3:46pm Page 1 Network Security Landscape COPYRIGHTED MATERIAL IN THIS PART Chapter 1 State of Network Security Chapter 2 New Approaches to Cyber Security Chapter 3 Interfacing

More information

Security Issues in Cloud Computing

Security Issues in Cloud Computing Security Issues in Computing CSCI 454/554 Computing w Definition based on NIST: A model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources

More information

Vulnerability Management

Vulnerability Management Vulnerability Management Buyer s Guide Buyer s Guide 01 Introduction 02 Key Components 03 Other Considerations About Rapid7 01 INTRODUCTION Exploiting weaknesses in browsers, operating systems and other

More information

Compliance Guide ISO 27002. Compliance Guide. September 2015. Contents. Introduction 1. Detailed Controls Mapping 2.

Compliance Guide ISO 27002. Compliance Guide. September 2015. Contents. Introduction 1. Detailed Controls Mapping 2. ISO 27002 Compliance Guide September 2015 Contents Compliance Guide 01 02 03 Introduction 1 Detailed Controls Mapping 2 About Rapid7 7 01 INTRODUCTION If you re looking for a comprehensive, global framework

More information

A Coordinated. Enterprise Networks Software Defined. and Application Fluent Programmable Networks

A Coordinated. Enterprise Networks Software Defined. and Application Fluent Programmable Networks A Coordinated Virtual Infrastructure for SDN in Enterprise Networks Software Defined Networking (SDN), OpenFlow and Application Fluent Programmable Networks Strategic White Paper Increasing agility and

More information

Integrated Network Vulnerability Scanning & Penetration Testing SAINTcorporation.com

Integrated Network Vulnerability Scanning & Penetration Testing SAINTcorporation.com SAINT Integrated Network Vulnerability Scanning and Penetration Testing www.saintcorporation.com Introduction While network vulnerability scanning is an important tool in proactive network security, penetration

More information

GAINING THE ADVANTAGE. Applying Cyber Kill Chain Methodology to Network Defense

GAINING THE ADVANTAGE. Applying Cyber Kill Chain Methodology to Network Defense GAINING THE ADVANTAGE Applying Cyber Kill Chain Methodology to Network Defense THE MODERN DAY ATTACKER Cyberattacks aren t new, but the stakes at every level are higher than ever. Adversaries are more

More information

Larry Wilson Version 1.0 November, 2013. University Cyber-security Program Critical Asset Mapping

Larry Wilson Version 1.0 November, 2013. University Cyber-security Program Critical Asset Mapping Larry Wilson Version 1.0 November, 2013 University Cyber-security Program Critical Asset Mapping Part 3 - Cyber-Security Controls Mapping Cyber-security Controls mapped to Critical Asset Groups CSC Control

More information

Taxonomy of Intrusion Detection System

Taxonomy of Intrusion Detection System Taxonomy of Intrusion Detection System Monika Sharma, Sumit Sharma Abstract During the past years, security of computer networks has become main stream in most of everyone's lives. Nowadays as the use

More information

CYBER SECURITY GUIDANCE

CYBER SECURITY GUIDANCE CYBER SECURITY GUIDANCE With the pervasiveness of information technology (IT) and cyber networks systems in nearly every aspect of society, effectively securing the Nation s critical infrastructure requires

More information

Managing Vulnerabilities for PCI Compliance White Paper. Christopher S. Harper Managing Director, Agio Security Services

Managing Vulnerabilities for PCI Compliance White Paper. Christopher S. Harper Managing Director, Agio Security Services Managing Vulnerabilities for PCI Compliance White Paper Christopher S. Harper Managing Director, Agio Security Services PCI STRATEGY Settling on a PCI vulnerability management strategy is sometimes a difficult

More information

Exam 1 - CSIS 3755 Information Assurance

Exam 1 - CSIS 3755 Information Assurance Name: Exam 1 - CSIS 3755 Information Assurance True/False Indicate whether the statement is true or false. 1. Antiquated or outdated infrastructure can lead to reliable and trustworthy systems. 2. Information

More information

2008 Visualization and Controls Peer Review. NSTB Program

2008 Visualization and Controls Peer Review. NSTB Program 2008 Visualization and Controls Peer Review NSTB Program Washington, DC October 21-22, 2008 Anomaly Detection and Distributed Active Response for Proce Control Systems Oak Ridge National Laboratory Summary

More information

WAN security threat landscape and best mitigation practices. Rex Stover Vice President, Americas, Enterprise & ICP Sales

WAN security threat landscape and best mitigation practices. Rex Stover Vice President, Americas, Enterprise & ICP Sales WAN security threat landscape and best mitigation practices. Rex Stover Vice President, Americas, Enterprise & ICP Sales The Cost of Cybercrime Sony $171m PlayStation 3 data breach (April 2011) $3 trillion

More information

NGA Paper. Act and Adjust: A Call to Action for Governors. for cybersecurity;

NGA Paper. Act and Adjust: A Call to Action for Governors. for cybersecurity; NGA Paper Act and Adjust: A Call to Action for Governors for Cybersecurity challenges facing the nation. Although implementing policies and practices that will make state systems and data more secure will

More information

Leveraging Network and Vulnerability metrics Using RedSeal

Leveraging Network and Vulnerability metrics Using RedSeal SOLUTION BRIEF Transforming IT Security Management Via Outcome-Oriented Metrics Leveraging Network and Vulnerability metrics Using RedSeal november 2011 WHITE PAPER RedSeal Networks, Inc. 3965 Freedom

More information

Network Monitoring Fabrics Are Key to Scaling IT

Network Monitoring Fabrics Are Key to Scaling IT Network Monitoring Fabrics Are Key to Scaling IT September 2014 Prepared by: Zeus Kerravala Network Monitoring Fabrics Are Key to Scaling IT by Zeus Kerravala September 2014 º º º º º º º º º º º º º º

More information

Some Thoughts on the Future of Cyber-security

Some Thoughts on the Future of Cyber-security Some Thoughts on the Future of Cyber-security Mike Thomas Information Assurance Directorate National Security Agency NSI IMPACT April 2015 1 Introduction, or Why are we here? National security missions

More information

SIEM is only as good as the data it consumes

SIEM is only as good as the data it consumes SIEM is only as good as the data it consumes Key Themes The traditional Kill Chain model needs to be updated due to the new cyber landscape A new Kill Chain for detection of The Insider Threat needs to

More information

PASTA Abstract. Process for Attack S imulation & Threat Assessment Abstract. VerSprite, LLC Copyright 2013

PASTA Abstract. Process for Attack S imulation & Threat Assessment Abstract. VerSprite, LLC Copyright 2013 2013 PASTA Abstract Process for Attack S imulation & Threat Assessment Abstract VerSprite, LLC Copyright 2013 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

More information

Requirements When Considering a Next- Generation Firewall

Requirements When Considering a Next- Generation Firewall White Paper Requirements When Considering a Next- Generation Firewall What You Will Learn The checklist provided in this document details six must-have capabilities to look for when evaluating a nextgeneration

More information