Network Mission Assurance
|
|
- Mildred Lewis
- 8 years ago
- Views:
Transcription
1 Network Mission Assurance Michael F. Junod, Patrick A. Muckelbauer, PhD, Todd C. Hughes, PhD, Julius M. Etzl, and James E. Denny Lockheed Martin Advanced Technology Laboratories Camden, NJ Abstract The doctrine of Network Mission Assurance (NMA) evaluates the value of information assurance and the risk of computer threats based upon their impact on the organizational functions supported by the network. The NMA framework is comprised of four technical functions: Asset Identification, Infrastructure Model and Control, Threat Analysis and Prediction, and Response Coordination. Our research in support of the NMA investigates technical solutions for trust-based resource control, reflective and reconfigurable network services, autonomic network defense, and cyber-attack representation. We contend that NMA unifies the purpose and function of separate information assurance programs into a holistic, network-centric solution. 1. Introduction This document describes the Network Mission Assurance (NMA) doctrine of Lockheed Martin Advanced Technology Laboratories (ATL). This doctrine is used as a guide to focus our information assurance efforts in different research areas and ensure these efforts can work together in a dynamic distributed network environment and effectively leverage and incorporate point security solutions into a robust information assurance architecture. It is our belief that one cannot simply back-fit existing security point solutions onto existing architectures and expect to have an improved security infrastructure. In fact, this can result in a less secure architecture that requires a great deal of manual effort in maintenance and monitoring.
2 Point security products (e.g., vulnerability scanners, intrusion detection systems, firewalls) often operate in isolation. In contrast, according to NMA, security solutions should not only be integrated with, but orchestrated among, the components of a network infrastructure. NMA is a high level concept that spans a large area of information security and information assurance. In support of this doctrine, ATL is leveraging its applied research strengths in quality of service (QoS), distributed processing, data fusion, and intelligent agents to apply to the information assurance domains. We believe that research and technologies from many other academic, commercial, and government sources also support the NMA doctrine. 2. Network Mission Assurance Approach The ability to launch successful cyber attack campaigns is far outpacing the ability to defend against them. A fundamental problem in the information assurance arms race is simply its current scope. Since most security systems focus on relatively atomic attack actions (e.g., port scans, buffer overflows), they have difficulty defending against coordinated attack campaigns. An attack campaign has an overall goal and is composed of many atomic actions over time that must be carefully and successfully carried out to achieve the desired goal. The need for rapid assembly of tactical networks exacerbates the difficulty. In a dynamic coalition environment, one does not have the opportunity to perform the vulnerability assessment and red team testing one would on static configurations. Further, one cannot assume that the systems will always provide the same mission critical functionality. With future reconfigurable systems using open system architectures, what parts of the system are critical at any given time in the mission becomes a run-time rather than design-time decision. The goal of the Network Mission 2
3 Assurance (NMA) is to keep the missioncritical systems operational while under a cyber attack. This implies the ability to identify and map critical assets to operational support capabilities. It also requires efficient and judicious use of resources by focusing additional resources on threatened assets. In addition, we believe there is great value in leveraging offensive attack campaign or threat knowledge for better defense. This allows us to explore full life cycle response through simulation before reflecting any changes onto the infrastructure components. NMA is intended to work in concert with of new technologies to future operational environments. 3. ATL NMA Research Areas With these concepts in place the four main research areas of Lockheed Martin Advanced Technology Laboratories Network Mission Assurance (NMA) are: (1) Asset Identification, (2) Infrastructure Model and Control, (3) Threat Analysis and Prediction, and (4) Response Coordination. Figure 1 provides a conceptual overview that illustrates the functional relationship between the technology components of the NMA research areas. existing information assurance efforts, which we believe are both necessary and effective. However, we also contend that there must be a higher level vision that drives requirements, metrics, and capabilities for transition Figure 1. Network Mission Assurance conceptual overview 3
4 3.1 Asset Identification The functions of asset identification are to identify critical mission objectives dynamically and continuously and to map, possibly through multiple levels of abstraction, the criticality of mission objectives to low-level infrastructure assets. For example, in mission terms it might be important to identify at the high level a critical unmanned autonomous vehicle (UAV) video feed. In system terms, this video feed would map at the low level to network flows, ports, and processors on hosts in the operational equipment. While others have recognized the need for critical asset identification, we believe there is a need to make this process continuous and dynamic, and we have outlined an approach for realizing this process. In addition, we have identified how to integrate the results of critical asset identification with other security components of a distributed system. For example, results from critical asset identification can enable more effective, reactive, and proactive responses by protecting assets that are most relevant to mission success, and provide a valuable discriminator for resource allocation. 3.2 Infrastructure Model and Control We believe that infrastructure models for information assurance must satisfy two important conditions. First, they must represent the state of the infrastructure in a manner that allows a system to reason about itself. Second, they must actuate changes in the model in the infrastructure itself. The models we have in mind are, therefore, reflective. Specifically, the reflective infrastructure provides a representation of the infrastructure that maintains infrastructure state and critical asset analysis; threat history, analysis, and projection; and responses and status. Changes to the model, however, need not be reflected immediately into the actual infrastructure but rather be considered as a 4
