LINK EPA Requirements, audit & Safety
|
|
- Laureen Sharp
- 3 years ago
- Views:
Transcription
1 2008 Visualization and Controls Peer Review NSTB Program Washington, DC October 21-22, 2008 Anomaly Detection and Distributed Active Response for Proce Control Systems Oak Ridge National Laboratory
2 Summary Slide: Silent Storm Outcomes: Actively monitor network; Use advanced statistical methods; Perform anomaly detection Correlate and Share information; Actively respond to threats; and Self-heal NSTB Goal: Deploying next-generation control systems that include capabilities for intrusion detection, prevention, and event correlation Approach: Extend present intrusion protection capability Use advanced statistical methods Leverage existing distributed network sensing framework Collect network traffic at the protocol level Perform anomaly detection analysis and actively respond Progre/accomplishments: Developed program and security plans; Documented architecture and API; Developed: detection sensor, secure communications, active response algorithms, and self-healing subsystem; Performed spiral testing; and Initiated the deployment of a test system. Silent Storm Distributed Architecture Schedule: Prototype demonstration by 1-Dec Funding: $250K Image Performers: ORNL Louis Wilder PI, Dr. Chris Griffin CoPI, Bob Schlicher SW SME, Dr. James Nutaro M&S, Joe Gracia PM Partners: Siemens, TVA, & EnerNex
3 Technology Transfer/Collaboration Cooperative Research and Development Agreement (CRADA) Nondisclosure Agreement Licensing Agreement Nondisclosure Agreement Collaboration Siemens Energy & Automation Tenneee Valley Authority (TVA) EnerNex of Tenneee
4 Next Steps Follow-up Work Enhance methods of attack detection Establish normal traffic patterns Collaborate with Siemens develop traffic profiles Develop heuristic identification and attack correlation Apply existing pattern recognition and data fusion techniques on attack scenarios Collaborate with Siemens and TVA Deliverables: Demonstrate and Report capability Perform anomaly detection and active response
5 Simple Silent Storm Deployment Alerts and Detection Correlation Sunspot (SS) Configurable Plug-in Architecture Secure Communications Multi-Node Deployment Secure Communications Allows Alert Analysis for Detection Correlation Host and Network based detection Configurable based-on plug-in Architecture In-Line Appliance: Sun SPOT platform- SOC w/180 mhz ARM proceor
6 Architectural Overview Each SS node, extensible framework miion controller built-in plug-in cyber adapter custom payload Ubiquitous Network Transient Autonomous Miion Entity (UNTAME) Framework Heuristic Identification and Tracking of Insider Threat (HIT-IT)
7 Response Screen 3D Graphics Situational Awarene Active Response
8 Response Screen Alert: Unknown Attack Detected Auto-response: Router x-1 is blocking the traffic stream Device is isolated from network 3D Graphics Situational Awarene Active Response Undo this Auto-response Indicate as False Positive Take Additional Actions Accept
9 Normality Learning A multi-layer statistical model identify models locally stationary behaviors masked jumps between behavior. Construct Models from data stream multi-spatial-temporal resolution Results optimal multi-layer model of normal behavior. Extensions to this approach multi-layer transfer function models use upper-layer Symbolic Transfer Functions and lower level non-linear Box- Jenkins (r,s,k) models. η X=f x Y=f y Z=f z α X=f x Y=f y Z=f z Local fit X=f x Y=f y Z=f z X=g x Y=g y Z=g z
10 Anomaly Detection (2) Derived models will be used to predict future behaviors and will provide confidence intervals on those behaviors. Similar to dynamic control chart Expected behavior will not lie outside predicting confidence regions Abnormal behaviors will lie outside of predicted regions and will cause alerts. This approach can be extended to multi-level transfer functions.
