situational awareness threat report satr
play

Situational Awareness Threat Report (SATR) Presenters: Stacie Green - PowerPoint PPT Presentation

Mar 30, 2023 •338 likes •532 views

Situational Awareness Threat Report (SATR) Presenters: Stacie Green & Casey Kahsen United States Computer Emergency Readiness Team (US-CERT) 13 January 2016 Outline 1. Goal of SATR 2. Overview of SATR 3. Components of SATR 4.

  1. Situational Awareness Threat Report (SATR) Presenters: Stacie Green & Casey Kahsen United States Computer Emergency Readiness Team (US-CERT) 13 January 2016

  2. Outline 1. Goal of SATR 2. Overview of SATR 3. Components of SATR 4. Accomplishments of SATR 5. Standardized Reporting 6. Conclusion 2 Homeland Office of Cybersecurity and Communications Security

  3. Situational Awareness Threat Report Goal Who is being attacked? Who is attacking? What is the impact/magnitude of the attack? What is the likelihood of attacks and the risks? ISP validation and awareness Signature development and deployment Aware of types of attacks on sectors Development of means of identifying potential compromises Machine speed alert capability Joint Capabilities to enhance computer network defense mitigation actions 3 Homeland Office of Cybersecurity and Communications Security

  4. 4 Homeland Office of Cybersecurity and Communications Security

  5. Overview: Data Sources GLOBAL THREAT BIG DATA PERSPECTIVE QUERIABLE INDICATORS • IPs • APT Activity • MD5 • Malware family • Domains • CVEs • URLs • NAICs/Sectors 5 Homeland Office of Cybersecurity and Communications Security

  6. Overview: Reporting Capabilities Customizable Correlation of Big Data Reporting on Reporting Federal and Visualizations Critical Commercial Infrastructure Threat Data Sectors 6 Homeland Office of Cybersecurity and Communications Security

  7. Component: Threat Actors Reporting Example: Threat Actors APT Indicators Monitored for Activity • Provides insight into high priority indicators that have been previously associated with threat actors and focused operations • Illustrates potential threats that haven’t been reported • Offers view of potential focused operations activity from commercial data perspective 7 Homeland Office of Cybersecurity and Communications Security

  8. Component : Government Targets Depicts Attacks Against Illustrates Top Indicators from U.S. Government Countries of Interest • By most counter-measures triggered By Source Country • Two categories: Attacking & Scanning 8 Homeland Office of Cybersecurity and Communications Security

  9. Component: Vulnerabilities Image Depicts Report for 8/3/2015 Daily Report Monitors Exploit Usage • Provide exploit trending • Indicates usage patterns • Can drive decision making 9 Homeland Office of Cybersecurity and Communications Security

  10. Component : Vulnerabilities Reporting Example: Vulnerabilities Report From Next Day • Article describes RIG’s use of CVE-2015-5119 • Reported previous day with an uptick of activity • Example of threat forecasting Image Depicts Report for 8/4/2015 10 Homeland Office of Cybersecurity and Communications Security

  11. Accomplishments of SATR Tagged APT Further Analysis on net flow yielded traffic to Placeholder Text Infrastructure potential botnet infected machines The government machine connected to a Trend Micro sinkhole (Malware research) These connections used high (random) port numbers, which is a sign of FTP connections 11 Homeland Office of Cybersecurity and Communications Security

  12. Accomplishments of SATR Operational Success Use Cases Potential reduction in SATR analysis, alerted Possible identification data exfiltration from USG department a of botnet machines public facing device was observed used for data government FTP communicating with exfiltration campaigns servers potential APT actors 12 Homeland Office of Cybersecurity and Communications Security

  13. Accomplishments of SATR 13 Homeland Office of Cybersecurity and Communications Security

  14. Accomplishments of SATR This analysis resulted This use case in a reduction of potentially increased potentially unsolicited government reputation email traffic (spam) as the machine was on two known blacklists 14 Homeland Office of Cybersecurity and Communications Security

  15. Standardized Reporting 15 Homeland Office of Cybersecurity and Communications Security

  16. Reporting Aspects 16 Homeland Office of Cybersecurity and Communications Security

  17. Conclusion 17 Homeland Office of Cybersecurity and Communications Security

  18. QUESTIONS? 18 Homeland Office of Cybersecurity and Communications Security

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Situational Awareness Leveraging Versant JPA for Big Data Situation Awareness Applications

Situational Awareness Leveraging Versant JPA for Big Data Situation Awareness Applications

Situational Awareness Leveraging Versant JPA for Big Data Situation Awareness Applications Matthew Barker, Director Prof. Services Versant Corporation Situational Awareness Defined Agenda Short SA Video Big Data and Situational

545 views • 21 slides
Situational Awareness: Terrain Reasoning for Tactical Shooter A.I Situational Awareness The

Situational Awareness: Terrain Reasoning for Tactical Shooter A.I Situational Awareness The

Situational Awareness: Terrain Reasoning for Tactical Shooter A.I Situational Awareness The capability of an A.I. agent to reason is limited by the data its sensor's can acquire about the world The representation of the data we use to