5 hypothetical state. This supports the ability to reason over proposed changes using simulation before actuating the changes back on to the infrastructure components. 3.3 Threat Analysis and Prediction Current network security measures are designed to make it more difficult for attackers to penetrate the boundary of an infrastructure. However, if an adversary is successful in penetrating this line of defense while eluding detection, very little stands in the way of total compromise of the infrastructure. There is a good reason this model is so pervasive: sealing an infrastructure against a potential adversary, for all its complexity, is far less complicated than recognizing and analyzing the attack of an actual adversary. Threat Analysis and Prediction research seeks to reduce this complexity by looking at three types of necessary tasks. First, systems must correlate events occurring throughout the infrastructure and deduce correctly that they constitute threat actions by an adversary. Second, systems must predict what the adversary is likely to do next. Third, systems must project the impact of the adversary s trajectory on infrastructure assets, in particular the assets critical to mission success. These functions are crucial for planning and implementing an effective response to an attack campaign. Performing these tasks in less time than attackers perform their own tasks is particularly difficult now that so many attacks are heavily scripted and distributed. We believe that automation in these areas is crucial. Threat Analysis and Prediction research is necessary to fill this current gap in infrastructure security. 3.4 Response Coordination Information assurance decisions have probabilistic and interdependent effects upon an organization s operations. The complexity of decisions can overwhelm human operators in large infrastructures. Thus, timely response 5
6 for infrastructure defense necessitates automated response coordination. Response Coordination seeks to enable automated threat response decision making. It integrates with components for threat analysis and network control through infrastructure models. We believe decision-theoretic concepts such as belief, action, and utility map well to infrastructure defense concepts such as threat, control, and mission. These mappings can be leveraged to reason about effective responses, even in conditions of uncertainty. 4. ATL Work in Support of NMA This section provides brief overviews of the specific areas of research that Advanced Technology Laboratories (ATL) is working in to support the Network Mission Assurance (NMA). Our goal is to provide mission assurance by ensuring survivability of high value assets and continued operation of critical infrastructure components. 4.1 Dynamic Trust-based Resources Cooperation and sharing of resources on a network requires some degree of trust between the entities involved. In current systems, this degree of trust manifests itself through static configuration of authentication and access control mechanisms that determine trust levels and map them to access rights. This approach requires a great deal of planning and effort. As the time provided to organize collaborative computer infrastructures decreases and their interactions become more complex, it is increasingly unlikely the proper degree of trust can be determined at system configuration time. Clearly this is the case for self-organizing, autonomous systems where cooperating entities may not even be known at configuration time. Current solutions, in and of themselves, are too rigid, require too much human intervention, and are inadequate for managing resources among rapidly assembling, 6
7 dynamic, active network components. What is needed in such cases is a dynamic, adaptive determination of trust that is integrated with resource allocation mechanisms, so that as trust in an entity degrades, so does its access to resources. Such trust-based resource allocation mechanisms are necessary to limit and ultimately completely restrict the disruptive behavior of an entity and ensure fault tolerance. The goal of Dynamic Trust-based Resources (DyTR), which ATL is currently developing under the DARPA Fault Tolerant Networks program, is to go beyond traditional authentication-based approaches to trust and build systems where the trustworthiness of entities adapts over time based on system events. DyTR provides an adaptive trustassessment methodology that allocates resources dynamically to an initial level of credentials, continually assesses trust, and adaptively allocates resources in accordance with changes in perceived trust. DyTR will tightly couple this continually assessed trust with low-level resource-allocation mechanisms to ensure that requesting processes are trusted and, thus, permitted to use system resources. If a requesting process exhibits suspicious behavior, DyTR will degrade its level of trust for that process, and subsequently reduce that process s access to system resources, so that other critical resources can continue to operate to achieve fault-tolerant behavior. 4.2 ATL s Next Generation Infrastructure ATL s Next Generation Infrastructure (ANGI) project has developed technology for building systems that can be deployed in increasingly more dynamic, distributed, and open environments. This includes an integrated set of services for dynamic system modeling as well as for system QoS. ANGI is a library of tools and executable services for developing and deploying distributed objects. Among these services are model sharing and sensor mechanisms that 7
8 allow systems to discover and monitor their own configuration and environment. We have also developed for ANGI a rich set of QoS controls for classifying and shaping traffic flows, which provide the foundation for managing and securing the shared network infrastructure and, in particular, protecting a system against distributed denial of service attacks. The QoS controls are superior to traditional firewall filters because they provide wider and more fine-grained range of influence. They also provide an end-to-end solution allowing greater latitude over where to place the controls. This allows confinement of potentially malicious flows through limits and priorities and protection of critical flows that are necessary to mission success. 4.3 Decision Network Technology Decision networks also known as influence diagrams use a graph structure to represent dependencies between possible decisions and uncertain beliefs, also associating utility (value or cost) with some of those actions and beliefs. It is a probabilistic reasoning technique that extends the concepts of Bayesian networks and decision trees. ATL is applying this technique to information assurance by evaluating sensor findings and specific threat alerts in a model of potential responses and their impact upon network services and assets. Then the decision network selects the action with maximal expected utility, which factors certainty and priority in a holistic manner for mission assurance. The primary challenge of this research is to identify and incorporate a technology for response selection which functions to provide mission assurance under the inherent uncertainty and incompleteness of data/control in large infrastructures. 4.4 Distributed Autonomic Response Coordinator ATL is developing a prototype Distributed Autonomic Response Coordinator (DARC) 8