11 Anomaly Detection Proce Off-Line Learning Traffic/Symbolization Model Building Normality Learning
12 On-Line Learning Traffic/Symbolization Model Building Anomaly Detection Anomaly Detection Proce(2)
13 Research Differentiators Current models of network traffic (e.g., NetFlo) are not robust enough Our approach analyzes data at multiple levels of resolution and is robust to non-stationarity High false-positive rate Learned normal behaviors to avoid false positives Too much data and too many low-level alerts for human operators Distributed analysis helps eliminate operator s burden Current Manual Responses are not fast enough Distributed proceing improves speed Lag-time between new exploits and response Active response via plug-in framework
14 Key Capability at Conclusion Key step toward eiroadmap challenge Control system networks that will automatically provide contingency and remedial actions in response to attempted intrusions A distributed, intelligent, self-healing intrusion detection and prevention system capable of active response Unique statistical learning approach for anomaly detection Unique, distributed approach Attack detection and claification that considers temporal dynamics and non-stationary sum-of-behaviors approach. Active, near-real-time response and defense Operator Situational Awarene and Event Correlation
15 Oak Ridge National Laboratory: Meeting the challenges of the 21st century Official Use Only Louis Wilder Project Investigator Cyberspace Sciences & Information Intelligence Research (CSIIR) Phone: (865)
16 Anomaly Detection Statistical Architecture Preproceor Vector R n Symbol A Build Model of Normal Vector R n Symbol A Compare to Prediction from Model Yes, predicted or inbound No, more analysis
17 Current State of Intrusion Detection/Protection Systems (IDPS) IDPSs monitors network or system activities for malicious behavior and reacts in near real-time to prevent the unwanted behavior.. Host-based Heuristic analysis Network-based Rule-based (signatures) IDPS Limitations Cannot discover novel attacks Poor detection performance Cannot survive while under attack No correlation of Sophisticated attacks
18 Other Intrusion Detection System FEATURE EMERALD Prelude IDS D-WARD COSSACK CATS Host OR Network-Based Host Both Net Net Net Knowledge-based (KB) OR Anomaly Detection (AD) Both KD AD AD Both Autonomous OR Interdependent OR Cooperative Interdep. Interdep. Autonon. Coop. Coop.
19 ORNL Can Make Key Contributions FEATURE EMERALD Prelude IDS D-WARD COSSACK CATS ORNL Host/Network-based Host Both Net Net Net Both Knowledge-based (KB) Anomaly Detection (AD) Both KD AD AD Both Both Autonomous Interdependent Cooperative Interdep. Interdep. Autonon. Coop. Coop. Autonon. Coop. Novel improvements: Addre insider threat via host-based analysis Lower false positive via learned normal behavior Active, near-real-time response via distributed approach
20 Silent Storm Distributed System Silent Storm is a computational intelligence framework capable of self-healing, communication that can be extended by plug-ins and controlled by miion scripts. Its core architecture is designed to enable it to organically add capabilities through the use of code plug-ins. The miion-oriented nature of the framework allows it to be remotely controlled via communications bursts, rather than continuously streaming instructions. Establish Anomaly Detection SS => Silent Storm WS => Web Services CS => Collection Services C => Communications relay Proce Rules Silent Storm µdaemon Establish Secure Comm Operator Console Do Network Survey ws Proce Rules determines the selection, order, and timing for the surveys, executions, scans, and reports c cs Silent Storm Nodes Proce Rules Silent Storm µdaemon Proce rules with no operations
21 Anomaly Detection Proce On-Line Learning Traffic/Symbolization Model Building/Detection
Intelligent. Data Sheet
Cisco IPS Software Product Overview Cisco IPS Software is the industry s leading network-based intrusion prevention software. It provides intelligent, precise, and flexible protection for your business
More informationPROFESSIONAL SECURITY SYSTEMS
PROFESSIONAL SECURITY SYSTEMS Security policy, active protection against network attacks and management of IDP Introduction Intrusion Detection and Prevention (IDP ) is a new generation of network security
