integration spiral results
play

Integration Spiral Results Wende Peters, JH-APL - PowerPoint PPT Presentation

Jan 31, 2023 •121 likes •660 views

Integrated Adaptive Cyber Defense: Integration Spiral Results Wende Peters, JH-APL wende.peters@jhuapl.edu iacd@jhuapl.edu September 2015 Integrated Adaptive Cyber Defense Cybersecurity Reality in the Greater Cyber Ecosystem We arent

  1. Integrated Adaptive Cyber Defense: Integration Spiral Results Wende Peters, JH-APL wende.peters@jhuapl.edu iacd@jhuapl.edu September 2015 Integrated Adaptive Cyber Defense

  2. Cybersecurity Reality in the Greater Cyber Ecosystem We aren’t controlling the space or the outcomes Source: Verizon 2014 Data Breach Investigation Report Source: M-Trends 2015: A View From the Front Lines, FireEye/Mandiant We’re getting worse at this 2 Integrated Adaptive Cyber Defense

  3. What Does Success Look Like? Secure integration and automation across a diverse, changeable array of cyber defense capabilities DOD CIKR Private Sector SLTT Fed/Civ Sector Coordinate National-level operations National and support cross-enterprise cyber response Enable collaborative, ‘beyond -line- Regional of- sight’ defense Local Enable participants to defend themselves 3 Integrated Adaptive Cyber Defense

  4. What Does Success Look Like? Secure integration and automation across a diverse, changeable array of cyber defense capabilities • Dramatically change timeline and effectiveness • Enable consistent effects in cyber-relevant time • Provide operational and acquisition freedom to take advantage of advances • Support use of existing and emerging standards to enable commercial-based solutions • Ensure control and action that can be achieved under network owners’ authorities and capabilities Integrated Adaptive Cyber Defense (IACD) is our initiative to address these challenges 4 Integrated Adaptive Cyber Defense

  5. IACD Spiral Approach Using an Agile Approach – Requirements and Capability Elicitation and Efficiency and Security Improvement Demonstration 0 Make it Real IACD Spirals 1 Heterogeneity, Scalability and Auto-Indicator Sharing 2 Risk- and Mission-based Decision Complexity Robust Controls for COA Sharing 3 Today 4 Message Fabric Integration and Trust-based Access 5 Integrated Adaptive Cyber Defense

  6. First: Every Defender Brings Their Own Enterprise Their own profile, priorities, capabilities, and risk tolerance Perimeter/Boundary Protections How do we maximize Email Guard Deep Malicious Web IDS/ Trusted Packet Behavior Content the effectiveness of our IPS Sensors Email Content Inspection Prediction Filtering Filtering current and future Repositories cyber defense and Analytic Clouds capabilities? Network/Infrastructure Protections Big Data Discovery SIEM Behavior Malicious NIDS/ Malware Based Behavior Predictive NIPS Detonation Detection Prediction Analytics How do we Host-based Protections interconnect our Continuous Human Behavior capabilities to ‘ move HIDS/ Malware App Monitoring// Input Based HIPS Detonation Whitelisting Cont Diag & left of boom ’? Detection Mitigations 6 Integrated Adaptive Cyber Defense

  7. Challenge: Integrate and Automate Across What They Bring Perimeter/Boundary Protections Email Guard Deep Malicious Web ACTING IDS/ Trusted Packet Behavior Content IPS Sensors Email Content Inspection Prediction Filtering Filtering Repositories and Analytic Clouds DECISION- Network/Infrastructure Protections Big Data MAKING Discovery SIEM Behavior Malicious NIDS/ Malware Based Behavior Predictive NIPS Detonation Detection Prediction Analytics SENSE-MAKING Host-based Protections SENSING Continuous Human Behavior HIDS/ Malware App Monitoring// Input Based HIPS Detonation Whitelisting Cont Diag & Detection Mitigations 7 Integrated Adaptive Cyber Defense

