Session 9: Changing Paradigms and Challenges Tools for Space Systems Cyber Situational Awareness



Similar documents
Cyber Security. BDS PhantomWorks. Boeing Energy. Copyright 2011 Boeing. All rights reserved.

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL

Defending Against Data Beaches: Internal Controls for Cybersecurity

WAN security threat landscape and best mitigation practices. Rex Stover Vice President, Americas, Enterprise & ICP Sales

CyberArk Privileged Threat Analytics. Solution Brief

CHAPTER 3 : INCIDENT RESPONSE FIVE KEY RECOMMENDATIONS GLOBAL THREAT INTELLIGENCE REPORT 2015 :: COPYRIGHT 2015 NTT INNOVATION INSTITUTE 1 LLC

DEFENSE THROUGHOUT THE VULNERABILITY LIFE CYCLE WITH ALERT LOGIC THREAT AND LOG MANAGER

Cyber Security Metrics Dashboards & Analytics

Advanced Threats: The New World Order

Continuous Network Monitoring

Cyber Threat Intelligence Move to an intelligencedriven cybersecurity model

Combating a new generation of cybercriminal with in-depth security monitoring. 1 st Advanced Data Analysis Security Operation Center

SANS Top 20 Critical Controls for Effective Cyber Defense

Combating a new generation of cybercriminal with in-depth security monitoring

September 20, 2013 Senior IT Examiner Gene Lilienthal

Defending Against Cyber Attacks with SessionLevel Network Security

Cyber Situational Awareness for Enterprise Security

Unified Security, ATP and more

By John Pirc. THREAT DETECTION HAS moved beyond signature-based firewalls EDITOR S DESK SECURITY 7 AWARD WINNERS ENHANCED THREAT DETECTION

Obtaining Enterprise Cybersituational

The Hillstone and Trend Micro Joint Solution

Cisco Advanced Malware Protection for Endpoints

Cisco Advanced Malware Protection for Endpoints

Office 365 Cloud App Security MARKO DJORDJEVIC CLOUD BUSINESS LEAD EE TREND MICRO EMEA LTD.

External Supplier Control Requirements

REVOLUTIONIZING ADVANCED THREAT PROTECTION

The Next Generation Security Operations Center

Agenda , Palo Alto Networks. Confidential and Proprietary.

Caretower s SIEM Managed Security Services

CYBER4SIGHT TM THREAT INTELLIGENCE SERVICES ANTICIPATORY AND ACTIONABLE INTELLIGENCE TO FIGHT ADVANCED CYBER THREATS

Bio-inspired cyber security for your enterprise

ADDING NETWORK INTELLIGENCE TO VULNERABILITY MANAGEMENT

JUNIPER NETWORKS SPOTLIGHT SECURE THREAT INTELLIGENCE PLATFORM

Protecting Your Organisation from Targeted Cyber Intrusion

Retail Security: Enabling Retail Business Innovation with Threat-Centric Security.

Intelligence Driven Security

Endpoint Threat Detection without the Pain

PALANTIR CYBER An End-to-End Cyber Intelligence Platform for Analysis & Knowledge Management

I D C A N A L Y S T C O N N E C T I O N

Security and Privacy

A Case for Managed Security

Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS

Extreme Networks Security Analytics G2 Vulnerability Manager

The Emergence of Security Business Intelligence: Risk

Symantec Cyber Security Services: DeepSight Intelligence

Protecting against cyber threats and security breaches

Enterprise Cybersecurity: Building an Effective Defense

The SIEM Evaluator s Guide

Analyzing HTTP/HTTPS Traffic Logs

Beyond the Hype: Advanced Persistent Threats

PENETRATION TESTING GUIDE. 1

IBM Security IBM Corporation IBM Corporation

Cybersecurity and internal audit. August 15, 2014

WHITEPAPER. How a DNS Firewall Helps in the Battle against Advanced Persistent Threat and Similar Malware

Applying machine learning techniques to achieve resilient, accurate, high-speed malware detection

End-user Security Analytics Strengthens Protection with ArcSight

Take the Red Pill: Becoming One with Your Computing Environment using Security Intelligence

Unified Security Management and Open Threat Exchange

Advanced Threat Protection with Dell SecureWorks Security Services

Things To Do After You ve Been Hacked

Security Architecture: From Start to Sustainment. Tim Owen, Chief Engineer SMS DGI Cyber Security Conference June 2013

Breaking the Cyber Attack Lifecycle

Technology Blueprint. Protect Your Servers. Guard the data and availability that enable business-critical communications

Security Intelligence Services.

