Threats of various sorts can reduce the functionality, reliability, performance, availability, security and
|
|
- Corey Webster
- 6 years ago
- Views:
Transcription
1 ISSA The Global Voice of Information Security By Joel Weise ISSA member, Silicon Valley, USA chapter Security Architecture and Adaptive Security The author discusses a new perspective on the characteristics of a security architecture that is capable of not only reducing threats accordingly but also anticipating threats before they are manifested, including the capability to address zero-day attacks. Threats of various sorts can reduce the functionality, reliability, performance, availability, security and integrity of IT systems. These characteristics are considered critical enough that they are typically instantiated formally into service level agreements (SLAs). As such, it is reasonable to state that there is a desire to reduce threats at least to a degree whereby one can satisfy the SLAs. This article discusses a new perspective on the characteristics of a security architecture that is capable of not only reducing threats accordingly but also anticipating threats before they are manifested, including the capability to address zero-day attacks. The approach is to use adaptive security, which is based in part on complex adaptive systems. Introduction Dan Geer et al summarize the problem we face: central enemy of reliability is complexity... Prevention of insecure operating modes in complex systems is difficult to do well and impossible to do cheaply: The defender has to counter all possible attacks; the attacker only has to find one unblocked means of attack. Putting aside the issue of cost effectiveness, the key element to be addressed using adaptive security is the notion that one must counter all possible attacks. A. Elkhodary et al agree that complexity is the major issue we face and note,...one possible solution to the increased complexity of IT security infrastructure is adaptive security. D. Geer, Monoculture on the back of the Envelope, Login (December 2005). M. Mitchell Waldrop, Complexity: The Emerging Science at the Edge of Order and Chaos, (Simon & Schuster, 1992). 10
2 Security Architecture and Adaptive Security Joel Weise Zero-day Exploit The overall approach taken to address the issue of complexity is two-fold: at the microscopic level utilize autonomic systems that mimic biologic auto-immune systems, and at the macroscopic level utilize the behaviors of an ecosystem of disparate entities in the way that a complex adaptive system is viewed. Note, there are multiple definitions of a complex adaptive system depending upon how one wishes to apply it. Since the focus of this article is on IT systems, the following definition is based in part on the work of John Holland: A complex adaptive system is a dynamic network of multiple dispersed and decentralized agents that constantly interact and learn from one another. Any coherent behavior in the system arises from the agent interaction. A security architecture that exhibits the characteristics of a complex adaptive system should be well-suited to addressing threats. To summarize, the common problems are the following: As complexity of systems increases, their security and integrity decrease A monoculture of systems will allow a pandemic to spread quickly Offensive viruses and adversarial attacks are developed faster than the development of defensive responses In addition to supporting SLAs, primary objectives of adaptive security are integrity and trustworthiness. Integrity is critical to the correct working of both individual systems as well as the entire enterprise or IT infrastructure. Ultimately, the goal of supporting integrity is to instill trust in data and processing resources, that they are trustworthy, reliable, available, and operating within acceptable parameters. Thus the objectives of adaptive security are realized as IT infrastructures: Reduce threat amplification limit the potential spread of a pandemic in a monoculture, i.e., reduce cascading failures Reduce attack surface make the target smaller Reduce attack velocity slow the attack Reduce remediation time respond to an attack faster Ensure the availability of data and processing resources Ensure correctness of data and reliability of processing resources Adaptive security Adaptive security will be discussed using biological and ecosystem metaphors as these provide interesting parallels to the issues, threats and countermeasures applicable to IT systems. Biological and ecological systems maintain integrity by reacting to known threats, adapting to unknown threats, or dying. Responses can be at a microscopic biological level, (e.g., molecular, cellular) or a macroscopic ecosystem level (e.g., system or species). As Darwin tells us, it is adapt or die. SQL Injection As Darwin tells us, it is adapt or die; and to draw a parallel, successful IT ecosystems must be capable of adapting or they will eventually fail for a variety of reasons