9 that uses the ANGI framework as the foundation to deploy and manage the distributed sensor information as well as ANGI s dynamic QoS capabilities for response mechanisms. The DARC prototype uses existing intrusion detection and vulnerability assessment products as sensors. We intend to apply decision network logic to develop autonomic response to more devastating and more rapid cyber attacks. The challenge is to develop an autonomic response mechanism that can understand an attack campaign to determine the best response in a dynamic environment given the uncertainty of intrusion detection and vulnerability assessment sensor information. This will ensure mission assurance in the presence of an attack. The goal of DARC is to provide a distributed, autonomic response capable of detecting, adapting, and collaboratively responding to cyber attacks. It will enable the coordination and monitoring of start-to-end responses against single- and multi-node attacks. 4.5 Cyber Attack Workstation In keeping with our belief that leveraging offensive attack campaign knowledge makes for better defense, ATL has also developed a prototype Cyber Attack Workstation (CAW). The CAW provides a pluggable API and GUI for adding, integrating, and executing cyber reconnaissance and attack scripts. The interface generates a map of the network as reconnaissance information is gathered, which allows the user to target specific hosts with particular vulnerabilities. The interface also allows users to select the level of risk they are willing to accept, and the CAW will adjust the parameters of attacks accordingly. Future versions of the CAW will automatically and dynamically formulate and execute cyber offensive attack campaigns that meet mission objectives and constraints. The CAW will determine the appropriate steps of the campaign based on the intent of the user 9
10 and the risks the user is willing to accept. The Metabase ( long-term goal is to incorporate the attackcampaign understanding and decision-model logic developed for DARC in order to produce more sophisticated offensive attack campaigns. 4.6 Attacker Capability Ontology A key enabler of ATL s future work in information assurance is the formal representation of, and reasoning about, cyber attack data. Two important aspects of this domain we have attempted to capture are: (1) the relationship between software vulnerabilities and the capabilities that attackers gain by exploiting them on actual systems, and (2) the relationships among these capabilities. For this effort we have developed the Attacker Capability Ontology. The Attacker Capability Ontology is implemented in both Resources Description Framework Schema (RDFS) and DARPA Agent Markup Language (DAML). It has also been integrated with the ICAT Vulnerability meaning that capability attributions have been assigned to the vulnerabilities listed in the database. This formal representation will allow advanced reasoning for correlating, predicting, and projecting attacks. 5. Future Work ATL continues its research and development in information assurance in each of the projects described above, using the NMA doctrine as a guide. As NMA technology matures, we seek to deploy information assurance products technology as well as transfer the results of our research into the broader information assurance community. Acknowledgements Defense Advanced Research Projects Agency/Air Force Rome Laboratory, contract Number F C References NMA Home Page: external.lmco.com/projects/ia/ 10
A Biologically Inspired Approach to Network Vulnerability Identification
A Biologically Inspired Approach to Network Vulnerability Identification Evolving CNO Strategies for CND Todd Hughes, Aron Rubin, Andrew Cortese,, Harris Zebrowitz Senior Member, Engineering Staff Advanced
More informationContinuous Network Monitoring
Continuous Network Monitoring Eliminate periodic assessment processes that expose security and compliance programs to failure Continuous Network Monitoring Continuous network monitoring and assessment
More informationAttack Intelligence: Why It Matters
Attack Intelligence: Why It Matters WHITE PAPER Core Security +1 617.399-6980 info@coresecurity.com www.coresecurity.com A Proactive Strategy Attacks against your organization are more prevalent than ever,
More informationSANS Top 20 Critical Controls for Effective Cyber Defense
WHITEPAPER SANS Top 20 Critical Controls for Cyber Defense SANS Top 20 Critical Controls for Effective Cyber Defense JANUARY 2014 SANS Top 20 Critical Controls for Effective Cyber Defense Summary In a
More informationDoD Strategy for Defending Networks, Systems, and Data
DoD Strategy for Defending Networks, Systems, and Data November 13, 2013 Department DoDD of Defense Chief Information Officer DoD Strategy for Defending Networks, Systems, and Data Introduction In July
More informationAdvanced Threat Protection with Dell SecureWorks Security Services
Advanced Threat Protection with Dell SecureWorks Security Services Table of Contents Summary... 2 What are Advanced Threats?... 3 How do advanced threat actors operate?... 3 Addressing the Threat... 5
More informationComplete Web Application Security. Phase1-Building Web Application Security into Your Development Process
Complete Web Application Security Phase1-Building Web Application Security into Your Development Process Table of Contents Introduction 3 Thinking of security as a process 4 The Development Life Cycle
More informationAddressing the Full Attack Continuum: Before, During, and After an Attack. It s Time for a New Security Model
White Paper Addressing the Full Attack Continuum: Before, During, and After an Attack It s Time for a New Security Model Today s threat landscape is nothing like that of just 10 years ago. Simple attacks
More informationRisk Calculation and Predictive Analytics: Optimizing Governance, Risk and Compliance.