More informationAPPLICATION OF MULTI-AGENT SYSTEMS FOR NETWORK AND INFORMATION PROTECTION
18-19 September 2014, BULGARIA 137 Proceedings of the International Conference on Information Technologies (InfoTech-2014) 18-19 September 2014, Bulgaria APPLICATION OF MULTI-AGENT SYSTEMS FOR NETWORK
More informationSystem Specification. Author: CMU Team
System Specification Author: CMU Team Date: 09/23/2005 Table of Contents: 1. Introduction...2 1.1. Enhancement of vulnerability scanning tools reports 2 1.2. Intelligent monitoring of traffic to detect
More informationThe Cyber Threat Profiler
Whitepaper The Cyber Threat Profiler Good Intelligence is essential to efficient system protection INTRODUCTION As the world becomes more dependent on cyber connectivity, the volume of cyber attacks are
More informationNetwork Mission Assurance
Network Mission Assurance Michael F. Junod, Patrick A. Muckelbauer, PhD, Todd C. Hughes, PhD, Julius M. Etzl, and James E. Denny Lockheed Martin Advanced Technology Laboratories Camden, NJ 08102 {mjunod,pmuckelb,thughes,jetzl,jdenny}@atl.lmco.com
More informationChapter 9 Firewalls and Intrusion Prevention Systems
Chapter 9 Firewalls and Intrusion Prevention Systems connectivity is essential However it creates a threat Effective means of protecting LANs Inserted between the premises network and the to establish
More informationNetwork- vs. Host-based Intrusion Detection
Network- vs. Host-based Intrusion Detection A Guide to Intrusion Detection Technology 6600 Peachtree-Dunwoody Road 300 Embassy Row Atlanta, GA 30348 Tel: 678.443.6000 Toll-free: 800.776.2362 Fax: 678.443.6477
More informationSURVEY OF INTRUSION DETECTION SYSTEM
SURVEY OF INTRUSION DETECTION SYSTEM PRAJAPATI VAIBHAVI S. SHARMA DIPIKA V. ASST. PROF. ASST. PROF. MANISH INSTITUTE OF COMPUTER STUDIES MANISH INSTITUTE OF COMPUTER STUDIES VISNAGAR VISNAGAR GUJARAT GUJARAT
More informationIDS Categories. Sensor Types Host-based (HIDS) sensors collect data from hosts for
Intrusion Detection Intrusion Detection Security Intrusion: a security event, or a combination of multiple security events, that constitutes a security incident in which an intruder gains, or attempts
More informationCisco Remote Management Services for Security
Cisco Remote Management Services for Security Innovation: Many Take Advantage of It, Some Strive for It, Cisco Delivers It. Cisco Remote Management Services (RMS) for Security provide around the clock
More informationA Biologically Inspired Approach to Network Vulnerability Identification
A Biologically Inspired Approach to Network Vulnerability Identification Evolving CNO Strategies for CND Todd Hughes, Aron Rubin, Andrew Cortese,, Harris Zebrowitz Senior Member, Engineering Staff Advanced
More informationManaged Security Services for Data
A v a y a G l o b a l S e r v i c e s Managed Security Services for Data P r o a c t i v e l y M a n a g i n g Y o u r N e t w o r k S e c u r i t y 2 4 x 7 x 3 6 5 IP Telephony Contact Centers Unified
More informationThe SIEM Evaluator s Guide
Using SIEM for Compliance, Threat Management, & Incident Response Security information and event management (SIEM) tools are designed to collect, store, analyze, and report on log data for threat detection,
More informationEffective IDS/IPS Network Security in a Dynamic World with Next-Generation Intrusion Detection & Prevention
Effective IDS/IPS Network Security in a Dynamic World with Next-Generation Intrusion Detection & Prevention Your Security Challenges Defending the Dynamic Network! Dynamic threats 䕬 䕬 䕬 䕬 Many threats
More informationCS 356 Lecture 17 and 18 Intrusion Detection. Spring 2013
CS 356 Lecture 17 and 18 Intrusion Detection Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists
More informationRAVEN, Network Security and Health for the Enterprise
RAVEN, Network Security and Health for the Enterprise The Promia RAVEN is a hardened Security Information and Event Management (SIEM) solution further providing network health, and interactive visualizations
More informationNetwork-based Modeling of Assets and Malicious Actors
Network-based Modeling of Assets and Malicious Actors Christopher Kruegel Computer Security Group MURI Meeting Santa Barbara, August 23-24, 2010 Motivation Thrust I: Obtaining an up-to-date view of the
More informationThe Advanced Attack Challenge. Creating a Government Private Threat Intelligence Cloud