such as being attacked by predators, being infected by viruses, or just not being able to survive as the environment around them changes. According to the IBM System Journal, by enabling computing systems to make their decisions in consistent and reliable ways, autonomic techniques will engender an extremely adaptive and dynamic operational style. It is this adaptive and dynamic operational style that will allow us to deliver secure and robust solutions capable of ensuing the integrity of data and system resources. Considering an IT infrastructure as an ecosystem comprised of many elements (systems, storage, networks, applications, etc.) similar to a natural ecosystem composed of multiple elements (people, food, air, environmental conditions such as temperature), one can evaluate and draw similarities to how a localized outbreak of a disease or even a pandemic affects these as well as how to respond against such threats. In a natural human ecosystem when a pandemic strikes, not every human will necessarily survive. Survival depends upon a number of factors such as one s specific genetic make up and environmental conditions. Some individuals will have a genetic makeup and live in certain environmental conditions, enabling them to survive the pandemic, while others with different circumstances will not survive. In the natural ecosystem although some individuals will perish, the ecosystem as a whole will survive. When extrapolating this into an IT infrastructure, it may be possible to design it such that if and when a virus strikes (or other conditions warrant), individual components may fail or be sacrificed for the benefit of the entire ecosystem, allowing the system to survive. If an IT infrastructure that can survive and maintain its security, integrity and availability is A. Elkhodary, A Survey of Approaches to Adaptive Application Security, International Workshop on Software Engineering for Adaptive and Self-Managing Systems (IEEE, 2007). D. M. Chess et al, Security in an Autonomic computing Environment, IBM System Journal (2003). 11
3 Security Architecture and Adaptive Security Joel Weise When a virus strikes, individual components may fail or be sacrificed for the benefit of the entire system, allowing the system to survive. to be constructed, we must ask what are the properties and characteristics of a secure ecosystem? A secure ecosystem must exhibit the following characteristics: Flexible and able to adaptively respond to new and different threats Self-detecting, self regulating, self-healing, and selfprotecting Able to learn about norms related to the ecosystems and to detect unauthorized modifications to data, files, file systems, operating systems, and configurations, and then: Quarantine them so that forensics can be done and the ecosystem can learn from the breach Provision resources to take the place of the affected systems to ensure continuity of service Apply corrective measures as needed Use a standardized security model that includes enforcement mechanisms to ensure compliance to a security policy When exhibiting these characteristics, the IT infrastructure would function as an autonomic system and effectively mimic both an organic immune system and a large scale ecosystem. In other words, we want the IT infrastructure to behave like a complex adaptive system. We now look at how human immune systems have moved Sentinel from reactive to adaptive in nature. The adaptive immune response provides the vertebrate immune system with the ability to recognize and remember specific pathogens (to generate immunity) and to mount stronger attacks each time the pathogen is encountered. It is adaptive immunity because the body's immune system prepares itself for future challenges. 5 Immune response mediators (e.g., T-cells) are part of one s immune system. Implementing immune response mediators is an important component to an 5 adaptive security approach. The role that such mediators play in the IT infrastructure is almost identical to their use in the biological sense. That is, they are a form of guardian agents or sentinels that would be deployed throughout the IT infrastructure and act as sensors, identifying threats before they can manifest themselves. These sentinels would work as the threat triggers in conjunction with threat response and feedback mechanisms and moderate the immune response of the IT infrastructure as they do in a biological system. Once a threat has been detected, these sentinels would contact the appropriate threat responders (or a send a message to a response creator) to direct them to the threat. Taking the notion of the sentinels further, it can be envisioned that such functionality would be directly incorporated into various application, network and OS components so that independent IDS or firewall systems would no longer be necessary. Another major aspect of the ecosystem is autonomy. Due to the level of complexity we find in today's IT infrastructures, human intervention to detect and