Monitoring Database Management System (DBMS) Activity for Detecting Data Exfiltration by Insiders

Similar documents
Panel on Emerging Cyber Security Technologies. Robert F. Brammer, Ph.D., VP and CTO. Northrop Grumman Information Systems.

Courtesy Voicu Popescu

Courtesy Voicu Popescu

Northrop Grumman Cybersecurity Research Consortium

Graduate School Rankings By U.S. News & World Report: ACCOUNTING PROGRAMS

Graduate School Rankings By U.S. News & World Report: MARKETING PROGRAMS

The Cyber Threat Profiler

Data- centric Security: A New Information Security Perimeter Date: March 2015 Author: Jon Oltsik, Senior Principal Analyst

Challenges in Database Security. Elisa Bertino CERIAS Purdue University

IBM: An Early Leader across the Big Data Security Analytics Continuum Date: June 2013 Author: Jon Oltsik, Senior Principal Analyst

Discover Viterbi: Cyber Security Engineering & Informatics Programs

CYBER4SIGHT TM THREAT INTELLIGENCE SERVICES ANTICIPATORY AND ACTIONABLE INTELLIGENCE TO FIGHT ADVANCED CYBER THREATS

Graduate School Rankings By U.S. News & World Report: PSYCHOLOGY (RESEARCH) - Ph.D.

Cyber4sight TM Threat. Anticipatory and Actionable Intelligence to Fight Advanced Cyber Threats

Cloud Cyber Incident Sharing Center (CISC) Jim Reavis CEO, Cloud Security Alliance

Model-Driven Software Produces Truly Agile Solutions

Homeland Security Education: The Current State. The Naval Postgraduate School, Center for Homeland Defense and Security

Big Data-ready, Secure & Sovereign Cloud

Cybersecurity Information Sharing Legislation Protecting Cyber Networks Act (PCNA) National Cybersecurity Protection Advancement (NCPA) Act

Spark use case at Telefonica CBS

Cybersecurity Strategic Talent Management. March, 2012

White Paper: Datameer s User-Focused Big Data Solutions

Problem Solving Hands-on Labware for Teaching Big Data Cybersecurity Analysis

Hunting for the Undefined Threat: Advanced Analytics & Visualization

BIG DATA IN THE CLOUD : CHALLENGES AND OPPORTUNITIES MARY- JANE SULE & PROF. MAOZHEN LI BRUNEL UNIVERSITY, LONDON

THE BLIND SPOT IN THREAT INTELLIGENCE THE BLIND SPOT IN THREAT INTELLIGENCE

Session 9: Changing Paradigms and Challenges Tools for Space Systems Cyber Situational Awareness

THE EVOLUTION OF SIEM

THE OPEN UNIVERSITY OF TANZANIA FACULTY OF SCIENCE TECHNOLOGY AND ENVIRONMENTAL STUDIES BACHELOR OF SIENCE IN DATA MANAGEMENT

Find the intruders using correlation and context Ofer Shezaf

Sunnie Chung. Cleveland State University

Northrop Grumman White Paper

WWW:

the challenge our mission our advisors

The True Story of Data-At-Rest Encryption & the Cloud

Frequently Asked Questions

National Initiative for Cybersecurity Education

Cell All Demonstration

Fast Facts About The Cyber Security Job Market

Enterprise Learning. threat to mobile devices, networks, and services employees in cybersecurity, mobility, big data

Department of Homeland Security

Integrating a Big Data Platform into Government:

Curriculum Vitae. 1 Person Dr. Horst O. Bunke, Prof. Em. Date of birth July 30, 1949 Place of birth Langenzenn, Germany Citizenship Swiss and German

NCCIC CYBER INCIDENT SCORING SYSTEM OVERVIEW

Embedded inside the database. No need for Hadoop or customcode. True real-time analytics done per transaction and in aggregate. On-the-fly linking IP

Splunk Cloud as a SIEM for Cybersecurity CollaboraFon

An Effective Approach for Detecting and Preventing Sqlinjection Attacks

Discover Viterbi: New Programs in Computer Science

Graduate School Rankings By U.S. News & World Report: ELECTRICAL/ELECTRONIC ENGINEERING

Graduate School Rankings By U.S. News & World Report: MECHANICAL ENGINEERING

Freshmen Acceptance Rate AAU Public Universities

Indiana University South Bend

CYBERSECURITY CERTIFICATION PROGRAMS

How To Manage Security On A Networked Computer System

Dr. Dave Dampier Professor of Computer Science and Engineering

Cloud3DView: Gamifying Data Center Management

STREAM Cyber Security

THE 2014 THREAT DETECTION CHECKLIST. Six ways to tell a criminal from a customer.

Testimony of Eunice Santos. House Oversight and Government Affairs Committee Subcommittee on Information Technology

Facilitated Self-Evaluation v1.0

Chapter 5 Business Intelligence: Data Warehousing, Data Acquisition, Data Mining, Business Analytics, and Visualization

End- to- End Monitoring Unified Performance Dashboard (UPD)

Speaker: Prof. Mubarak Shah, University of Central Florida. Title: Representing Human Actions as Motion Patterns

Discover Viterbi: Computer Science

Methodology for Detecting Advanced Persistent Threats in Oracle Databases

Manned Information Security

CPET 581 Cloud Computing: Technologies and Enterprise IT Strategies

INSIDE A CYBER SECURITY OPERATIONS CENTRE

Best Practices for Developing Geographic Information Models

SANS Top 20 Critical Controls for Effective Cyber Defense

A SURVEY ON GENETIC ALGORITHM FOR INTRUSION DETECTION SYSTEM

CyberSecurity: Trends, Careers, & the Next Generation

OUTLINE FOR AN INTERDISCPLINARY CERTIFICATE PROGRAM

Digital Identity Management

National Higher Education & Workforce Initiative Regional Economic Growth Through High skill, High demand Workforce Development

Special Issue on Advances of Utility and Cloud Computing Technologies and Services

AUTHORIZED FEDERAL SUPPLY SERVICE SCHEDULE PRICE LIST FOR MISSION ORIENTED BUSINESS INTEGRATED SERVICES (MOBIS) SCHEDULE.