Risk Calculation and Predictive Analytics: Optimizing Governance, Risk and Compliance. Prevari makes organizations safer by providing instrumentation for managing risks to information. Prevari solutions
More informationCisco Advanced Services for Network Security
Data Sheet Cisco Advanced Services for Network Security IP Communications networking the convergence of data, voice, and video onto a single network offers opportunities for reducing communication costs
More informationFREQUENTLY ASKED QUESTIONS
FREQUENTLY ASKED QUESTIONS Continuous Monitoring 1. What is continuous monitoring? Continuous monitoring is one of six steps in the Risk Management Framework (RMF) described in NIST Special Publication
More informationApplying Internal Traffic Models to Improve Identification of High Fidelity Cyber Security Events
Applying Internal Traffic Models to Improve Identification of High Fidelity Cyber Security Events Abstract Effective Security Operations throughout both DoD and industry are requiring and consuming unprecedented
More informationAPPLICATION OF MULTI-AGENT SYSTEMS FOR NETWORK AND INFORMATION PROTECTION
18-19 September 2014, BULGARIA 137 Proceedings of the International Conference on Information Technologies (InfoTech-2014) 18-19 September 2014, Bulgaria APPLICATION OF MULTI-AGENT SYSTEMS FOR NETWORK
More informationObtaining Enterprise Cybersituational
SESSION ID: SPO-R06A Obtaining Enterprise Cybersituational Awareness Eric J. Eifert Sr. Vice President Managed Security Services DarkMatter Agenda My Background Key components of the Cyber Situational
More informationCyberSecurity Solutions. Delivering
CyberSecurity Solutions Delivering Confidence Staying One Step Ahead Cyber attacks pose a real and growing threat to nations, corporations and individuals globally. As a trusted leader in cyber solutions
More informationProtecting the Extended Enterprise Network Security Strategies and Solutions from ProCurve Networking
ProCurve Networking by HP Protecting the Extended Enterprise Network Security Strategies and Solutions from ProCurve Networking Introduction... 2 Today s Network Security Landscape... 2 Accessibility...
More informationMachine-to-Machine Exchange of Cyber Threat Information: a Key to Mature Cyber Defense
Machine-to-Machine Exchange of Cyber Threat Information: a Key to Mature Cyber Defense By: Daniel Harkness, Chris Strasburg, and Scott Pinkerton The Challenge The Internet is an integral part of daily
More informationIntrusion Detection and Cyber Security Monitoring of SCADA and DCS Networks
Intrusion Detection and Cyber Security Monitoring of SCADA and DCS Networks Dale Peterson Director, Network Security Practice Digital Bond, Inc. 1580 Sawgrass Corporate Parkway, Suite 130 Sunrise, FL 33323
More informationRed Teaming of Advanced Information Assurance Concepts
Red Teaming of Advanced Information Assurance Concepts Bradley J. Wood Red Team Program Manager Distinguished Member of Technical Staff Sandia National Laboratories bjwood@sandia.gov Ruth A. Duggan Red
More informationEnterprise Security Tactical Plan
Enterprise Security Tactical Plan Fiscal Years 2011 2012 (July 1, 2010 to June 30, 2012) Prepared By: State Chief Information Security Officer The Information Security Council State of Minnesota Enterprise
More informationWhite Paper. Intelligent DDoS Protection Use cases for applying DDoS Intelligence to improve preparation, detection and mitigation
White Paper Intelligent DDoS Protection Use cases for applying DDoS Intelligence to improve preparation, detection and mitigation Table of Contents Introduction... 3 Common DDoS Mitigation Measures...