respond to threats will be too slow to react. For this reason IT systems must be capable of analyzing threats and responding to these according to defined security policies without human intervention. Further, such threat detection and response systems must be capable of learning from past threats and then be capable of anticipating new threats and taking appropriate defensive measures. Systems must also be capable of sharing their knowledge of threats and countermeasures with other systems they are federated with and trust. Biologic and ecosystem properties and information systems The following provides a mapping of the different properties of biological and ecological systems that are applicable to information systems. De Castro et al have likewise identified these as beneficial characteristics that would be useful in IT systems. Pattern recognition In the biological world cells recognize various proteins via pattern matching on their surface. Likewise, it is desired that IT systems be capable of matching patterns of both normal and abnormal behavior of code, command and response dialogs, different protocols, etc. Uniqueness Biological organisms possess their own unique immune system that varies from individual to individual and this uniqueness is then associated with different strengths and weaknesses of those individuals. Such uniqueness expressed in IT systems ensures that a monoculture does not exist that could be susceptible to a common computer virus and likewise allows an ecosystem of different and unique L. de Castro, Artificial Immune Systems: A New Computational Intelligence Approach, (Springer-Verlag, 2002). 12
4 Security Architecture and Adaptive Security Joel Weise organisms and IT systems the robustness necessary to survive different threats. Self identity The notion of self and not-self allows an organism to comprehend what is native and what is not, and triggers an elimination process of those not-self things that are considered a threat. In the IT world this concept would be replicated so that that which does not belong according to a specified security policy would likewise be isolated and eliminated. Part of manifesting self- and not-self includes supporting intra/intersystem communication and the sharing of information on threats, countermeasures, security policies and trust relationships between different systems and IT infrastructures. Diversity In the biological world diversity refers to the different types of elements (proteins, cells, etc.) that together embody a wide range of defenses against different threats, including innate and adaptive immunity. In IT systems diversity would manifest itself by architecting different control mechanisms such as compartmentalization via operating system virtualization or TPM-based hardware trust anchors. Disposability Disposability is the notion that no single cell or molecule in an organism is essential for the functioning of the entire immune system. Disposability in an IT infrastructure is represented by the concept of a sacrificial system. This contributes to the overall robustness of an IT infrastructure. Autonomy Autonomy in biological systems means that there is no single element controlling the immune system. The different elements of the immunity system can function autonomously to counter threats. It is likewise desired that such an ability for IT systems exists so that different security and integrity control mechanisms can function in an autonomous fashion to address threats. Multilayered Biological entities support molecular, cellular and other elements that act cooperatively to provide a comprehensive threat response capability. This is the identical notion of defense-in-depth that a well-designed security architecture maintains. No secure layer Any and all cells in an organism are at risk of being attacked at any point in time. This is simply the reality of things and has an exact parallel in the IT world and as such is the underlying assumption within any security policy. This is instantiated via a deny all security policy whereby access is only granted on a need-to-know basis. Anomaly detection In biological immune systems the notion of not-self enables that immune system to recognize and respond to those things that are not part of its known self. Likewise, an IT system should support the capability to automatically recognize and respond to things that are not considered normal behavior or are known explicitly as threats. The intention of using the above-described design approach is to further this characteristic such that one can anticipate threats before they can be manifested. Dynamically changing coverage Biological immune systems have limitations on the number and type of cells and molecules that can detect and respond to pathogens. As such, they maintain a dynamically changing set of these cells and molecules in the hope that the correct mix exists to respond to whatever threats arise. In an IT infrastructure one likewise cannot