  8. IACD Functionality Inside the Enterprise • What core interoperable, flexible Presentation and Ops Services Presentation and Ops Services services need to exist to integrate and Visualization automate across our defenses? Analytics/Workflow Development • What will it take to create, manage, and Management Interface control this integration Response Actuator IFs • What content needs to be available and Actions Boundary Orchestration, Management Response Protections exchangeable? Controllers Control, Secure COAs Repositories Bus Rules DM Engine Network • How will we interconnect the capabilities Protections inside the enterprises? SM Analytic Analytics Framework Host Protections Data Feeds • Will performance or security drive Sensing I/F separate control needs? Services Defense Services Content • What tools must be provided to the Control Message Infrastructure analysts and operators? Information Sharing Infrastructure • What trust, identity, and security needs Sharing Infrastructure to be in place to assure mission? Trust Services: Security, Identity, Access Control 8 Integrated Adaptive Cyber Defense

  9. IACD Functionality Across/Among Diverse Enterprises National/Global: NCCIC, GEOC, National Cyber Centers v IACD/EASE Control Channel v Regional: Sectors, EOCs, Communities v IACD/EASE Control Channel v v v v Local: Enterprise, D/A, CIKR, B/P/C 9 Integrated Adaptive Cyber Defense

  10. Agile Approach to Capability Demonstration and Requirements/Standards Elicitation For each 90 day spiral, focus on some subset of target IACD capabilities – Within a single enterprise or across multiple enterprises with multiple roles Integrated Adaptive Cyber Defense

  11. Agile Approach to Capability Demonstration and Requirements/Standards Elicitation IACD Activity Scope IACD Use Cases Defend-the-Enterprise - Local Integration & Automation Compliance Checking/Auto-remediation Auto-enrichment/Decision Support Trusted Automated Information Sharing Reputation-based Decision Trusted Integrated Response Actions Detect/mitigate Vulnerabilities IACD Participant Scope Detect/mitigate Malware Fed/Civ Departments/Agencies Behavior-based Indications DOD Cross-enterprise Tipping Law Enforcement Automated Indicator Sharing Inter-Agency CIKR Low-Profile Response Private Sector Partners Regeneration Foreign Partners Rollback/Restoration SLTT Partners Ensure coverage of the operational space, including types of missions, user roles and authorities, and desired use cases Integrated Adaptive Cyber Defense

  12. Federated Innovation, Integration & Research Environment for IACD Spirals Reputation Sources Internet Virtualized Internet National Element Enterprise 1 Enterprise 2 Enterprise 3 Enterprise 4 Integrated Adaptive Cyber Defense

  13. Spiral 0 Emphasis: Orchestration and Automation Intra-Enterprise COA Auto-enrichment Auto-Response Decision Increasing speed of assessment, efficient use of limited analyst resources 13 Integrated Adaptive Cyber Defense

  14. Spiral 1 Emphasis: Indicator Sharing and Auto-Response Across Communities of Trust Auto-Indicator Auto- COA Auto-Response Decision Ingest enrichment Auto-Response Auto- COA enrichment Decision Auto-Indicator Sharing IACD-informed Scale across multiple, Auto-Indicator Auto- COA Human-in-loop Recomm Ingest enrichment heterogeneous environments Response Distributed use of advanced solutions 14 Integrated Adaptive Cyber Defense

  15. Spiral 2 Emphasis: Risk- and Mission-based Decision Complexity Indicator Auto- Auto- Auto- COA Indicator Indicator Decision Assessment Response Ingest Indicator 15 Integrated Adaptive Cyber Defense

  16. Spiral 2 Emphasis: Risk- and Mission-based Decision Complexity Auto-Indicator Auto- COA Auto-Response Decision Ingest enrichment Auto-Response Auto- COA Auto- Auto- Auto- enrichment COA Decision Indicator Decision enrichment Response Auto-Indicator Ingest Sharing IACD-informed Auto-Indicator Auto- COA Human-in-loop Recomm Ingest enrichment Response 16 Integrated Adaptive Cyber Defense

  17. IACD FIIRE Configuration Reputation Sources Enterprise 1 Internet Virtualized Internet National Element Represents a ‘security power user’ type enterprise with multiple security products Infrastructure Subnet • Orchestration • Domain Controller • MS Exchange • File Detonation Enterprise 1 Enterprise 2 Enterprise 3 Operations Subnet • Application User VMs (x20) Whitelisting Human Resources Subnet • AV/Host IPS User VMs (x20) • Firewall Logs • Netflow T raffic Research & Development Subnet • Indicator Storage User VMs (x20) IT Subnet • Indicator Sharing User VMs (x20) DIB Member Small CIKR/ Bus DOD 17 Integrated Adaptive Cyber Defense