The Advanced Attack Challenge Creating a Government Private Threat Intelligence Cloud The Advanced Attack Challenge One of the most prominent and advanced threats to government networks is advanced delivery
More informationModule II. Internet Security. Chapter 7. Intrusion Detection. Web Security: Theory & Applications. School of Software, Sun Yat-sen University
Module II. Internet Security Chapter 7 Intrusion Detection Web Security: Theory & Applications School of Software, Sun Yat-sen University Outline 7.1 Threats to Computer System 7.2 Process of Intrusions
More informationWHITE PAPER PROCESS CONTROL NETWORK SECURITY: INTRUSION PREVENTION IN A CONTROL SYSTEMS ENVIRONMENT
WHITE PAPER PROCESS CONTROL NETWORK SECURITY: INTRUSION PREVENTION IN A CONTROL SYSTEMS ENVIRONMENT WHAT S INSIDE: 1. GENERAL INFORMATION 1 2. EXECUTIVE SUMMARY 1 3. BACKGROUND 2 4. QUESTIONS FOR CONSIDERATION
More informationAttack Detection using Cooperating Autonomous Detection Systems (CATS)
Attack Detection using Cooperating Autonomous Detection Systems (CATS) Falko Dressler, Gerhard Münz, Georg Carle University of Tübingen, Wilhelm-Schickard-Insitute of Computer Science, Computer Networks
More informationIntegration Misuse and Anomaly Detection Techniques on Distributed Sensors
Integration Misuse and Anomaly Detection Techniques on Distributed Sensors Shih-Yi Tu Chung-Huang Yang Kouichi Sakurai Graduate Institute of Information and Computer Education, National Kaohsiung Normal
More informationAANVAL SUCCESS STORIES
AANVAL SUCCESS STORIES Aanval is used globally in over 100 countries and in every major industry, including government and defense, education, and financial. With over 6,000 customers, we wanted to highlight
More informationSelf-organized Collaboration of Distributed IDS Sensors
Self-organized Collaboration of Distributed IDS Sensors KarelBartos 1 and Martin Rehak 1,2 and Michal Svoboda 2 1 Faculty of Electrical Engineering Czech Technical University in Prague 2 Cognitive Security,
More informationCA Host-Based Intrusion Prevention System r8.1
PRODUCT BRIEF: CA HOST-BASED INTRUSION PREVENTION SYSTEM CA Host-Based Intrusion Prevention System r8.1 CA HOST-BASED INTRUSION PREVENTION SYSTEM (CA HIPS) BLENDS ENDPOINT FIREWALL, INTRUSION DETECTION,
More informationThreat Center. Real-time multi-level threat detection, analysis, and automated remediation
Threat Center Real-time multi-level threat detection, analysis, and automated remediation Description Advanced targeted and persistent threats can easily evade standard security, software vulnerabilities
More informationA Review of Anomaly Detection Techniques in Network Intrusion Detection System
A Review of Anomaly Detection Techniques in Network Intrusion Detection System Dr.D.V.S.S.Subrahmanyam Professor, Dept. of CSE, Sreyas Institute of Engineering & Technology, Hyderabad, India ABSTRACT:In
More informationMachine-to-Machine Exchange of Cyber Threat Information: a Key to Mature Cyber Defense
Machine-to-Machine Exchange of Cyber Threat Information: a Key to Mature Cyber Defense By: Daniel Harkness, Chris Strasburg, and Scott Pinkerton The Challenge The Internet is an integral part of daily
More informationThe Challenge of a Comprehensive Network Protection. Introduction
Index Introduction...3 Corporate Network Security Management Challenge...5 Multi-layers and heterogeneous network...5 Roaming Clients...5 Control of unproductive and restricted applications...5 Securing
More informationIntrusion Detection Systems
Intrusion Detection Systems Assessment of the operation and usefulness of informatics tools for the detection of on-going computer attacks André Matos Luís Machado Work Topics 1. Definition 2. Characteristics
More informationHow To Manage Security On A Networked Computer System
Unified Security Reduce the Cost of Compliance Introduction In an effort to achieve a consistent and reliable security program, many organizations have adopted the standard as a key compliance strategy
More informationCritical Security Controls
Critical Security Controls Session 2: The Critical Controls v1.0 Chris Beal Chief Security Architect MCNC chris.beal@mcnc.org @mcncsecurity on Twitter The Critical Security Controls The Critical Security
More informationCyber Security. BDS PhantomWorks. Boeing Energy. Copyright 2011 Boeing. All rights reserved.
