Predictive Cyber Defense A Strategic Thought Paper



Similar documents
TIBCO Cyber Security Platform. Atif Chaughtai

Cybersecurity Delivering Confidence in the Cyber Domain

Breaking the Cyber Attack Lifecycle

Log Management Solution for IT Big Data

TIBCO Live Datamart: Push-Based Real-Time Analytics

Symantec Cyber Threat Analysis Program Program Overview. Symantec Cyber Threat Analysis Program Team

Session 9: Changing Paradigms and Challenges Tools for Space Systems Cyber Situational Awareness

Predictive Customer Interaction Management

Advanced Threat Protection with Dell SecureWorks Security Services

Statement for the Record. Martin Casado, Senior Vice President. Networking and Security Business Unit. VMware, Inc. Before the

TIBCO AT-A-GLANCE COMPANY OVERVIEW: CORPORATE EXECUTIVES: CUSTOMERS VERTICALLY DIVERSIFIED: CUSTOMERS GLOBALLY DIVERSIFIED: AREAS OF MARKET FOCUS:

The Advanced Attack Challenge. Creating a Government Private Threat Intelligence Cloud

Enterprise Security Platform for Government

Streaming Analytics and the Internet of Things: Transportation and Logistics

Symantec Global Intelligence Network 2.0 Architecture: Staying Ahead of the Evolving Threat Landscape

CYBER4SIGHT TM THREAT INTELLIGENCE SERVICES ANTICIPATORY AND ACTIONABLE INTELLIGENCE TO FIGHT ADVANCED CYBER THREATS

Defending Against Cyber Attacks with SessionLevel Network Security

Perspectives on Cybersecurity in Healthcare June 2015

whitepaper Ten Essential Steps for Achieving Continuous Compliance: A Complete Strategy for Compliance

End-to-end Processing with TIBCO Managed File Transfer (MFT) Improving Performance and Security during Internet File Transfer

TIBCO Managed File Transfer Suite

SYMANTEC MANAGED SECURITY SERVICES. Superior information security delivered with exceptional value.

Cisco Security Intelligence Operations

TIBCO StreamBase High Availability Deploy Mission-Critical TIBCO StreamBase Applications in a Fault Tolerant Configuration

Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst

Security Threat Kill Chain What log data would you need to identify an APT and perform forensic analysis?

How To Manage Log Management

Cisco Advanced Malware Protection

EMERGING THREATS & STRATEGIES FOR DEFENSE. Stephen Coty Chief Security

Cybersecurity on a Global Scale

Applying machine learning techniques to achieve resilient, accurate, high-speed malware detection

case study Core Security Technologies Summary Introductory Overview ORGANIZATION: PROJECT NAME:

WHITEPAPER. How a DNS Firewall Helps in the Battle against Advanced Persistent Threat and Similar Malware

ALERT LOGIC FOR HIPAA COMPLIANCE

ASSUMING A STATE OF COMPROMISE: EFFECTIVE DETECTION OF SECURITY BREACHES

DETECT AND RESPOND TO THREATS FROM THE DATA CENTER TO THE CLOUD

Cyber Watch. Written by Peter Buxbaum

Predictive Customer Interaction Management for Insurance Companies

Threat Intelligence Pty Ltd Specialist Security Training Catalogue

DEFENSE THROUGHOUT THE VULNERABILITY LIFE CYCLE WITH ALERT LOGIC THREAT AND LOG MANAGER

Cyber4sight TM Threat. Anticipatory and Actionable Intelligence to Fight Advanced Cyber Threats

Cyber Security. BDS PhantomWorks. Boeing Energy. Copyright 2011 Boeing. All rights reserved.

WAN security threat landscape and best mitigation practices. Rex Stover Vice President, Americas, Enterprise & ICP Sales

Cyber and Operational Solutions for a Connected Industrial Era

Carbon Black and Palo Alto Networks

Partner Collaboration Blueprint for ICD-10 Transition

PALANTIR CYBER An End-to-End Cyber Intelligence Platform for Analysis & Knowledge Management

defending against advanced persistent threats: strategies for a new era of attacks agility made possible

Extreme Networks Security Analytics G2 Vulnerability Manager

Introduction to TIBCO MDM

RETHINKING CYBER SECURITY

Enterprise Cybersecurity: Building an Effective Defense

SELECTING THE RIGHT HOST INTRUSION PREVENTION SYSTEM:

Covert Operations: Kill Chain Actions using Security Analytics

GETTING REAL ABOUT SECURITY MANAGEMENT AND "BIG DATA"

Middle Class Economics: Cybersecurity Updated August 7, 2015

Cyber Situational Awareness for Enterprise Security

I D C A N A L Y S T C O N N E C T I O N

The SIEM Evaluator s Guide

Introducing IBM s Advanced Threat Protection Platform

CyberArk Privileged Threat Analytics. Solution Brief

SITUATIONAL AWARENESS MITIGATE CYBERTHREATS

Extending the Benefits of SOA beyond the Enterprise

SECURITY REIMAGINED SPEAR PHISHING ATTACKS WHY THEY ARE SUCCESSFUL AND HOW TO STOP THEM. Why Automated Analysis Tools are not Created Equal