More informationUNCLASSIFIED. UNCLASSIFIED Office of Secretary Of Defense Page 1 of 8 R-1 Line #50
Exhibit R-2, RDT&E Budget Item Justification: PB 2015 Office of Secretary Of Defense Date: March 2014 0400:,, Test & Evaluation, Defense-Wide / BA 3: Advanced Technology (ATD) COST ($ in Millions) Prior
More informationU.S. Army Research, Development and Engineering Command. Cyber Security CRA Overview
U.S. Army Research, Development and Engineering Command Cyber Security CRA Overview Dr. Ananthram Swami, ST Network Science 18FEB 2014 Cyber Security Collaborative Research Alliance A Collaborative Venture
More informationTHE ROLE OF IDS & ADS IN NETWORK SECURITY
THE ROLE OF IDS & ADS IN NETWORK SECURITY The Role of IDS & ADS in Network Security When it comes to security, most networks today are like an egg: hard on the outside, gooey in the middle. Once a hacker
More informationNew Era in Cyber Security. Technology Development
New Era in Cyber New Era in Cyber Security Security Technology Technology Development Development Combining the Power of the Oil and Gas Industry, DHS, and the Vendor Community to Combat Cyber Security
More informationProtecting Your Organisation from Targeted Cyber Intrusion
Protecting Your Organisation from Targeted Cyber Intrusion How the 35 mitigations against targeted cyber intrusion published by Defence Signals Directorate can be implemented on the Microsoft technology
More informationAlcatel-Lucent Services
SOLUTION DESCRIPTION Alcatel-Lucent Services Security Introduction Security is a sophisticated business and technical challenge, and it plays an important role in the success of any network, service or
More informationNorth Dakota 2013 IT Security Audit Vulnerability Assessment & Penetration Test Project Briefing
North Dakota 2013 IT Security Audit Vulnerability Assessment & Penetration Test Project Briefing Introduction ManTech Project Manager Mark Shaw, Senior Executive Director Cyber Security Solutions Division
More informationCORE INSIGHT ENTERPRISE: CSO USE CASES FOR ENTERPRISE SECURITY TESTING AND MEASUREMENT
CORE INSIGHT ENTERPRISE: CSO USE CASES FOR ENTERPRISE SECURITY TESTING AND MEASUREMENT How advancements in automated security testing software empower organizations to continuously measure information
More informationThe Advanced Attack Challenge. Creating a Government Private Threat Intelligence Cloud
The Advanced Attack Challenge Creating a Government Private Threat Intelligence Cloud The Advanced Attack Challenge One of the most prominent and advanced threats to government networks is advanced delivery
More informationFighting Advanced Threats
Fighting Advanced Threats With FortiOS 5 Introduction In recent years, cybercriminals have repeatedly demonstrated the ability to circumvent network security and cause significant damages to enterprises.
More informationTUSKEGEE CYBER SECURITY PATH FORWARD
TUSKEGEE CYBER SECURITY PATH FORWARD Preface Tuskegee University is very aware of the ever-escalating cybersecurity threat, which consumes continually more of our societies resources to counter these threats,
More informationTechnical Testing. Network Testing DATA SHEET
DATA SHEET Technical Testing Network Testing The Dell SecureWorks Technical Testing services deliver the independent expertise, experience and perspective you need to enhance your security posture, reduce
More informationGETTING REAL ABOUT SECURITY MANAGEMENT AND "BIG DATA"
GETTING REAL ABOUT SECURITY MANAGEMENT AND "BIG DATA" A Roadmap for "Big Data" in Security Analytics ESSENTIALS This paper examines: Escalating complexity of the security management environment, from threats
More informationfuture data and infrastructure
White Paper Smart Grid Security: Preparing for the Standards-Based Future without Neglecting the Needs of Today Are you prepared for future data and infrastructure security challenges? Steve Chasko Principal
More informationA HELPING HAND TO PROTECT YOUR REPUTATION
OVERVIEW SECURITY SOLUTIONS A HELPING HAND TO PROTECT YOUR REPUTATION CONTENTS INFORMATION SECURITY MATTERS 01 TAKE NOTE! 02 LAYERS OF PROTECTION 04 ON GUARD WITH OPTUS 05 THREE STEPS TO SECURITY PROTECTION
More informationManaging IT Security with Penetration Testing
Managing IT Security with Penetration Testing Introduction Adequately protecting an organization s information assets is a business imperative one that requires a comprehensive, structured approach to
More informationCyber Threat Intelligence Move to an intelligencedriven cybersecurity model
Cyber Threat Intelligence Move to an intelligencedriven cybersecurity model Stéphane Hurtaud Partner Governance Risk & Compliance Deloitte Laurent De La Vaissière Director Governance Risk & Compliance
More informationAn Integrated CyberSecurity Approach for HEP Grids. Workshop Report. http://hpcrd.lbl.gov/hepcybersecurity/
An Integrated CyberSecurity Approach for HEP Grids Workshop Report http://hpcrd.lbl.gov/hepcybersecurity/ 1. Introduction The CMS and ATLAS experiments at the Large Hadron Collider (LHC) being built at
More informationThreat Intelligence: The More You Know the Less Damage They Can Do. Charles Kolodgy Research VP, Security Products
Threat Intelligence: The More You Know the Less Damage They Can Do Charles Kolodgy Research VP, Security Products IDC Visit us at IDC.com and follow us on Twitter: @IDC 2 Agenda Evolving Threat Environment
More informationHillstone T-Series Intelligent Next-Generation Firewall Whitepaper: Abnormal Behavior Analysis
Hillstone T-Series Intelligent Next-Generation Firewall Whitepaper: Abnormal Behavior Analysis Keywords: Intelligent Next-Generation Firewall (ingfw), Unknown Threat, Abnormal Parameter, Abnormal Behavior,
More informationAddressing FISMA Assessment Requirements
SOLUTION BRIEF Heeding FISMA s Call for Security Metrics and Continuous Network Monitoring Addressing FISMA Assessment Requirements Using RedSeal november 2011 WHITE PAPER RedSeal Networks, Inc. 3965 Freedom
More informationdefending against advanced persistent threats: strategies for a new era of attacks agility made possible
defending against advanced persistent threats: strategies for a new era of attacks agility made possible security threats as we know them are changing The traditional dangers IT security teams have been
More informationAttack Graph Techniques
Chapter 2 Attack Graph Techniques 2.1 An example scenario Modern attack-graph techniques can automatically discover all possible ways an attacker can compromise an enterprise network by analyzing configuration