537 views • 31 slides
Automated Reasoning for Situational Awareness Peter Baumgartner, Alexander Krumpholz Supply

Automated Reasoning for Situational Awareness Peter Baumgartner, Alexander Krumpholz Supply

Automated Reasoning for Situational Awareness Peter Baumgartner, Alexander Krumpholz Supply Chain Integrity Digital Mission www.data61.csiro.au Situational Awareness - Systems of Interest Factory Floor - Are the operations carried out

1.24k views • 87 slides
NVIDIA ECS March 19, 2015 1 How does 3D help humans? CFIT Loss of Situational Awareness

NVIDIA ECS March 19, 2015 1 How does 3D help humans? CFIT Loss of Situational Awareness

Better Decisions in Moments of Truth with DTI 3D NVIDIA ECS March 19, 2015 1 How does 3D help humans? CFIT Loss of Situational Awareness Situational Awareness Perceive Comprehend Project Decide Act {"45752bf": [3958177,

347 views • 16 slides
Situational Awareness Jeff Hughes Bryan Ladds Dave Hamilton Special Guest A Complete and

Situational Awareness Jeff Hughes Bryan Ladds Dave Hamilton Special Guest A Complete and

Situational Awareness Jeff Hughes Bryan Ladds Dave Hamilton Special Guest A Complete and Integrated System Supporting Emergency Management Operations Maintain Conduct Manage Situational Damage Public Awareness Assessment Information

839 views • 41 slides
Visualization & Situational Awareness Demonstrations Project Presentation for EPIC Symposium

Visualization & Situational Awareness Demonstrations Project Presentation for EPIC Symposium

Visualization & Situational Awareness Demonstrations Project Presentation for EPIC Symposium December 1, 2016 Sacramento, CA Confidential Draft - For Internal Use Only 1 Visualization and Situational Awareness Demonstrations Aksel

289 views • 16 slides
Can we leverage network monitoring to build comprehensive situational awareness of our

Can we leverage network monitoring to build comprehensive situational awareness of our

Can we leverage network monitoring to build comprehensive situational awareness of our operating environments in a way that scales well? How could such an awareness allow us to find anomalous and malicious behavior? God I hope so. If

215 views • 7 slides
Presentation Outline Bulk Power System Reliability Components NERC ACE-Frequency for

Presentation Outline Bulk Power System Reliability Components NERC ACE-Frequency for

C onsortium for DOE E lectric Situational R eliability Awareness for Resources T echnology Adequacy S olutions DOE Situational Awareness Application Using NERC Resources Adequacy Wide-Area Real Time Monitoring Application Presented by

741 views • 8 slides
INCREASING SITUATIONAL AWARENESS Through the use of ArcGIS Enterprise Presented by: Paul

INCREASING SITUATIONAL AWARENESS Through the use of ArcGIS Enterprise Presented by: Paul

INCREASING SITUATIONAL AWARENESS Through the use of ArcGIS Enterprise Presented by: Paul Tremblay, R.P.F. ESRI Canada User Conference, Thunder Bay - April 10, 2019 ORGANIZATION OVERVIEW Eacom Timber Corporation is a major Eastern Canadian

464 views • 14 slides
CRUSOE: DATA MODEL FOR CYBER SITUATIONAL AWARENESS Tuesday 28 th August, 2018 Martin Husk Jana

CRUSOE: DATA MODEL FOR CYBER SITUATIONAL AWARENESS Tuesday 28 th August, 2018 Martin Husk Jana

CRUSOE: DATA MODEL FOR CYBER SITUATIONAL AWARENESS Tuesday 28 th August, 2018 Martin Husk Jana Komrkov Martin Latovika Daniel Tovark Introduction and Motivation CRUSOE Data Model Page 2 / 23 Cyber Situational Awareness

561 views • 23 slides
Model-based Situational Awareness & the Digital Twin Ray Trechter, Manager P R E S E N T E D

Model-based Situational Awareness & the Digital Twin Ray Trechter, Manager P R E S E N T E D

Unclassified Unlimited Release SAND2018-4870 C Physical Security Center of Excellence Model-based Situational Awareness & the Digital Twin Ray Trechter, Manager P R E S E N T E D BY Interactive Systems Simulation & Analysis

390 views • 16 slides
Situational Awareness for Smart City: Opportunities and Challenges Hao Lu |

Situational Awareness for Smart City: Opportunities and Challenges Hao Lu |

Situational Awareness for Smart City: Opportunities and Challenges Hao Lu | hao.lv@yitu-inc.com About YITU AI Public Safety Retail Health Finance Face Recognition Price Challenge 2017 Winner In Face Identification

402 views • 29 slides
Jim McGowan Director, Information Management & Situational Awareness jim.mcgowan@redcross.org

Jim McGowan Director, Information Management & Situational Awareness jim.mcgowan@redcross.org

Jim McGowan Director, Information Management & Situational Awareness jim.mcgowan@redcross.org The mission of the American Red Cross is to prevent and alleviate human suffering in the face of emergencies by mobilizing the power of