Stop advanced targeted attacks, identify high risk users and control Insider Threats

CYBER SECURITY INFORMATION SHARING & COLLABORATION

CyberReady Solutions. Integrated Threat Intelligence and Cyber Operations MONTH DD, YYYY SEPTEMBER 8, 2014

Unified Cyber Security Monitoring and Management Framework By Vijay Bharti Happiest Minds, Security Services Practice

Full-Context Forensic Analysis Using the SecureVue Unified Situational Awareness Platform

Addressing the SANS Top 20 Critical Security Controls for Effective Cyber Defense

Addressing the Full Attack Continuum: Before, During, and After an Attack. It s Time for a New Security Model

The Advanced Attack Challenge. Creating a Government Private Threat Intelligence Cloud

Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst

Enterprise Security Platform for Government

24/7 Visibility into Advanced Malware on Networks and Endpoints

Fighting Advanced Threats

Rethinking Information Security for Advanced Threats. CEB Information Risk Leadership Council

Palo Alto Networks and Splunk: Combining Next-generation Solutions to Defeat Advanced Threats

White Paper. Advantage FireEye. Debunking the Myth of Sandbox Security

The Sophos Security Heartbeat:

Bridging the gap between COTS tool alerting and raw data analysis

WHITE PAPER Cloud-Based, Automated Breach Detection. The Seculert Platform

Into the cybersecurity breach

CORE INSIGHT ENTERPRISE: CSO USE CASES FOR ENTERPRISE SECURITY TESTING AND MEASUREMENT

Attack Intelligence: Why It Matters

ASSUMING A STATE OF COMPROMISE: EFFECTIVE DETECTION OF SECURITY BREACHES

Network as a Sensor and Enforcer Leverage the Network to Protect Against and Mitigate Threats

defending against advanced persistent threats: strategies for a new era of attacks agility made possible

IBM Security QRadar Vulnerability Manager

Threat Intelligence: The More You Know the Less Damage They Can Do. Charles Kolodgy Research VP, Security Products

BREAKING THE KILL CHAIN AN EARLY WARNING SYSTEM FOR ADVANCED THREAT

1 Introduction Product Description Strengths and Challenges Copyright... 5

Transcription:

Session 9: Changing Paradigms and Challenges Tools for Space Systems Cyber Situational Awareness Wayne A. Wheeler The Aerospace Corporation GSAW 2015, Los Angeles, CA, March 2015

Agenda Emerging cyber threats to space systems Defense-in-Depth shortfalls Tools for Cyber Situational Awareness Example Approaches Summary 2

Open Source Reported Space Cyber Incidents The age of the space cyber attack is here ROSAT satellite disabled (1998) Landsat 7 cyber interference (2008) Terra EOS AM-1 cyber interference (2008) achieved all steps required to command the satellite IntelsatONE DDoS (distributed denial-of-service) attacks (2011) 3

Factors Driving Cyber Threats to Space Systems Space systems are distributed networks of COTS 1, and can share vulnerabilities with any commercial infrastructure Aging ground infrastructure can be less secure that current commercial systems (no remediation for emerging threats) 100% closed systems assumptions for space systems are not realistic, in light of Advanced Persistent Threats APTs- highly resourced and motivated attackers Supply chain, FOSS 2 or commercial software, applications software, upgrades, links to other systems, and insider threats are potential attack vectors Threats development has moved up from hackers to organized crime and resourced State actors Computing power amplifies asymmetric power Estimated 82,000 new malware discovered daily in 2013 Potential adversaries are known to be developing (and are sometimes demonstrating) sophisticated cyber attack capabilities against space systems 4 [1] Commercial-of-the-Shelf [2] Free-and-open-source software

The Advanced Persistent Threat (APT) The highly resourced and motivated adversary The Cyber Threat is active and evolving Cyber attacks are ongoing and continuous as a means by which adversaries attempt to exfiltrate information, test system responses and identify exploitable attack surfaces Space, ground, and user segments must be resilient to the persistent probing, penetration and exploitation attempts by adversaries throughout the stages of a space system life cycle Space Architectures must be cyber resilient to all types of threats Known Cyber Threats Identified in the wild as a known vulnerability Usually similar to previous malware Unknown Cyber Threats Only identified after exploit Zero-day attacks 5