More informationGUIDE TO INFORMATION SECURITY TESTING AND ASSESSMENT
GUIDE TO INFORMATION SECURITY TESTING AND ASSESSMENT Shirley Radack, Editor Computer Security Division Information Technology Laboratory National Institute of Standards and Technology A comprehensive approach
More informationPOMPDs Make Better Hackers: Accounting for Uncertainty in Penetration Testing. By: Chris Abbott
POMPDs Make Better Hackers: Accounting for Uncertainty in Penetration Testing By: Chris Abbott Introduction What is penetration testing? Methodology for assessing network security, by generating and executing
More informationCloud Computing Technologies Achieving Greater Trustworthiness and Resilience
Cloud Computing Technologies Achieving Greater Trustworthiness and Resilience Cloud Standards Customer Council Public Sector Cloud Summit March 24, 2014 Dr. Ron Ross Computer Security Division Information
More informationBlackRidge Technology Transport Access Control: Overview
2011 BlackRidge Technology Transport Access Control: Overview 1 Introduction Enterprises and government agencies are under repeated cyber attack. Attacks range in scope from distributed denial of service
More informationSPEAR PHISHING UNDERSTANDING THE THREAT
SPEAR PHISHING UNDERSTANDING THE THREAT SEPTEMBER 2013 Due to an organisation s reliance on email and internet connectivity, there is no guaranteed way to stop a determined intruder from accessing a business
More informationDelivering Cost Effective IT Services
M2 Technology Delivering Cost Effective IT Services Defense agencies have been directed to move towards cloud and shared service models by the Federal Data Center Consolidation Initiative (FDCCI), the
More informationTechnology Blueprint. Protect Your Email Servers. Guard the data and availability that enable business-critical communications
Technology Blueprint Protect Your Email Servers Guard the data and availability that enable business-critical communications LEVEL 1 2 3 4 5 SECURITY CONNECTED REFERENCE ARCHITECTURE LEVEL 1 2 4 5 3 Security
More informationCYBER SECURITY, A GROWING CIO PRIORITY
www.wipro.com CYBER SECURITY, A GROWING CIO PRIORITY Bivin John Verghese, Practitioner - Managed Security Services, Wipro Ltd. Contents 03 ------------------------------------- Abstract 03 -------------------------------------
More informationCYBER SECURITY INFORMATION SHARING & COLLABORATION
Corporate Information Security CYBER SECURITY INFORMATION SHARING & COLLABORATION David N. Saul Senior Vice President & Chief Scientist 28 June 2013 Discussion Flow The Evolving Threat Environment Drivers
More information2011 Cyber Security and the Advanced Persistent Threat A Holistic View
2011 Cyber and the Advanced Persistent Threat A Holistic View Thomas Varney Cybersecurity & Privacy BM Global Business Services 1 31/10/11 Agenda The Threat We Face A View to Addressing the Four Big Problem
More informationCONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL
CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL WHAT IS CDM? The continuous stream of high profile cybersecurity breaches demonstrates the need to move beyond purely periodic, compliance-based approaches to
More informationCyber Impact Assessment for Space Mission Assurance
Cyber Impact Assessment for Space Mission Assurance Presented by: Douglas Wiemer d.wiemer@rheagroup.com Mission and system taxonomy contribution: Cédric Seynat cseynat@rheagroup.ca 18 June 2013 1 1 Topics
More informationEnterprise Security Platform for Government
Enterprise Security Platform for Government Today s Cybersecurity Challenges in Government Governments are seeking greater efficiency and lower costs, adopting Shared Services models, consolidating data
More informationIntroduction. Jason Lawrence, MSISA, CISSP, CISA Manager, EY Advanced Security Center Atlanta, Georgia jason.lawrence@ey.com Twitter: @ethical_infosec
Introduction Jason Lawrence, MSISA, CISSP, CISA Manager, EY Advanced Security Center Atlanta, Georgia jason.lawrence@ey.com Twitter: @ethical_infosec More than 20 years of experience in cybersecurity specializing
More informationThe Human Element in Cyber Security and Critical Infrastructure Protection: Lessons Learned
The Human Element in Cyber Security and Critical Infrastructure Protection: Lessons Learned Marco Carvalho, Ph.D. Research Scientist mcarvalho@ihmc.us Institute for Human and Machine Cognition 40 South
More informationThe SIEM Evaluator s Guide
Using SIEM for Compliance, Threat Management, & Incident Response Security information and event management (SIEM) tools are designed to collect, store, analyze, and report on log data for threat detection,
More informationSoftware Defined Security Mechanisms for Critical Infrastructure Management
Software Defined Security Mechanisms for Critical Infrastructure Management SESSION: CRITICAL INFRASTRUCTURE PROTECTION Dr. Anastasios Zafeiropoulos, Senior R&D Architect, Contact: azafeiropoulos@ubitech.eu
More informationSecurity. Security consulting and Integration: Definition and Deliverables. Introduction
Security Security Introduction Businesses today need to defend themselves against an evolving set of threats, from malicious software to other vulnerabilities introduced by newly converged voice and data
More informationMEMORANDUM. Date: October 28, 2013. Federally Regulated Financial Institutions. Subject: Cyber Security Self-Assessment Guidance
MEMORANDUM Date: October 28, 2013 To: Federally Regulated Financial Institutions Subject: Guidance The increasing frequency and sophistication of recent cyber-attacks has resulted in an elevated risk profile
More informationWAN security threat landscape and best mitigation practices. Rex Stover Vice President, Americas, Enterprise & ICP Sales
WAN security threat landscape and best mitigation practices. Rex Stover Vice President, Americas, Enterprise & ICP Sales The Cost of Cybercrime Sony $171m PlayStation 3 data breach (April 2011) $3 trillion
More informationCyber Security: Confronting the Threat
09 Cyber Security: Confronting the Threat Cyber Security: Confronting the Threat 09 In Short Cyber Threat Awareness and Preparedness Active Testing Likelihood of Attack Privacy Breaches 9% 67% Only 9%
More informationSeven Things To Consider When Evaluating Privileged Account Security Solutions
Seven Things To Consider When Evaluating Privileged Account Security Solutions Contents Introduction 1 Seven questions to ask every privileged account security provider 4 1. Is the solution really secure?