Integration Maturity Model Capability #5: Infrastructure and Operations

IBM Security QRadar Vulnerability Manager

WHITE PAPER. Attack the Attacker HOW A MANAGED SECURITY SERVICE IMPROVES EFFICIENCY AND SAVES COST

Overcoming Five Critical Cybersecurity Gaps

Service-Oriented Integration: Managed File Transfer within an SOA (Service- Oriented Architecture)

IBM Security re-defines enterprise endpoint protection against advanced malware

Visualization, Modeling and Predictive Analysis of Internet Attacks. Thermopylae Sciences + Technology, LLC

integrating cutting-edge security technologies the case for SIEM & PAM

The Case for Business Process Management

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL

IMPLEMENTING A SECURITY ANALYTICS ARCHITECTURE

Preempting Business Risk with RSA SIEM and CORE Security Predictive Security Intelligence Solutions

Manned Information Security

Reliable, Repeatable, Measurable, Affordable

Teradata and Protegrity High-Value Protection for High-Value Data

Whitepaper. Advanced Threat Hunting with Carbon Black

DoD Strategy for Defending Networks, Systems, and Data

Intrusion Detection and Cyber Security Monitoring of SCADA and DCS Networks

Symantec Protection Suite Small Business Edition A simple, effective and affordable solution designed for small businesses

ORGANIZADOR: APOIANTE PRINCIPAL:

Spear Phishing Attacks Why They are Successful and How to Stop Them

Predictive Straight- Through Processing

Machine-to-Machine Exchange of Cyber Threat Information: a Key to Mature Cyber Defense

Microsoft s cybersecurity commitment

Banking Security using Honeypot

Transcription:

Predictive Cyber Defense A Strategic Thought Paper Don Adams Vice President, Chief Technology Officer, Worldwide Government TIBCO Software Federal, Inc

2 Summary The art and science of multi-sensor data fusion has emerged as the underlying foundation for Predictive Business, including applications in telecommunications, finance, transportation, defense intelligence, and law enforcement All of these have common threads requiring complex inference processing solutions and require the management of real-time events from distributed sensors, agents and other processing components, including historical data-at-rest repositories Distributed coordination-based architectures such as TIBCO Enterprise Message Service or TIBCO Rendezvous and large-scale distributed memory systems like TIBCO ActiveSpaces provide the underlying communications infrastructure that enables complex event and high performance rule-based processing services In this paper, we discuss Predictive Business in the context of a pressing need to remove a perpetrator s decision loop in a predictive cyber defense environment, with a focus on the distributed processing architecture The focus: how complex event processing solutions like TIBCO BusinessEvents can be applied to developing new cyber defense strategies KEYWORDS: COMPLEX PROCESSING, -DRIVEN ARCHITECTURE, STREAM PROCESSING, JDL DATA FUSION MODEL, MULTISENSOR DATA FUSION, PREDICTIVE BUSINESS, RULES-ENGINE, RULES-BASED SYSTEM, PREDICTIVE CYBER DEFENSE

3 Getting Ahead of Cyber Warfare The sharp rise in cyber warfare threats on military infrastructures, government communications systems, and financial markets has amplified the need for a new generation of cyber defense weapons As new attack methods become more sophisticated and persistent, traditional detection and remediation efforts not only put the security of critical assets in danger, they also threaten the security of critical infrastructures including the power grid, oil and gas distribution, and transportation models Rigid and inflexible, classic-defense solutions such as firewalls, intrusion detection and preventative decoys (aka honeypots) can easily be identified, thwarted, and bypassed In order for defense, homeland security, and critical infrastructure protection organizations to effectively defend systems and infrastructures from cyber attacks, they must stay ahead of cyber warfare techniques This paper addresses how event-driven infrastructures and complex event processing (CEP) solutions enable this capability by allowing highly intelligent, flexible monitoring and response systems to proactively detect when security is being breached and in automated fashion, defend critical infrastructures before damages have occurred It also discusses how Predictive Business can minimize infrastructure risk through turning historical data into actionable knowledge Predictive Cyber Defense In his latest book, founder and CEO of TIBCO Software Inc Vivek Ranadivé discussed how the fusion of historical knowledge with real-time information can ignite Predictive Business This powerful combination one that lives at the heart of TIBCO s event-driven technologies enables organizations to take action the moment an event occurs No matter the business domain, the right information reaches the right place just a little ahead of when it s needed to seize opportunities before they vanish and avoid disruptions before they occur