Tools for Cyber Situational Awareness and Response It isn't that they can't see the solution. It is that they can't see the problem. G.K. Chesterton 6

Cyber Threats Landscape Known Identified Vulnerabilities Unknown Zero Day, APT Available technologies Global industry response Best-practices Defense-in-Depth Network Segmentation Layer 3 Firewalls Aggressive Patch Management Boundary Enforcement IDPS 7x24 Top-tier Security Ops Center Current Software/Hardware Emerging technologies Industry struggling to respond Cyber Analytic Tools Layer 7 Firewalls SIEM Virtualization Sandbox Cyber Visualization Auto respond systems Ineffective without development and Ops expertise Significant costs for start-up Ops Zero Day- Cyber exploit not previously seen APT- Advanced Persistent Threat DPDS- Intrusion Detection & Prevention SIEM- Security Information & Event Management 7

An Arsenal to Counter 21 st Century Cyber Threats Defense-in-Depth security architectures are necessary, but not sufficient Need to assume that attackers can find a way inside (APTs) Cyber Situational Awareness is critical Instrument computers and networks to report ongoing state and activity Leverage advanced Cyber Analytics Tools to correlate and interpret vast amounts of available data Ensure operator training and procedures to utilize available tools Enforce system state of stacks through automated tools Leverage global knowledge base developing mitigations to emerging threats and vulnerabilities (i.e. patch management) Implement processes to continually review and enhance cyber security protections to space systems Operating budgets need to allocate resources for continual enhancements 8

Cyber Analytic Tools for Advanced Threats Industry has developed various real-time cyber analytic tools to identify and respond to advanced threats Instrumentation highlights patterns of a cyber attack subtle changes in state on a number of systems can be correlated to facilitate early discovery of an attack Data-Driven Security- emerging capabilities such and Big Data cyber analytics and cyber visualization may enable automated analysis and response to advanced threats Cyber SA Cyber Visualization Cyber Big Data SIEM Identify & Respond to Specific Threats Sandbox Detonation Layer 7 Firewall Automated Response Notional- Industry technology areas are in flux Mature Emerging SIEM Security Information & Event Management 9

Security Information & Event Management (SIEM) Correlation Engine Dashboards Rule Engine Reports Visualization Log Collection & Normalization Alarms Incident Response Workstation Layer 7 Firewall Server Intrusion Detection System Router 10

Challenges to Implementing SIEM Custom SIEM log interfaces need to be built for legacy/unique systems SIEM outputs are only as good as the logs generated and the rules defined for the implementation Advanced tools do not negate the need for training and procedures SIEM tools need to be paired with incident response systems/procedures (I know we re under cyber attack- so now what are we supposed to do?) SIEM itself can be compromised (e.g. insider attacks) Cloud providers may not provide logs needed for in-depth SIEM 11

Sandbox Detonation for Zero-day Attacks Inbound Content Incident Response Is it Suspicious? Pre-Filtering Intelligence Is it Malicious? Virtualization Sandbox Alarms Visualization Internal Scans Malicious Code Detonation Reports 12

Case Study: Target Data Breach Attackers gained access to the Target network via weak security at a Target vendor Except for the final data exfiltration, almost the entire attack took place within the Target corporate infrastructure Target computers were turned into agents for the attackers Target never realized the attack on their own Complete lack of cyber situational awareness Despite having installed advanced security systems, Target missed multiple opportunities to thwart the attack Lack of skills to architect, deploy, and manage advanced cyber analytic tools To date, there has been no attribution (charges/arrests) 13

Summary The cyber threat to space systems is real will continue to evolve with increasing capabilities for potential attackers Cyber Situational Awareness is critical for all segments of a space system (space, ground networks, ops centers, user terminals) Required to identify, mitigate, and attribute advanced cyber attacks Cyber Analytics Tools can provide significant insight into cyber situational awareness Instrument the network Implement analytics to support security team Must develop (or contract for) expertise necessary to integrate and operate cyber analytic tools Cyber Analytic solutions are evolving resources must be provided for an evergreen refresh approach to cyber security 14

Questions? 15

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information