More informationWhite Paper Integrating The CorreLog Security Correlation Server with BMC Software
orrelogtm White Paper Integrating The CorreLog Security Correlation Server with BMC Software This white paper describes how the CorreLog Security Correlation Server easily integrates with BMC Performance
More informationFull-Context Forensic Analysis Using the SecureVue Unified Situational Awareness Platform
Full-Context Forensic Analysis Using the SecureVue Unified Situational Awareness Platform Solution Brief Full-Context Forensic Analysis Using the SecureVue Unified Situational Awareness Platform Finding
More informationHow we see malware introduced Phishing Targeted Phishing Water hole Download (software (+ free ), music, films, serialz)
How we see malware introduced Phishing Targeted Phishing Water hole Download (software (+ free ), music, films, serialz) Domain.Local DC Client DomainAdmin Attack Operator Advise Protect Detect Respond
More informationLeveraging Network and Vulnerability metrics Using RedSeal
SOLUTION BRIEF Transforming IT Security Management Via Outcome-Oriented Metrics Leveraging Network and Vulnerability metrics Using RedSeal november 2011 WHITE PAPER RedSeal Networks, Inc. 3965 Freedom
More informationLifecycle Solutions & Services. Managed Industrial Cyber Security Services
Lifecycle Solutions & Services Managed Industrial Cyber Security Services Around the world, industrial firms and critical infrastructure operators partner with Honeywell to address the unique requirements
More informationSIEM is only as good as the data it consumes
SIEM is only as good as the data it consumes Key Themes The traditional Kill Chain model needs to be updated due to the new cyber landscape A new Kill Chain for detection of The Insider Threat needs to
More informationThe Protection Mission a constant endeavor
a constant endeavor The IT Protection Mission a constant endeavor As businesses become more and more dependent on IT, IT must face a higher bar for preparedness Cyber preparedness is the process of ensuring
More informationPractical Steps To Securing Process Control Networks
Practical Steps To Securing Process Control Networks Villanova University Seminar Rich Mahler Director, Commercial Cyber Solutions Lockheed Martin Lockheed Martin Corporation 2014. All Rights Reserved.
More informationCyber Situational Awareness for Enterprise Security
Cyber Situational Awareness for Enterprise Security Tzvi Kasten AVP, Business Development Biju Varghese Director, Engineering Sudhir Garg Technical Architect The security world is changing as the nature
More informationThe Business Case for Security Information Management
The Essentials Series: Security Information Management The Business Case for Security Information Management sponsored by by Dan Sullivan Th e Business Case for Security Information Management... 1 Un
More informationSourcefire Solutions Overview Security for the Real World. SEE everything in your environment. LEARN by applying security intelligence to data
SEE everything in your environment LEARN by applying security intelligence to data ADAPT defenses automatically ACT in real-time Sourcefire Solutions Overview Security for the Real World Change is constant.
More informationWeb application security Executive brief Managing a growing threat: an executive s guide to Web application security.