maintain an unlimited number of threat signatures and threat response mechanisms. Thus one must develop a means to intelligently predict and anticipate what threat response mechanisms should be deployed and utilized at any point in time. Distributivity The different elements of biological immune systems are widely distributed throughout an organism and not under the control of any central mechanisms. In IT terms this distributivity reduces the attack surface. Noise tolerance Biological immune systems do not require an absolute match to recognize pathogens. In the IT world one should likewise desire to have the ability to recognize threats without an absolute match of a virus or similar threat signature. Resilience Although various conditions can reduce the effectiveness of a biological immune system, it maintains a level of resilience that allows it to continue recognizing and countering pathogens. An IT system must similarly have such resilience so that it continues to function in spite of a reduced capacity. Fault tolerance Biological immune systems are composed of redundant elements that function in a complementary fashion. In addition, different elements can be modified to respond to pathogens that they normally would not respond to. In an IT infrastructure one should likewise desire fault tolerance such that different threat response mechanisms can be retooled or their behavior modified to respond to threats they normally would not respond to. Robustness In the biological world robustness is really the aggregate benefit of diversity and distributivity. In the IT world, it obviously makes sense that IT systems also exhibit robustness. Immune learning and memory In the biological world the immune system is by definition adaptive in nature. This adaptiveness allows for faster and more effective responses to pathogens and improves over time as the immune system learns and retains memory of pathogens. It is this adaptiveness that is desired to be mimicked, in particular, the ability to learn and remember threats over time. Predator-prey pattern of response Biological immune systems respond to pathogens via a mediated response mechanism. This allows them to scale up a response as the number of pathogens increases. Such a mediated response mechanism is likewise necessary in our IT environment so that the appropriate level of threat-response controls can be 14
5 Security Architecture and Adaptive Security Joel Weise brought to bear. The triggering and feedback mechanisms described above are used to provide such mediation. Self organization A biological system does not predetermine how it will respond to a challenge but remembers how it responded and determines the most effective response necessary. It then keeps the elements that provided that response, while other elements may be shed. In the design approach noted here, all threat response controls must be capable of adapting their behavior in a similar fashion so that they utilize the most effective countermeasures. Integration with other systems Biological organisms are made of many systems that can be used independently or in concert in a larger ecosystem. It is the intention here that IT systems exhibit the same behavior using a defense-indepth strategy. Conclusion The study of biologic and ecologic systems enables computer scientists to consider new and different means for designing, developing and managing security controls. This is especially critical as IT systems become increasingly complex. Given the rich threat environment that most organizations now operate in, we must consider new methods and mechanisms to proactively address those threats. Adaptive security is one such approach and has the advantage of not only addressing existing threats but also anticipating new threats and enabling security control mechanisms to modify their behavior before the new threats are able to manifest themselves to a critical level. Acknowledgments The author wishes to acknowledge the contributions to the original concepts discussed in this article by Rafat Alvi, Glenn Brunette and Steven Nelson. References Chao, D., (2002) Information Immune Systems. Proceedings of the First International Conference on Artificial Immune Systems. Geer, D., et al, (2003) CyberInsecurity: The cost of Monopoly. How the Dominance of Microsoft s Products Poses a Risk to Security. Liang, G., (2006) An Immunity-Based Dynamic Multilayer Intrusion Detection System, Lecture Notes In Computer Science. Springer-Verlag. Mazhar, N., (2007) BeeAIS: Artificial Immune Systems Security for Nature Inspired, MANET Routing Protocol, Bee- AdHoc, Lecture Notes In Computer Science. Springer-Verlag Santa Fe Institute, Saxena, A., et al, (2007) A Software Framework for Autonomic Security in Pervasive Environments, Lecture Notes In Computer Science. Springer-Verlag. Stevens, M. et al, (2007) Use of Trust Vectors for Cyber- Craft and the Limits of Usable Data History for Trust Vectors, Proceedings of the 2007 IEEE Symposium on Computational Intelligence in Security and Defense Applications IEEE. Ulieru, M., (2006) Autonomic Risk Management for Critical Infrastructure Protection, Integrated Computer Aided Engineering. Wiley-Interscience. About the Author Joel Weise has worked in the field of information security for over 25 years. As the principal engineer and chief technologist for the Sun Client Services Security Program Office, he designs system and application security solutions for a range of different enterprises. Joel is a charter member of the ISSA and the chairman of the ISSA Journal editorial board. He may be reached at Joel.Weise@Sun.com. 15