The Technical Management (TM) and Systems. Engineering Programs. Samuel J. Seymour and Alexander Kossiakoff INTRODUCTION PARTNERSHIPS

Transcription:

CYBER SECURITY DIVISION 2013 PRINCIPAL INVESTIGATORS Monitoring Database Management System (DBMS) Activity for Detecting Data Exfiltration by Insiders Northrop Grumman Information Systems Donald Steiner, PhD 17 September 2013

Team Profile Northrop Grumman: (Virginia) 68,000 employees, 50 States Information Systems Sector Cyber Solutions Division Civil Systems Business Unit Focus on Cyber Security, Emergency Management Treasury/IRS, Dept. of State, Dept. of Homeland Security, Dept. of Justice, Health & Human Services, Texas, UK, New York City, London, Los Angeles, Dr. Donald Steiner, Principal Technologist and Technical Fellow PhD Mathematics, Iowa State University Data Management & Analytics, Cybersecurity, Cloud Computing Manager Northrop Grumman Cybersecurity Research Consortium 20 years applied research & development in Artificial Intelligence, Multi-Agent Systems Purdue University: (Indiana) 3,000 staff, 39,000 Students Center for Education and Research in Information Assurance and Security (CERIAS): 81 faculty led by Dr. Eugene Spafford Prof. Elisa Bertino, Director of Research at CERIAS Fellow of the IEEE and Fellow of ACM Distinguished awards for contributions to database systems, database security, advanced data management systems, and secure distributed systems. Relevant publications Bilal Shebaro, Asmaa Sallam, Ashish Kamra, Elisa Bertino: PostgreSQL anomalous query detector. EDBT 2013: 741-744 Elisa Bertino: Data Protection from Insider Threats. Synthesis Lectures on Data Management, Morgan & Claypool Publishers 2012 9/17/2013 CYBER SECURITY DIVISION 2013 PRINCIPAL INVESTIGATORS MEETING 1

Customer Need DBMS =? Database Management System OR Detect Behavior by Manning and Snowden Data Exfiltration = Unauthorized removal of data from the enterprise Lots of ways this can happen (humans and software) Goal: Detect and alert on data exfiltration attempts as early as possible Before the horse leaves the barn 9/17/2013 CYBER SECURITY DIVISION 2013 PRINCIPAL INVESTIGATORS MEETING 2

Approach Monitor user interaction with database systems for anomalous behavior Most data on databases, file systems, etc. Equally applicable to other data storage systems (Hadoop, ) and applications accessing such systems Not local applications (Excel, Access, ) Project Flow (over 3 years) Core research at Purdue University Proof of Concepts Transition at Northrop Grumman Prototypes, Evaluation Evaluation & Testing through Red-Team/Blue-Team Operational Pilot at TBD 9/17/2013 CYBER SECURITY DIVISION 2013 PRINCIPAL INVESTIGATORS MEETING 3

Benefits Detection and alerting in real-time Immediate intervention if necessary Low-cost integration with existing infrastructure 9/17/2013 CYBER SECURITY DIVISION 2013 PRINCIPAL INVESTIGATORS MEETING 4

Competition (optional) Improvement to: Existing database monitoring systems User monitoring systems Network monitoring systems Computer monitoring systems 9/17/2013 CYBER SECURITY DIVISION 2013 PRINCIPAL INVESTIGATORS MEETING 5

Current Status Just started (5 business days ago) Getting project up and running 9/17/2013 CYBER SECURITY DIVISION 2013 PRINCIPAL INVESTIGATORS MEETING 6

Next Steps Requirements Conceptual / Research Development / Deployment Testing Research Assumption: Exfiltration causes an anomalous state that can be distinguished from the legitimate actions executed in a DBMS system. Identify the events that represent signs of cyber-insider actions: How do we define and identify user queries that are anomalous? Which data sources does an insider target? What information should be collected to detect such actions? Build accurate DBMS access profiles Use Role Based Access Control (RBAC) model Detect Anomalous User Behavior Detect Anomalous Events Build repository of relevant DBMS log & SQL events Analyze the events and detect anomalous events that raise alarm flags 9/17/2013 CYBER SECURITY DIVISION 2013 PRINCIPAL INVESTIGATORS MEETING 7

Contact Information Donald Steiner, PhD Principal Technologist and Technical Fellow Northrop Grumman Information Systems 7575 Colshire Dr., McLean, VA 22102 donald.steiner@ngc.com ; (703)556-2115 Professor Elisa Bertino Purdue University 305 N. University Street, West Lafayette, IN 47907 bertino@cs.purdue.edu ; (765)496-2399 9/17/2013 CYBER SECURITY DIVISION 2013 PRINCIPAL INVESTIGATORS MEETING 8

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information