Web application security Executive brief Managing a growing threat: an executive s guide to Web application security. Danny Allan, strategic research analyst, IBM Software Group Contents 2 Introduction
More informationBreaking down silos of protection: An integrated approach to managing application security
IBM Software Thought Leadership White Paper October 2013 Breaking down silos of protection: An integrated approach to managing application security Protect your enterprise from the growing volume and velocity
More informationCisco Security Optimization Service
Cisco Security Optimization Service Proactively strengthen your network to better respond to evolving security threats and planned and unplanned events. Service Overview Optimize Your Network for Borderless
More informationCHAPTER 3 : INCIDENT RESPONSE FIVE KEY RECOMMENDATIONS GLOBAL THREAT INTELLIGENCE REPORT 2015 :: COPYRIGHT 2015 NTT INNOVATION INSTITUTE 1 LLC
: INCIDENT RESPONSE FIVE KEY RECOMMENDATIONS 1 FIVE KEY RECOMMENDATIONS During 2014, NTT Group supported response efforts for a variety of incidents. Review of these engagements revealed some observations
More informationCYBER SECURITY GUIDANCE
CYBER SECURITY GUIDANCE With the pervasiveness of information technology (IT) and cyber networks systems in nearly every aspect of society, effectively securing the Nation s critical infrastructure requires
More informationGoals. Understanding security testing
Getting The Most Value From Your Next Network Penetration Test Jerald Dawkins, Ph.D. True Digital Security p. o. b o x 3 5 6 2 3 t u l s a, O K 7 4 1 5 3 p. 8 6 6. 4 3 0. 2 5 9 5 f. 8 7 7. 7 2 0. 4 0 3
More informationAccelerate Your Enterprise Private Cloud Initiative
Cisco Cloud Comprehensive, enterprise cloud enablement services help you realize a secure, agile, and highly automated infrastructure-as-a-service (IaaS) environment for cost-effective, rapid IT service
More informationVulnerability Management
Vulnerability Management Buyer s Guide Buyer s Guide 01 Introduction 02 Key Components 03 Other Considerations About Rapid7 01 INTRODUCTION Exploiting weaknesses in browsers, operating systems and other
More informationDepartment of Defense NetOps Strategic Vision
Department of Defense NetOps Strategic Vision December 2008 Department of Defense Chief Information Officer The Pentagon Washington, D.C. Table of Contents 1 Purpose...1 2 Introduction...1 2.1 NetOps
More informationEffective Threat Management. Building a complete lifecycle to manage enterprise threats.
Effective Threat Management Building a complete lifecycle to manage enterprise threats. Threat Management Lifecycle Assimilation of Operational Security Disciplines into an Interdependent System of Proactive
More informationPENETRATION TESTING GUIDE. www.tbgsecurity.com 1
PENETRATION TESTING GUIDE www.tbgsecurity.com 1 Table of Contents What is a... 3 What is the difference between Ethical Hacking and other types of hackers and testing I ve heard about?... 3 How does a
More informationMicrosoft Services Premier Support. Security Services Catalogue
Microsoft Services Premier Support Security Services Catalogue 2014 Microsoft Services Microsoft Services helps you get the most out of your Microsoft Information Technology (IT) investment with integrated
More informationCisco Advanced Malware Protection
Solution Overview Cisco Advanced Malware Protection Breach Prevention, Detection, Response, and Remediation for the Real World BENEFITS Gain unmatched global threat intelligence to strengthen front-line
More informationIntegrated Network Vulnerability Scanning & Penetration Testing SAINTcorporation.com
SAINT Integrated Network Vulnerability Scanning and Penetration Testing www.saintcorporation.com Introduction While network vulnerability scanning is an important tool in proactive network security, penetration
More informationSecurity Solutions to Meet NERC-CIP Requirements. Kevin Staggs, Honeywell Process Solutions
Kevin Staggs, Honeywell Process Solutions Table of Contents Introduction...3 Nerc Standards and Implications...3 How to Meet the New Requirements...4 Protecting Your System...4 Cyber Security...5 A Sample
More informationCisco SAFE: A Security Reference Architecture
Cisco SAFE: A Security Reference Architecture The Changing Network and Security Landscape The past several years have seen tremendous changes in the network, both in the kinds of devices being deployed
More informationCompliance Guide ISO 27002. Compliance Guide. September 2015. Contents. Introduction 1. Detailed Controls Mapping 2.
ISO 27002 Compliance Guide September 2015 Contents Compliance Guide 01 02 03 Introduction 1 Detailed Controls Mapping 2 About Rapid7 7 01 INTRODUCTION If you re looking for a comprehensive, global framework
More informationLINK EPA Requirements, audit & Safety
2008 Visualization and Controls Peer Review NSTB Program Washington, DC October 21-22, 2008 Anomaly Detection and Distributed Active Response for Proce Control Systems Oak Ridge National Laboratory Summary
More informationNetwork Monitoring Fabrics Are Key to Scaling IT
Network Monitoring Fabrics Are Key to Scaling IT September 2014 Prepared by: Zeus Kerravala Network Monitoring Fabrics Are Key to Scaling IT by Zeus Kerravala September 2014 º º º º º º º º º º º º º º
More informationIncident Handling. Applied Risk Management. September 2002
Incident Handling Applied Risk Management September 2002 What is Incident Handling? Incident Handling is the management of Information Security Events What is an Information Security Event? An Information
More informationDoes your Citrix or Terminal Server environment have an Achilles heel?
CRYPTZONE WHITE PAPER Does your Citrix or Terminal Server environment have an Achilles heel? Moving away from IP-centric to role-based access controls to secure Citrix and Terminal Server user access cryptzone.com
More informationCybersecurity Enhancement Account. FY 2017 President s Budget
Cybersecurity Enhancement Account FY 2017 President s Budget February 9, 2016 Table of Contents Section 1 Purpose... 3 1A Mission Statement... 3 1.1 Appropriations Detail Table... 3 1B Vision, Priorities
More informationExam 1 - CSIS 3755 Information Assurance
Name: Exam 1 - CSIS 3755 Information Assurance True/False Indicate whether the statement is true or false. 1. Antiquated or outdated infrastructure can lead to reliable and trustworthy systems. 2. Information
More information