Cyber Security Automation of energy systems provides attack surfaces that previously did not exist Cyber attacks have matured from teenage hackers to organized crime to nation states Centralized control
More informationSANS Top 20 Critical Controls for Effective Cyber Defense
WHITEPAPER SANS Top 20 Critical Controls for Cyber Defense SANS Top 20 Critical Controls for Effective Cyber Defense JANUARY 2014 SANS Top 20 Critical Controls for Effective Cyber Defense Summary In a
More informationVulnerability Management
Vulnerability Management Buyer s Guide Buyer s Guide 01 Introduction 02 Key Components 03 Other Considerations About Rapid7 01 INTRODUCTION Exploiting weaknesses in browsers, operating systems and other
More informationEnd-user Security Analytics Strengthens Protection with ArcSight
Case Study for XY Bank End-user Security Analytics Strengthens Protection with ArcSight INTRODUCTION Detect and respond to advanced persistent threats (APT) in real-time with Nexthink End-user Security
More informationBio-Inspired Anomaly Detection
Bio-Inspired Anomaly Detection Cyber Security Division 2012 Principal Investigators Meeting 10/11/12 S. Raj Rajagopalan Scientist HP Labs/Honeywell Sraj.raj@gmail.com 908-305-1681 Bio-Inspired Anomaly
More informationSecurity Engineering Part III Network Security. Intruders, Malware, Firewalls, and IDSs
Security Engineering Part III Network Security Intruders, Malware, Firewalls, and IDSs Juan E. Tapiador jestevez@inf.uc3m.es Department of Computer Science, UC3M Security Engineering 4th year BSc in Computer
More informationCSCE 465 Computer & Network Security
CSCE 465 Computer & Network Security Instructor: Dr. Guofei Gu http://courses.cse.tamu.edu/guofei/csce465/ Intrusion Detection System 1 Intrusion Definitions A set of actions aimed to compromise the security
More informationState of Vermont. Intrusion Detection and Prevention Policy. Date: 11-02-10 Approved by: Tom Pelham Policy Number:
State of Vermont Intrusion Detection and Prevention Policy Date: 11-02-10 Approved by: Tom Pelham Policy Number: 1 Table of Contents 1.0 Introduction... 3 1.1 Authority... 3 1.2 Purpose... 3 1.3 Scope...
More informationIntrusion Detection. Tianen Liu. May 22, 2003. paper will look at different kinds of intrusion detection systems, different ways of
Intrusion Detection Tianen Liu May 22, 2003 I. Abstract Computers are vulnerable to many threats. Hackers and unauthorized users can compromise systems. Viruses, worms, and other kinds of harmful code
More informationConfiguring Personal Firewalls and Understanding IDS. Securing Networks Chapter 3 Part 2 of 4 CA M S Mehta, FCA
Configuring Personal Firewalls and Understanding IDS Securing Networks Chapter 3 Part 2 of 4 CA M S Mehta, FCA 1 Configuring Personal Firewalls and IDS Learning Objectives Task Statements 1.4 Analyze baseline
More informationCisco Cloud Web Security Key Functionality [NOTE: Place caption above figure.]
Cisco Cloud Web Security Cisco IT Methods Introduction Malicious scripts, or malware, are executable code added to webpages that execute when the user visits the site. Many of these seemingly harmless
More informationCautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work
Cautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work Security concerns and dangers come both from internal means as well as external. In order to enhance your security posture
More informationOn-Premises DDoS Mitigation for the Enterprise
On-Premises DDoS Mitigation for the Enterprise FIRST LINE OF DEFENSE Pocket Guide The Challenge There is no doubt that cyber-attacks are growing in complexity and sophistication. As a result, a need has
More informationThe first agentless Security, Virtual Firewall, Anti- Malware and Compliance Solution built for Windows Server 2012 Hyper-V
The first agentless Security, Virtual Firewall, Anti- Malware and Compliance Solution built for Windows Server 2012 Hyper-V #1 Hyper-V Security The first agentless Security, Virtual Firewall, Anti-Malware
More informationAdvanced Threat Protection with Dell SecureWorks Security Services
Advanced Threat Protection with Dell SecureWorks Security Services Table of Contents Summary... 2 What are Advanced Threats?... 3 How do advanced threat actors operate?... 3 Addressing the Threat... 5
More informationCisco IPS 4200 Series Sensors
Cisco IPS 4200 Series Sensors In today s busy network environments, business continuity relies on effective network intrusion prevention to stop malicious attacks, worms, and application abuse before they
More informationObtaining Enterprise Cybersituational
SESSION ID: SPO-R06A Obtaining Enterprise Cybersituational Awareness Eric J. Eifert Sr. Vice President Managed Security Services DarkMatter Agenda My Background Key components of the Cyber Situational
More informationTaxonomy of Intrusion Detection System
Taxonomy of Intrusion Detection System Monika Sharma, Sumit Sharma Abstract During the past years, security of computer networks has become main stream in most of everyone's lives. Nowadays as the use
More informationMcAfee Intrusion Prevention System
McAfee Protection-in-Depth Strategy Internal Use Only IntruShield 1200 and 1400 Appliances Pioneering and Industry-Leading, Next-Generation s Features and Details What Is Intrusion Prevention? Intrusion
More informationWHITE PAPER AUTOMATED, REAL-TIME RISK ANALYSIS AND REMEDIATION
WHITE PAPER AUTOMATED, REAL-TIME RISK ANALYSIS AND REMEDIATION Table of Contents Executive Summary...3 Vulnerability Scanners Alone Are Not Enough...3 Real-Time Change Configuration Notification is the
More informationApplying machine learning techniques to achieve resilient, accurate, high-speed malware detection
White Paper: Applying machine learning techniques to achieve resilient, accurate, high-speed malware detection Prepared by: Northrop Grumman Corporation Information Systems Sector Cyber Solutions Division
More informationPerformance Evaluation of Intrusion Detection Systems
Performance Evaluation of Intrusion Detection Systems Waleed Farag & Sanwar Ali Department of Computer Science at Indiana University of Pennsylvania ABIT 2006 Outline Introduction: Intrusion Detection
More informationComprehensive Malware Detection with SecurityCenter Continuous View and Nessus. February 3, 2015 (Revision 4)
Comprehensive Malware Detection with SecurityCenter Continuous View and Nessus February 3, 2015 (Revision 4) Table of Contents Overview... 3 Malware, Botnet Detection, and Anti-Virus Auditing... 3 Malware
More informationFighting Advanced Threats
Fighting Advanced Threats With FortiOS 5 Introduction In recent years, cybercriminals have repeatedly demonstrated the ability to circumvent network security and cause significant damages to enterprises.
