Hector Open Source Security Intelligence Platform University of - - PowerPoint PPT Presentation

hector
SMART_READER_LITE
LIVE PREVIEW

Hector Open Source Security Intelligence Platform University of - - PowerPoint PPT Presentation

Sep 02, 2023 489 likes •752 views

Hector Open Source Security Intelligence Platform University of Pennsylvania School of Arts & Sciences Ubani A Balogun & Justin Klein Keane Security Intelligence HECTOR was developed out of a desire to leverage security

slide-1
SLIDE 1

Hector

Open Source Security Intelligence Platform University of Pennsylvania School of Arts & Sciences Ubani A Balogun & Justin Klein Keane

slide-2
SLIDE 2

Security Intelligence

  • HECTOR was developed out of a desire to

leverage security intelligence

  • Goal of a metrics driven security program

○ Very much inspired by Risk.io and Shostack and Stewart's New School of Information Security

  • Security intelligence is the infosec analog of

business intelligence

slide-3
SLIDE 3

Goals

  • Spot emerging trends and react to them
  • Understand and analyze existing assets
  • Compare threat intelligence to infrastructure
  • Measure and remediate vulnerability
  • Track security expenditure
  • Gap Analysis
slide-4
SLIDE 4

Data Sources

  • Internal incident reporting
  • Kojoney2 medium interaction SSH honeypot
  • Darknet sensors measure unsolicited traffic
  • OSSEC host based intrusion detection
  • Extensible scanning architecture (Nmap,

Ncrack, Hydra, Nikto, PhantomJS, Bing, etc.)

  • RSS feeds of open source information
slide-5
SLIDE 5

Big Data

  • Structured data is at the core of HECTOR
  • Currently powered by a MySQL database
  • Live instance has > 3 million records
  • Structured data allows for structured

analysis

○ Takes a lot of up from planning work

slide-6
SLIDE 6

What’s in the mix?

  • Twitter Bootstrap
  • jQuery
  • Chart.js
  • jVectorMap
  • DataTables
  • jQuery Tag Cloud
  • More open source goodies...
slide-7
SLIDE 7

Dashboard

slide-8
SLIDE 8

Incident Reports

slide-9
SLIDE 9

Incident Report Analytics

Where should I invest security resources?

slide-10
SLIDE 10

Incident Insights

slide-11
SLIDE 11

Kojoney & Darknet Sensors

What do malicious actors want from our systems?

slide-12
SLIDE 12

Kojoney Insights

slide-13
SLIDE 13

Kojoney Insights

slide-14
SLIDE 14

Darknet Insights

slide-15
SLIDE 15

Malicious IP Database

slide-16
SLIDE 16

Scans

What’s on our network?

slide-17
SLIDE 17

PhantomJS Scan

slide-18
SLIDE 18

Articles

slide-19
SLIDE 19

Free Tags

Tying all the raw data together

slide-20
SLIDE 20

Tag Insights

slide-21
SLIDE 21
  • Create Host & Support Groups
  • Nessus & other vulnerability scans
  • Non admin user profiles
  • Footprints integration
  • Malware sample collection
  • Feature requests always welcome!

Other features

slide-22
SLIDE 22

Code

  • All code is open source
  • Tracked via internal GitLab instance
  • Public repo at https://github.

com/madirish/hector

slide-23
SLIDE 23

Contact

  • Justin Klein Keane <jukeane@sas.upenn.

edu>

  • Ubani A Balogun <ubani@sas.upenn.edu>
slide-24
SLIDE 24

Questions?

slide-25
SLIDE 25