Big Data Platform (BDP) and Cyber Situational Awareness Analytic Capabilities (CSAAC)

Similar documents
Cyber Situational Awareness - Big Data Solution

DISA and the Evolving DoD Enterprise

Infrastructure Development Forecast to Industry

A Comprehensive Cyber Compliance Model for Tactical Systems

Joint Information Environment Single Security Architecture (JIE SSA)

Forecast to Industry 2015

An Overview of Large US Military Cybersecurity Organizations

Space Ground Services in the Joint Information Environment (JIE)

Bringing Strategy to Life Using an Intelligent Data Platform to Become Data Ready. Informatica Government Summit April 23, 2015

Cybersecurity Delivering Confidence in the Cyber Domain

This Conference brought to you by

US-CERT Year in Review. United States Computer Emergency Readiness Team

Operationally Focused CYBER Training Framework

A Combat Support Agency

Middle Class Economics: Cybersecurity Updated August 7, 2015

Triangle InfoSeCon. Alternative Approaches for Secure Operations in Cyberspace

Information Technology Strategic Plan

Unified Security, ATP and more

Niara Security Analytics. Overview. Automatically detect attacks on the inside using machine learning

PALANTIR CYBER An End-to-End Cyber Intelligence Platform for Analysis & Knowledge Management

How To Manage Security On A Networked Computer System

WAN security threat landscape and best mitigation practices. Rex Stover Vice President, Americas, Enterprise & ICP Sales

Cloud Security. A Sales Guy Talks About DoD s Cautious Journey to the Public Cloud. Sean Curry Sales Executive, Aquilent

Cyber Workforce Training

Network Security Deployment Obligation and Expenditure Report

Enhancing Safeguards Through Information Analysis: Business Analytics Tools. IAEA, Vienna, 09/10/2014. General Use

POWERFUL SOFTWARE. FIGHTING HIGH CONSEQUENCE CYBER CRIME. KEY SOLUTION HIGHLIGHTS

INFRAGARD.ORG. Portland FBI. Unclassified 1

Symantec Cyber Threat Analysis Program Program Overview. Symantec Cyber Threat Analysis Program Team

Hurwitz ValuePoint: Predixion

Data Governance in the Hadoop Data Lake. Michael Lang May 2015

Department of Defense INSTRUCTION

Reliable, Repeatable, Measurable, Affordable

Cyber Watch. Written by Peter Buxbaum

The Comprehensive National Cybersecurity Initiative

Mark S. Orndorff Director, Mission Assurance and NetOps

WHITE PAPER SPLUNK SOFTWARE AS A SIEM

FREQUENTLY ASKED QUESTIONS

DoD Strategy for Defending Networks, Systems, and Data

GETTING REAL ABOUT SECURITY MANAGEMENT AND "BIG DATA"

DISA Testing Services for the Enterprise. Luanne Overstreet

Partnering with Small Business

CLOUD ANALYTICS: Empowering the Army Intelligence Core Analytic Enterprise

ALERT LOGIC FOR HIPAA COMPLIANCE

Data- Centric Enterprise Approach to Risk Management Gregory G. Jackson, Sr. Cyber Analyst Cyber Engineering Division Dynetics Inc.

How To Create An Insight Analysis For Cyber Security

Cyber Superiority. Weapon System Normalization Update. Colonel Aaron Smith HQ AFSPC/A5I Chief, Cyberspace Superiority. AFCEA Luncheon Jan 2015

DISA Acquisition Opportunities

Full-Context Forensic Analysis Using the SecureVue Unified Situational Awareness Platform

Gaining and Maintaining Support for a SOC. Jim Goddard Executive Director, Kaiser Permanente

Considerations for Adopting PaaS (Platform as a Service)

THREAT VISIBILITY & VULNERABILITY ASSESSMENT

Capitalize on Big Data for Competitive Advantage with Bedrock TM, an integrated Management Platform for Hadoop Data Lakes

CA Service Desk Manager

National Initiative for Cybersecurity Education

Ben Hall Technical Pre-Sales Manager Barry Kew Pre-Sales Consultant

The Geospatial Approach to Cybersecurity: An Executive Overview. An Esri White Paper January 2014

IBM Security Intelligence Strategy

Written Testimony. Dr. Andy Ozment. Assistant Secretary for Cybersecurity and Communications. U.S. Department of Homeland Security.