More informationCisco Advanced Malware Protection
Solution Overview Cisco Advanced Malware Protection Breach Prevention, Detection, Response, and Remediation for the Real World BENEFITS Gain unmatched global threat intelligence to strengthen front-line
More informationOutline Intrusion Detection CS 239 Security for Networks and System Software June 3, 2002
Outline Intrusion Detection CS 239 Security for Networks and System Software June 3, 2002 Introduction Characteristics of intrusion detection systems Some sample intrusion detection systems Page 1 Page
More informationHigh End Information Security Services
High End Information Security Services Welcome Trion Logics Security Solutions was established after understanding the market's need for a high end - End to end security integration and consulting company.
More informationCA Anti-Virus r8.1. Benefits. Overview. CA Advantage
PRODUCT BRIEF: CA ANTI-VIRUS CA Anti-Virus r8.1 CA ANTI-VIRUS IS THE NEXT GENERATION IN COMPREHENSIVE ANTI-VIRUS SECURITY FOR BUSINESS PCS, SERVERS AND PDAS. IT COMBINES PROACTIVE PROTECTION AGAINST MALWARE
More informationIntrusion Detection System in Campus Network: SNORT the most powerful Open Source Network Security Tool
Intrusion Detection System in Campus Network: SNORT the most powerful Open Source Network Security Tool Mukta Garg Assistant Professor, Advanced Educational Institutions, Palwal Abstract Today s society
More informationLOG AND EVENT MANAGEMENT FOR SECURITY AND COMPLIANCE
PRODUCT BRIEF LOG AND EVENT MANAGEMENT FOR SECURITY AND COMPLIANCE The Tripwire VIA platform delivers system state intelligence, a continuous approach to security that provides leading indicators of breach
More informationCHAPTER 1 INTRODUCTION
21 CHAPTER 1 INTRODUCTION 1.1 PREAMBLE Wireless ad-hoc network is an autonomous system of wireless nodes connected by wireless links. Wireless ad-hoc network provides a communication over the shared wireless
More informationLumeta IPsonar. Active Network Discovery, Mapping and Leak Detection for Large Distributed, Highly Complex & Sensitive Enterprise Networks
IPsonar provides visibility into every IP asset, host, node, and connection on the network, performing an active probe and mapping everything that's on the network, resulting in a comprehensive view of
More informationRule 4-004M Payment Card Industry (PCI) Monitoring, Logging and Audit (proposed)
Version: Modified By: Date: Approved By: Date: 1.0 Michael Hawkins October 29, 2013 Dan Bowden November 2013 Rule 4-004M Payment Card Industry (PCI) Monitoring, Logging and Audit (proposed) 01.1 Purpose
More informationApplying Internal Traffic Models to Improve Identification of High Fidelity Cyber Security Events
Applying Internal Traffic Models to Improve Identification of High Fidelity Cyber Security Events Abstract Effective Security Operations throughout both DoD and industry are requiring and consuming unprecedented
More informationPROJECT BOEING SGS. Interim Technology Performance Report 3. Company Name: The Boeing Company. Contract ID: DE-OE0000191
Interim Techlogy Performance Report 3 PROJECT BOEING SGS Contract ID: DE-OE0000191 Project Type: Revision: V1 Company Name: The Boeing Company November 19, 2013 1 Interim Techlogy Performance Report 3
More informationOnline Network Traffic Security Inspection Using MMT Tool
Online Network Traffic Security Inspection Using MMT Tool Wissam Mallouli, Bachar Wehbi, Edgardo Montes de Oca Michel Bourdellès, Denis Rocher and Arnaud Baloche Montimage EURL, 39 rue Bobillot, 75013
More informationEffective Threat Management. Building a complete lifecycle to manage enterprise threats.