  18. IACD FIIRE Configuration Reputation Sources Internet Virtualized Internet National Element Enterprise 2 Represents a smaller, cost- sensitive enterprise utilizing open source solutions Infrastructure Subnet Enterprise 1 • Enterprise 2 Enterprise 3 Orchestration • Domain Controller • IDS • MS Exchange Operations Subnet • Web Traffic Analysis User VMs (x20) • Netflow Human Resources Subnet • File Retrieval User VMs (x20) • Firewall Logs Research & Development Subnet • Netflow T raffic • Indicator Storage User VMs (x20) DIB Member • Ticketing Small CIKR/ Bus DOD IT Subnet • Indicator Sharing User VMs (x20) 18 Integrated Adaptive Cyber Defense

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Spiral Computer Generation of Performance Libraries Applications Jos M. F. Moura Markus

Spiral Computer Generation of Performance Libraries Applications Jos M. F. Moura Markus

Carnegie Mellon Performance Spiral Computer Generation of Performance Libraries Applications Jos M. F. Moura Markus Pschel Franz Franchetti Platforms & the Spiral Team Carnegie Mellon What is Spiral? Traditionally Spiral

429 views • 12 slides
Spiral-CT Benjamin Keck 21. March 2006 1 Motivation Spiral-CT offers reconstruction of long

Spiral-CT Benjamin Keck 21. March 2006 1 Motivation Spiral-CT offers reconstruction of long

Spiral-CT Benjamin Keck 21. March 2006 1 Motivation Spiral-CT offers reconstruction of long objects compared to circular filtered backprojection, where reconstruction is limited in z-direction. While the object moves constantly throw and

533 views • 5 slides
Spiral Structure and Mass Inflows In Spiral Galaxies Yonghwi Kim, Woong-Tae Kim CEOU, Astronomy

Spiral Structure and Mass Inflows In Spiral Galaxies Yonghwi Kim, Woong-Tae Kim CEOU, Astronomy

The 7 e 7 th Kor orean Astrop ophysics W Wor orkshop op Spiral Structure and Mass Inflows In Spiral Galaxies Yonghwi Kim, Woong-Tae Kim CEOU, Astronomy Program, Dept. of Physics & Astronomy, Seoul National University The 7 th Korean

370 views • 17 slides
Spiral 2-1 Datapath Components: Counters Adders Design Example: Crosswalk Controller 2-1.2

Spiral 2-1 Datapath Components: Counters Adders Design Example: Crosswalk Controller 2-1.2

2-1.1 Spiral 2-1 Datapath Components: Counters Adders Design Example: Crosswalk Controller 2-1.2 Spiral Content Mapping Combinational Sequential System Level Implementation Spiral Theory Project Design Design Design and Tools

852 views • 61 slides
Spiral Content Mapping Combinational Sequential System Level Implementation Spiral Theory

Spiral Content Mapping Combinational Sequential System Level Implementation Spiral Theory

2-1.1 2-1.2 Spiral Content Mapping Combinational Sequential System Level Implementation Spiral Theory Project Design Design Design and Tools Performance Decoders and Structural Verilog 1 metrics (latency muxes

742 views • 15 slides
Spiral 1 / Unit 1 Combinational vs. Sequential Logic Latency vs. Throughput (Pipelining) Digital

Spiral 1 / Unit 1 Combinational vs. Sequential Logic Latency vs. Throughput (Pipelining) Digital

1-1.1 Spiral 1 / Unit 1 Combinational vs. Sequential Logic Latency vs. Throughput (Pipelining) Digital Design Goals Logic Functions 1-1.2 Spiral Content Mapping Combinational Sequential System Level Implementation Spiral Theory Project

975 views • 66 slides
High Assurance Spiral 18-847E Spiral: Formal Approaches to Hardware & Software Design &

High Assurance Spiral 18-847E Spiral: Formal Approaches to Hardware & Software Design &

Carnegie Mellon Carnegie Mellon DARPA HACMS High Assurance Spiral 18-847E Spiral: Formal Approaches to Hardware & Software Design & Algorithm Verification Franz Franchetti Carnegie Mellon University www.ece.cmu.edu/~franzf Lecture