Mike Smart Cyber Strategist & Enterprise Security Solutions, EMEA. Cyber: The Catalyst to Transform the Security Program

CRITEO INTERNSHIP PROGRAM 2015/2016

EnCase Analytics Product Overview

LOG INTELLIGENCE FOR SECURITY AND COMPLIANCE

Cyber Security. BDS PhantomWorks. Boeing Energy. Copyright 2011 Boeing. All rights reserved.

The Sumo Logic Solution: Security and Compliance

This Symposium brought to you by

Hearing before the House Permanent Select Committee on Intelligence. Homeland Security and Intelligence: Next Steps in Evolving the Mission

DEFENSE INFORMATION SYSTEMS AGENCY STRATEGIC PLAN UNITED IN SERVICE TO OUR NATION

Providing On-Demand Situational Awareness

MicroStrategy Course Catalog

Ty Miller. Director, Threat Intelligence Pty Ltd

MassMutual Cyber Security. University of Massachusetts Internship Opportunities Within Enterprise Information Risk Management

ORGANIZADOR: APOIANTE PRINCIPAL:

How To Improve The Defense Communications System

FROM INBOX TO ACTION AND THREAT INTELLIGENCE:

Continuous Cyber Situational Awareness

A New Perspective on Protecting Critical Networks from Attack:

Addressing Risk Data Aggregation and Risk Reporting Ben Sharma, CEO. Big Data Everywhere Conference, NYC November 2015

The Informatica Platform for the United States Air Force

Army Intelligence Industry Day Foundation Layer Technology Focus Areas

Enterprise Security Platform for Government

Accenture Intelligent Security for the Digital Enterprise. Archer s important role in solving today's pressing security challenges

Cautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work

Threat Intelligence: The More You Know the Less Damage They Can Do. Charles Kolodgy Research VP, Security Products

Security Services. A Solution for Providing BPM of Security Services within the Enterprise Environment.

Unified Cyber Security Monitoring and Management Framework By Vijay Bharti Happiest Minds, Security Services Practice

The Emergence of Security Business Intelligence: Risk

G2 Industry Day JULY Mr. Stephen Kreider PEO IEW&S. G2 Industry Day 29 July 2015 CLEARED FOR PUBLIC RELEASE

Niara Security Intelligence. Overview. Threat Discovery and Incident Investigation Reimagined

100 Hamilton Avenue Palo Alto, California PALANTIR CYBER. An End-to-End Cyber Intelligence Platform

QRadar SIEM and FireEye MPS Integration

Compliance Guide ISO Compliance Guide. September Contents. Introduction 1. Detailed Controls Mapping 2.

Transcription:

Big Data Platform (BDP) and Cyber Situational Awareness Analytic Capabilities (CSAAC) Daniel V. Bart DISA Infrastructure Development Cyber Situational Awareness and Analytics 22 April 2016

Presentation Disclaimer The information provided in this briefing is for general information purposes only. It does not constitute a commitment on behalf of the United States Government to provide any of the capabilities, systems or equipment presented and in no way obligates the United States Government to enter into any future agreements with regard to the same. The information presented may not be disseminated without the express consent of the United States Government. This brief may also contain references to United States Government future plans and projected system capabilities. Mention of these plans or capabilities in no way guarantees that the U.S. Government will follow these plans or that any of the associated system capabilities will be available or releasable to foreign governments. 2

Cyber Situational Awareness Access to all the raw data Mine and Fuse data into observations Identify patterns and indicators that are out of the norm Identify aggregate anomalous behaviors that fit a malicious profile 3