Effective Threat Management Building a complete lifecycle to manage enterprise threats. Threat Management Lifecycle Assimilation of Operational Security Disciplines into an Interdependent System of Proactive
More informationNew possibilities in latest OfficeScan and OfficeScan plug-in architecture
New possibilities in latest OfficeScan and OfficeScan plug-in architecture Märt Erik AS Stallion Agenda New in OfficeScan 10.5 OfficeScan plug-ins» More Active Directory support» New automated client grouping
More informationWhat a Vulnerability Assessment Scanner Can t Tell You. Leveraging Network Context to Prioritize Remediation Efforts and Identify Options
White paper What a Vulnerability Assessment Scanner Can t Tell You Leveraging Network Context to Prioritize Remediation Efforts and Identify Options november 2011 WHITE PAPER RedSeal Networks, Inc. 3965
More informationSuricata IDS. What is it and how to enable it
Complete. Simple. Affordable Copyright 2014 AlienVault. All rights reserved. AlienVault, AlienVault Unified Security Management, AlienVault USM, AlienVault Open Threat Exchange, AlienVault OTX, Open Threat
More informationTHE BLIND SPOT IN THREAT INTELLIGENCE THE BLIND SPOT IN THREAT INTELLIGENCE
THE BLIND SPOT IN THREAT INTELLIGENCE THE BLIND SPOT IN THREAT INTELLIGENCE How application threat intelligence can make existing enterprise security infrastructures smarter THE BLIND SPOT IN THREAT INTELLIGENCE
More informationLarry Wilson Version 1.0 November, 2013. University Cyber-security Program Critical Asset Mapping
Larry Wilson Version 1.0 November, 2013 University Cyber-security Program Critical Asset Mapping Part 3 - Cyber-Security Controls Mapping Cyber-security Controls mapped to Critical Asset Groups CSC Control
More informationLOG MANAGEMENT AND SIEM FOR SECURITY AND COMPLIANCE
PRODUCT BRIEF LOG MANAGEMENT AND SIEM FOR SECURITY AND COMPLIANCE As part of the Tripwire VIA platform, Tripwire Log Center offers out-of-the-box integration with Tripwire Enterprise to offer visibility
More informationAn Alternative Model Of Virtualization Based Intrusion Detection System In Cloud Computing
An Alternative Model Of Virtualization Based Intrusion Detection System In Cloud Computing Partha Ghosh, Ria Ghosh, Ruma Dutta Abstract: The massive jumps in technology led to the expansion of Cloud Computing
More informationExtreme Networks Security Analytics G2 Risk Manager
DATA SHEET Extreme Networks Security Analytics G2 Risk Manager Proactively manage vulnerabilities and network device configuration to reduce risk, improve compliance HIGHLIGHTS Visualize current and potential
More informationNetwork Immunity Solution. Technical White paper. ProCurve Networking
ProCurve Networking Network Immunity Solution Technical White paper Introduction... 2 Current Security Threats... 2 Solutions for Internal Threat Protection... 2 Network Immunity Solution: What It Is and
More informationIBM Internet Security Systems products and services
Delivering preemptive security products and services IBM Internet Security Systems products and services Highlights Helps protect critical assets and reduce costs by preempting online threats Helps secure
More informationIntroduction... Error! Bookmark not defined. Intrusion detection & prevention principles... Error! Bookmark not defined.