504 views • 27 slides
CYBERSECURITY Situational awareness Franois Thill, Director Cybersecurity, Ministry of the

CYBERSECURITY Situational awareness Franois Thill, Director Cybersecurity, Ministry of the

CYBERSECURITY Situational awareness Franois Thill, Director Cybersecurity, Ministry of the economy Agenda The actual situation Strategy of the ministry Risk management a common language Some good practice examples 2 The

427 views • 21 slides
3D Sound GWU Why Sound? Emotional Impact Improved Presence Situational Awareness

3D Sound GWU Why Sound? Emotional Impact Improved Presence Situational Awareness

3D Sound GWU Why Sound? Emotional Impact Improved Presence Situational Awareness Sensory Substitution Better Graphics Product Recognition GWU 3D Sound: Rendering Pipeline Emitter Model How we represent

896 views • 52 slides
HOFESAC holistic operational framework for establishing situational awareness in cyberspace W.

HOFESAC holistic operational framework for establishing situational awareness in cyberspace W.

HOFESAC VizSec 13 HOFESAC holistic operational framework for establishing situational awareness in cyberspace W. Clay Moody Clemson University Supporting work by Judson Dressler, Calvert L. Bowen III, and Jason Koepke HOFESAC Disclaimer

857 views • 36 slides
Larry Clinton Barry Foer President Director of Policy & Membership lclinton@isalliance.org

Larry Clinton Barry Foer President Director of Policy & Membership lclinton@isalliance.org

Larry Clinton Barry Foer President Director of Policy & Membership lclinton@isalliance.org bfoer@isalliance.org 703-907-7028 703-907-7799 202-236-0001 ISA Board of Directors J. Michael Hickey , 1st Vice Chair Ty Sagalow, Esq ., Chairman

446 views • 43 slides
Community Preparedness Month September 2016 Compliment National Preparedness Month and Arizona

Community Preparedness Month September 2016 Compliment National Preparedness Month and Arizona

Community Preparedness Month September 2016 Compliment National Preparedness Month and Arizona Preparedness Month Get Citizens and Businesses thinking about personal preparedness Make them aware of various projects that the County is doing

404 views • 6 slides
Power Production Quarterly Commission Update 10/8/19 Powering our way of life. Department

Power Production Quarterly Commission Update 10/8/19 Powering our way of life. Department

Power Production Quarterly Commission Update 10/8/19 Powering our way of life. Department Purpose and Goal Purpose: Provide safe, secure, economical, reliable and compliant power generation under the Priest Rapid Project Federal Energy

884 views • 53 slides
What is Ransomware? Ben Spear Director, EI-ISAC January 31, 2020 Confidential & Proprietary

What is Ransomware? Ben Spear Director, EI-ISAC January 31, 2020 Confidential & Proprietary

What is Ransomware? Ben Spear Director, EI-ISAC January 31, 2020 Confidential & Proprietary 1 Confidential & Proprietary Ransomware Overview Malware that blocks access to a system, device, or file until a ransom is paid

248 views • 11 slides
ALAMEDA COUNTY FIRE DEPARTMENT SERVING : City of Dublin Alameda County City of Emeryville City

ALAMEDA COUNTY FIRE DEPARTMENT SERVING : City of Dublin Alameda County City of Emeryville City

ALAMEDA COUNTY FIRE DEPARTMENT SERVING : City of Dublin Alameda County City of Emeryville City of Newark Budget Work Session City of San Leandro City of Union City Lawrence Berkeley FY 2020-21 National Laboratory Lawrence Livermore

435 views • 21 slides
CERT CERT Emergency Network Emergency Network G.A. van Malenstein G.A. van Malenstein R.P.

CERT CERT Emergency Network Emergency Network G.A. van Malenstein G.A. van Malenstein R.P.

CERT CERT Emergency Network Emergency Network G.A. van Malenstein G.A. van Malenstein R.P. Vloothuis R.P. Vloothuis Supervisor: J. Meijer Supervisor: J. Meijer Introduction Introduction Introduction to Introduction to CERTs CERTs

397 views • 14 slides
ICS S Cyber ber Security curity Br Briefing iefing About t Jo John Ba Ballen lenti tine

ICS S Cyber ber Security curity Br Briefing iefing About t Jo John Ba Ballen lenti tine

ICS S Cyber ber Security curity Br Briefing iefing About t Jo John Ba Ballen lenti tine ne Who ho is John hn Ballenti ntine? Over 20 years of experience in the energy industry, including corporate and consulting roles managing

494 views • 38 slides
MINISTRY OF INFORMATION AND COMMUNICATIONS TECHNOLOGY Global South-South Development Expo Mini

MINISTRY OF INFORMATION AND COMMUNICATIONS TECHNOLOGY Global South-South Development Expo Mini

MINISTRY OF INFORMATION AND COMMUNICATIONS TECHNOLOGY Global South-South Development Expo Mini Partnership Forum on Enhancing ICT Development and Connectivity for LLDCs Key note address to Presentation By Hon. John Nasasira Minister of

779 views • 29 slides

More recommend