Key Definitions Big Data Platform (BDP) The BDP provides a common computing solution capable of ingesting, storing, processing, sharing, and visualizing multiple petabytes of data from DoD Information Network (DoDIN) sources Cyber Situational Awareness Analytic Capabilities (CSAAC) CSAAC is the set of widgets, analytics, ingest code, and data structures deployed on the BDP providing unified situational awareness across DODIN Operations and Defense Cyberspace Operations (DCO) DODIN Ops / Situational Awareness Enterprise Services Monitoring 4

Cyber Situational Awareness Framework with Big Data Share Visualize Analyze Mission Planning Continuous Risk Management Network Management Enterprise Service Management ANALYTIC PLATFORM DATA INGEST SERVICE Cyber Defense Near Real and Real Time *Cyber Information Sharing *Intel Collect Information DISN OSS JRSS *Commercial Cloud *Federal CDCs/DECC Gateways DATA SOURCES Enclaves & End Points *Cyber Intel *DIB *Future Integration 5

Infrastructure, Data, Analytic Integration Management (IDAIM) Data acquisition Data acquisition methodology and operations based upon user/community use case requirements Analytic Development Management Governance policies and processes for internal/external tool development and cloud integration Big Data Platform (BDP) Baseline Change Management BDP baseline tool integration based upon community use cases/requirements Requirements Management Requirements gathering, dissemination, scoring and integration for BDP/CSAAC enhancements Knowledge Base / Collaboration Environment for developers to access what other analysts / data scientists are working on across the DoD Governance Portal https://disa.deps.mil/ext/cop/mae/netops/governance/sitepages/home.aspx Data Portal https://disa.deps.mil/org/id6/csaacdataacquisition/siteassets/dataportal%20html%20redesign.html 6

Big Data Platform Community efforts Statistical Modeling Risk Modeling Data Scientist View Mission mapping Targeted Network Defense Navy Tactical Cloud Geospatial Visualization Graphical Based Query Targeted Network Defense Data Scientist View Behavioral Analytics DARPA Net Defense Cyber Advanced Analytics Persistent Malware Detection Behavioral Analytics Machine Learning Anomaly Detection Advanced Analytics Mission Mapping Data Sharing Incident Management Vulnerability Management 7

Network Operations Capability Focused on situational awareness of enterprise services Gives visual indications for health and status of DoD Enterprise Email Allows for quick problem overview Allows understanding of customers affected if system issues are occurring How many customers? Where are they located? What Service do they work for? Utilized by DISA Operations and DoD Enterprise Email customers DODIN Ops / Situational Awareness Enterprise Services Monitoring 8

Computer Network Defense Capability Focused on Cyber Threat Analysis Ability to automatically ingest, analyze, and update cyber threat information from reports Answers the following questions based on data already ingested Have we seen this threat before? Where have we seen this threat across the DoDIN? Who else has reported this threat? Do we have an existing counter measure in place / where? Allows a automated workflow to create new counter measures Utilized by DISA DCC and Cyber Operations teams across DoD Defensive Cyber Ops Fight by Indicator (FbI) 9

Anomaly Detection Suite Capability Focused on Internal Threat Analysis Brings together data from NIPR and SIPR to identify anomalies Provides visibility into DoD users network activity to assist with inquiry and investigation procedures Audit Management Uses Big Data to perform complex analytics which result in focused results Utilized by DISA Risk management, Missile Defense, Army ARCYBER Insider Threat Detection Service 10

Opportunities to Assist Commitment to Open Architecture / Open Standards Can t tear out and replace large parts of a capability with each good idea Enterprise Architecture How to best support the DoD level at scale, federation, and hierarchy Data Standards, Catalogs, and Tagging Foundational for analytics reuse and common Situational Awareness Data Scientists Need more subject matter expertise for problem determination/solving Collaboration Environment How to facilitate information sharing to minimize redundant efforts DEVOPS / Agile Environment Need automated capability(s) to enable secure continuous integration into operations Leverage Data Repositories Strengthen authoritative lineage and reduce excessive storage instances 11

12

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information