4 In the world of governmental affairs, Predictive Business has very much been part of the evolution in cyber defense strategies The detection theory of the Joint Directors of Laboratories (JDL) data fusion model, for example, has been deployed utilizing complex event processing for autonomous monitoring and alarming, as well as a passive command and control platform for cyber defense Demonstrated to be directly applicable to detection theory where patterns and signatures are discovered by abductive and inductive reasoning processing (eg data mining) is fused with real-time events, the JDL model has survived the test of time as the dominant fusion model for decades Vivek Ranadivé indirectly refers to this model when he discusses how real-time operational visibility, in context with knowledge from historical data, is the foundation for predictive business The JDL model shares similar structural components to TIBCO s enterprise service bus For details on how these compare, please reference Predictive Business Architecture: Using RETE and the JDL Knowledge Building Models SOURCES LOCAL SERVICES PROFILES DATA BASES OTHER DATA Level Zero PRE- PROCESSING Predictive Law Enforcement Environment LEVEL ONE REFINEMENT LEVEL FOUR LEVEL TWO SITUATION REFINEMENT DB MANAGEMENT LEVEL THREE IMPACT ASSESSMENT USER INTERFACE PROCESS REFINEMENT & SPECIALIZED ANALYSIS Historical Data Profile & Patterns

5 Changing the Game with a New Set of Cyber Defense Players The opportunity for cyber defense organizations lies in these similarities surveying and monitoring a pattern of an intruder s behavior and based on historical movement, proactive combating attacks This idea is at the heart of what TIBCO specifically calls the two-second advantage : the ability to capture the right information, at the right time, and act on it preemptively for a competitive advantage Specifically, organizations can leverage CEP technology and the JDL model to: 1 Identify the threats that resemble attack vectors or patterns of probing that have the potential to precursor an impactful attack 2 Analyze patterns to predict system and network vulnerabilities that are most attractive to attackers 3 Stage decoy systems as bait (aka honeypots) to capture attention and movement, further adding to the depth in which behavioral patterns are understood 4 Harvest events on a massive scale happening within the threat event cloud to identify previously unseen internal and external multi-vector threat profiles (which are becoming more common threats in critical networks) 5 Deliver false information on vulnerabilities and threat responses from replicas of systems under threat 6 Protect real systems while undermining attacker s credibility

6 What might this cyber defense strategy look like in the real world? In a remote network center, Jin is on a mission: find and archive vulnerable locations and systems This is not an attack or a precursor to an attack; he is simply keeping a log in case he needs to disable the systems he is watching By performing random patterns of door knocking, he will slip in and out of critical infrastructures around the globe to determine changes in protective and preventative solutions Little does he know that he is not the hunter, but rather the hunted Drawn into a trap, Jin s actions have been located, patterned, and modeled by a new set of players in the cyber defense arena Within seconds, Jerry, a senior cyber defense officer was alerted to Jin s presence based on a pattern of probing that matched Jin s past approaches In defense, Jerry launches a CEP model that will distract Jin and lead him to believe he had found a new system that is highly vulnerable After carefully characterizing the potential value inside the decoy system, Jin files this away in his priority list of systems to frequently update In reality, the complex event-driven predictive cyber defense would provide Jin with an invalid set of attack vectors that would not only be false, but would also undermine the faith of his attack team eroding credibility from within Whether it s Domain Name System (DNS) poisoning, BotNet exploitation, random latch rattling, or complex multi-vector data exfiltration protections, a new series of predictive cyber defense strategies and tools are finding their way into the arsenals of national defense organizations and cyber warrior delivering the ability to fuse historical data and real-time events into actionable knowledge and a secure means to proactively defend against cyber warfare

Biography Don Adams (dadams@tibcocom) is currently the vice president, chief security officer and chief technology officer, worldwide government, at TIBCO Software Federal, Inc In this position he provides expertise in security, government strategy and emerging technologies related to the TIBCO family of software solutions and service offerings Prior to TIBCO, Mr Adams was the chief technology officer of TriStrata Inc where he set the overall security philosophy, design and systems architecture for the revolutionary TriStrata Secure Information Management System Prior to TriStrata, Mr Adams spent six years at Sun Microsystems, where his last position was principal architect, security and networks While at Sun Don participated as architect or chief architect on over four and a half billion dollars worth of government contracts won Prior to Sun Microsystems, Mr Adams spent a highly decorated 23-year career in the United States Air Force Mr Adams started his career teaching at the Air Force Cryptographic Systems School in San Antonio, Texas, and spent the majority of his career in design, architecture, operations and maintenance of command, control, communications, computer and intelligence (C4I) systems Mr Adams was recently published as one of the contributing authors of the McGraw Hill Homeland Security Handbook His chapter on critical concepts for IT in homeland security covers both Sense and Respond and Predictive Response for enterprise, counterterrorism and healthcare emergency response TIBCO, TIBCO Software, The Two-Second Advantage, Predictive Business, TIBCO Enterprise Message Service, TIBCO Rendezvous, TIBCO ActiveSpaces, and TIBCO BusinessEvents are trademarks or registered trademarks of TIBCO Software Inc in the United States and other countries Global Headquarters 3303 Hillview Avenue Palo Alto, CA 94304 Tel: +1 650-846-1000 +1 800-420-8450 Fax: +1 650-846-1005 wwwtibcocom 2010, TIBCO Software Inc All rights reserved TIBCO, the TIBCO logo, The Power of Now, and TIBCO Software are trademarks or registered trademarks of TIBCO Software Inc in the United States and/or other countries All other product and company names and marks mentioned in this document are the property of their respective owners and are mentioned for identifi cation purposes only

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information