Contents Introduction... Error! Bookmark not defined. Intrusion detection & prevention principles... Error! Bookmark not defined. Technical OverView... Error! Bookmark not defined. Network Intrusion Detection
More information24/7 Visibility into Advanced Malware on Networks and Endpoints
WHITEPAPER DATA SHEET 24/7 Visibility into Advanced Malware on Networks and Endpoints Leveraging threat intelligence to detect malware and exploitable vulnerabilities Oct. 24, 2014 Table of Contents Introduction
More informationSession 9: Changing Paradigms and Challenges Tools for Space Systems Cyber Situational Awareness
Session 9: Changing Paradigms and Challenges Tools for Space Systems Cyber Situational Awareness Wayne A. Wheeler The Aerospace Corporation GSAW 2015, Los Angeles, CA, March 2015 Agenda Emerging cyber
More informationArchitecture Overview
Architecture Overview Design Fundamentals The networks discussed in this paper have some common design fundamentals, including segmentation into modules, which enables network traffic to be isolated and
More informationVisualization, Modeling and Predictive Analysis of Internet Attacks. Thermopylae Sciences + Technology, LLC
Visualization, Modeling and Predictive Analysis of Internet Attacks Thermopylae Sciences + Technology, LLC Administrative POC: Ms. Jeannine Feasel, jfeasel@t-sciences.com Technical POC: George Romas, gromas@t-sciences.com
More informationQ1 Labs Corporate Overview
Q1 Labs Corporate Overview The Security Intelligence Leader Who we are: Innovative Security Intelligence software company One of the largest and most successful SIEM vendors Leader in Gartner 2011, 2010,
More informationCS 356 Lecture 19 and 20 Firewalls and Intrusion Prevention. Spring 2013
CS 356 Lecture 19 and 20 Firewalls and Intrusion Prevention Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access
More informationSP Monitor. nfx One gives MSPs the agility and power they need to confidently grow their security services business. NFX FOR MSP SOLUTION BRIEF
NFX FOR MSP SOLUTION BRIEF SP Monitor Jump Start Security-as-a-Service Designed to give you everything you need to get started immediately providing security-as-a service, SP Monitor is a real-time event
More informationProtecting the Extended Enterprise Network Security Strategies and Solutions from ProCurve Networking
ProCurve Networking by HP Protecting the Extended Enterprise Network Security Strategies and Solutions from ProCurve Networking Introduction... 2 Today s Network Security Landscape... 2 Accessibility...
More informationHow To Manage Sourcefire From A Command Console
Sourcefire TM Sourcefire Capabilities Store up to 100,000,000 security & host events, including packet data Centralized policy & sensor management Centralized audit logging of configuration & security
More informationInternational Journal of Computer Science Trends and Technology (IJCST) Volume 3 Issue 3, May-June 2015
RESEARCH ARTICLE OPEN ACCESS Data Mining Technology for Efficient Network Security Management Ankit Naik [1], S.W. Ahmad [2] Student [1], Assistant Professor [2] Department of Computer Science and Engineering
More informationInternational Journal of Enterprise Computing and Business Systems ISSN (Online) : 2230-8849
WINDOWS-BASED APPLICATION AWARE NETWORK INTERCEPTOR Ms. Shalvi Dave [1], Mr. Jimit Mahadevia [2], Prof. Bhushan Trivedi [3] [1] Asst.Prof., MCA Department, IITE, Ahmedabad, INDIA [2] Chief Architect, Elitecore
More informationRadware s Behavioral Server Cracking Protection
Radware s Behavioral Server Cracking Protection A DefensePro Whitepaper By Renaud Bidou Senior Security Specialist,Radware October 2007 www.radware.com Page - 2 - Table of Contents Abstract...3 Information
More informationINSERT COMPANY LOGO HERE
INSERT COMPANY LOGO HERE 2014 Frost & Sullivan 1 We Accelerate Growth Technology Innovation Leadership Award Network Security Global, 2014 Frost & Sullivan s Global Research Platform Frost & Sullivan is
More informationOvation Security Center Data Sheet
Features Scans for vulnerabilities Discovers assets Deploys security patches easily Allows only white-listed applications in workstations to run Provides virus protection for Ovation Windows stations Aggregates,
More informationCyberArk Privileged Threat Analytics. Solution Brief
CyberArk Privileged Threat Analytics Solution Brief Table of Contents The New Security Battleground: Inside Your Network...3 Privileged Account Security...3 CyberArk Privileged Threat Analytics : Detect
More informationCisco RSA Announcement Update
Cisco RSA Announcement Update May 7, 2009 Presented by: WWT and Cisco Agenda Cisco RSA Conference Announcements Collaborate with Confidence Overview Cisco s Security Technology Differentiation Review of
More informationWhat is Security Intelligence?
2 What is Security Intelligence? Security Intelligence --noun 1. the real-time collection, normalization, and analytics of the data generated by users, applications and infrastructure that impacts the
More informationPredictive Cyber Defense A Strategic Thought Paper
Predictive Cyber Defense A Strategic Thought Paper Don Adams Vice President, Chief Technology Officer, Worldwide Government TIBCO Software Federal, Inc 2 Summary The art and science of multi-sensor data
More information