684 views • 52 slides
Spiral Laminar Flow: A Revolution in Understanding? Professor Graeme Houston University of

Spiral Laminar Flow: A Revolution in Understanding? Professor Graeme Houston University of

TRAINING Spiral Laminar Flow: A Revolution in Understanding? Professor Graeme Houston University of Dundee Medical Director TRAINING Background: Spiral Laminar Flow in Arteries Spiral laminar flow (SLF) has been observed in healthy

678 views • 20 slides
SPIRAL, FFTX, and the Path to SpectralPACK Franz Franchetti Carnegie Mellon University

SPIRAL, FFTX, and the Path to SpectralPACK Franz Franchetti Carnegie Mellon University

Carnegie Mellon Carnegie Mellon SPIRAL, FFTX, and the Path to SpectralPACK Franz Franchetti Carnegie Mellon University www.spiral.net In collaboration with the SPIRAL and FFTX team @ CMU and LBL This work was supported by DOE ECP and DARPA

319 views • 13 slides
SPIRAL Trial Switch from Protease Inhibitor to Raltegravir SPIRAL Trial: Study Design Study

SPIRAL Trial Switch from Protease Inhibitor to Raltegravir SPIRAL Trial: Study Design Study

Switch from Protease Inhibitor to Raltegravir SPIRAL Trial Switch from Protease Inhibitor to Raltegravir SPIRAL Trial: Study Design Study Design: SPIRAL Background : Randomized, open-label trial Switch Arm evaluating switch from a

508 views • 6 slides
Testing Density Wave Theory with Stellar Populations around Spiral Arms in M81 Yumi Choi 1

Testing Density Wave Theory with Stellar Populations around Spiral Arms in M81 Yumi Choi 1

Testing Density Wave Theory with Stellar Populations around Spiral Arms in M81 Yumi Choi 1 Julianne J. Dalcanton 1 , Benjamin F. Williams 1 , and Daniel Weisz 2 1 University of Washington, 2 UC Santa Cruz Relationship between Spiral Arms and SF

460 views • 22 slides
POWER COUPLERS FOR Spiral 1 & 2 at GANIL (France) Yolanda GOMEZ MARTINEZ LPSC, UJF /

POWER COUPLERS FOR Spiral 1 & 2 at GANIL (France) Yolanda GOMEZ MARTINEZ LPSC, UJF /

POWER COUPLERS FOR Spiral 1 & 2 at GANIL (France) Yolanda GOMEZ MARTINEZ LPSC, UJF / CNRS-IN2P3 / INPG, Grenoble, France. Outline Spiral 2 couplers layout & parameters Tests Mechanical test Radiofrequency (RF) tests Coupler

444 views • 18 slides
902-282: SPIRAL SLIDE P-1 Rev. 07/22/03 PARTS LIST KKJJJ SPECIFICATIONS Ref Description QTY

902-282: SPIRAL SLIDE P-1 Rev. 07/22/03 PARTS LIST KKJJJ SPECIFICATIONS Ref Description QTY

902-289 6 Spiral Slide Page 1 Rev. 07/22/03 IMPORTANT PLEASE READ THESE INSTRUCTIONS BEFORE COMMENCING ASSEMBLY. All equipment must be installed in accordance with these instructions. Check your shipment against Bill of Lading and Parts

387 views • 14 slides
CD/MH Integration Workgroup The What and the How of integration CD Integration Workgroup

CD/MH Integration Workgroup The What and the How of integration CD Integration Workgroup

CD/MH Integration Workgroup The What and the How of integration CD Integration Workgroup RECOMMENDATIONS TO THE TASK FORCE July 18, 2014 Each Behavioral Health Organization should provide rapid access to the following billable services along a

790 views • 9 slides
It should be noted that the length of spiral to be used is the maximum computed by both

It should be noted that the length of spiral to be used is the maximum computed by both

It should be noted that the length of spiral to be used is the maximum computed by both formulas: L= 0.01216EuV L=0.744Ea Note that maximum superelevation: Freight: 6- 7 Light Rail: 6 1 Dr. Randa Oqab Mujalli

964 views • 42 slides
Integration of Renewable Resources (IRRP) Integration Working Group January 13, 2009 Meeting

Integration of Renewable Resources (IRRP) Integration Working Group January 13, 2009 Meeting

Integration of Renewable Resources (IRRP) Integration Working Group January 13, 2009 Meeting Agenda Todays Objectives 10:00AM 10:10 AM Existing Fleet Study & Draft Results 10:10 AM 11:45 AM Stakeholder Discussion 11:45 AM

679 views • 64 slides
Big Data Platform Lessons Learned in Growing a Big Data Capability for Network Defense Who am I?

Big Data Platform Lessons Learned in Growing a Big Data Capability for Network Defense Who am I?

Big Data Platform Lessons Learned in Growing a Big Data Capability for Network Defense Who am I? - Technical Director, Enlighten IT Consulting, a MacAulay-Brown company - Software Engineering Consultant - Helped found Apache Rya - Chief

600 views • 17 slides
Advancing the College of Engineering and Science: The Role of the Associate Dean for Research and

Advancing the College of Engineering and Science: The Role of the Associate Dean for Research and

Advancing the College of Engineering and Science: The Role of the Associate Dean for Research and Graduate Studies Professor Daniel L. Noneaker Associate Chair & Graduate Program Coordinator Holcombe Department of Electrical and Computer

478 views • 18 slides
Alain L. Kornhauser Professor, Operations Research & Financial Engineering Director, Program

Alain L. Kornhauser Professor, Operations Research & Financial Engineering Director, Program

Intelligent Transportation Systems: Automated Highw ays, Autonomous Vehicles, aTaxis & Personal Rapid Transit Alain L. Kornhauser Professor, Operations Research & Financial Engineering Director, Program in Transportation Faculty Chair,

1.06k views • 87 slides
PROPOSAL & AWARD POLICIES AND PROCEDURES GUIDE Effective January 29, 2018 NSF 18-1 About the

PROPOSAL & AWARD POLICIES AND PROCEDURES GUIDE Effective January 29, 2018 NSF 18-1 About the

THE NATIONAL SCIENCE FOUNDATION PROPOSAL & AWARD POLICIES AND PROCEDURES GUIDE Effective January 29, 2018 NSF 18-1 About the National Science Foundation An independent Federal agency created by Congress in 1950 to promote the progress

419 views • 24 slides
Defense Security Service Defense Security Service Cybersecurity Operations Division

Defense Security Service Defense Security Service Cybersecurity Operations Division

UNCLASSIFIED//FOUO Defense Security Service Defense Security Service Cybersecurity Operations Division Counterintelligence UNCLASSIFIED//FOUO UNCLASSIFIED Defense Security Service DSS Mission Capability DSS Supports national security and

490 views • 33 slides
H AMPTON R OADS M ILITARY T RANSPORTATION N EEDS S TUDY 2018 U P D A T E P R E S E N T E D B Y : S

H AMPTON R OADS M ILITARY T RANSPORTATION N EEDS S TUDY 2018 U P D A T E P R E S E N T E D B Y : S

H AMPTON R OADS M ILITARY T RANSPORTATION N EEDS S TUDY 2018 U P D A T E P R E S E N T E D B Y : S A M B E L F I E L D H A M P T O N R O A D S T R A N S P O R TAT I O N P L A N N I N G O R G A N I Z AT I O N M E E T I N G A G E N D A I T E M # 1 3 J

184 views • 14 slides
Reconstructing Corrupt DEFLATEd Files Ralf D. Brown Carnegie Mellon University 3 August 2011

Reconstructing Corrupt DEFLATEd Files Ralf D. Brown Carnegie Mellon University 3 August 2011

Reconstructing Corrupt DEFLATEd Files Ralf D. Brown Carnegie Mellon University 3 August 2011 Why do we care about DEFLATE compression? DEFLATE is Ubiquitous Many file types are in fact ZIP archives: OOXML (.docx, .xslx, .pptx)

438 views • 40 slides
VacuNest S hape M emory T ooling shaping the future ~ today VacuNest is a NOVATEC technology

VacuNest S hape M emory T ooling shaping the future ~ today VacuNest is a NOVATEC technology

RCAB VacuNest S hape M emory T ooling shaping the future ~ today VacuNest is a NOVATEC technology VacuNest RCAB Shape Memory Tooling shaping the future ~ today PRIOR ART SOLUTIONS RCAB TECHNOLOGI ES DEDI CATED TOOLS FLEXI BLE PI N

406 views • 19 slides

More recommend