HOLISTIC NETWORK PROTECTION: INNOVATIONS IN SOFTWARE DEFINED NETWORKS
HOLISTIC NETWORK PROTECTION: INNOVATIONS IN SOFTWARE DEFINED NETWORKS Danielle M. Zeedick, Ed.D., CISM, CBCP Juniper Networks August 2016 Today s Objectives Goal Objectives To understand how holistic network
More informationFeatured Articles II Security Platforms Hitachi s Security Solution Platforms for Social Infrastructure
Hitachi Review Vol. 65 (2016), No. 8 337 Featured Articles II Security Platforms Hitachi s Security Solution Platforms for Social Infrastructure Toshihiko Nakano, Ph.D. Takeshi Onodera Tadashi Kamiwaki
More informationGEMOM Genetic Message Oriented Secure Middleware Significant and Measureable Progress beyond the State of the Art
GEMOM Genetic Message Oriented Secure Middleware Significant and Measureable Progress beyond the State of the Art Habtamu Abie, Ilesh Dattani,, Milan Novkovic,, John Bigham,, Shaun Topham,, and Reijo Savola
More informationZero Trust on the Endpoint. Extending the Zero Trust Model from Network to Endpoint with Advanced Endpoint Protection
Zero Trust on the Endpoint Extending the Zero Trust Model from Network to Endpoint with Advanced Endpoint Protection March 2015 Executive Summary The Forrester Zero Trust Model (Zero Trust) of information
More informationThe Evolution of System-call Monitoring
The Evolution of System-call Monitoring Stephanie Forrest Steven Hofmeyr Anil Somayaji December, 2008 Outline of Talk A sense of self for Unix processes (Review) Emphasize method rather than results Evolutionary
More informationThreat Modeling. Bart De Win Secure Application Development Course, Credits to
Threat Modeling Bart De Win bart.dewin@ascure.com Secure Application Development Course, 2009 Credits to Frank Piessens (KUL) for the slides 2 1 Overview Introduction Key Concepts Threats, Vulnerabilities,
More informationHow to Create, Deploy, & Operate Secure IoT Applications
How to Create, Deploy, & Operate Secure IoT Applications TELIT WHITEPAPER INTRODUCTION As IoT deployments accelerate, an area of growing concern is security. The likelihood of billions of additional connections
More informationalign security instill confidence
align security instill confidence cyber security Securing data has become a top priority across all industries. High-profile data breaches and the proliferation of advanced persistent threats have changed
More informationIntroducing Unified Critical Communications
Introducing Unified Critical Communications for Public Safety EXECUTIVE SUMMARY Public safety agencies already use a range of wireless communications networks, including Land Mobile Radio (LMR), public
More informationManagement Information Systems. B15. Managing Information Resources and IT Security
Management Information Systems Management Information Systems B15. Managing Information Resources and IT Security Code: 166137-01+02 Course: Management Information Systems Period: Spring 2013 Professor:
More informationIBM Global Technology Services Provide around-the-clock expertise and protect against Internet threats.
IBM Global Technology Services Provide around-the-clock expertise and protect against Internet threats. Enhancing cost to serve and pricing maturity Keeping up with quickly evolving ` Internet threats
More informationIntegrated Access Management Solutions. Access Televentures
Integrated Access Management Solutions Access Televentures Table of Contents OVERCOMING THE AUTHENTICATION CHALLENGE... 2 1 EXECUTIVE SUMMARY... 2 2 Challenges to Providing Users Secure Access... 2 2.1
More informationClient Computing Security Standard (CCSS)
Client Computing Security Standard (CCSS) 1. Background The purpose of the Client Computing Security Standard (CCSS) is to (a) help protect each user s device from harm, (b) to protect other users devices
More informationBorderless security engineered for your elastic hybrid cloud. Kaspersky Hybrid Cloud Security. #truecybersecurity
Borderless security engineered for your elastic hybrid cloud Kaspersky Hybrid Cloud Security www.kaspersky.com #truecybersecurity Borderless security engineered for your hybrid cloud environment Data
More informationReviewer s guide. PureMessage for Windows/Exchange Product tour
Reviewer s guide PureMessage for Windows/Exchange Product tour reviewer s guide: sophos nac advanced 2 welcome WELCOME Welcome to the reviewer s guide for NAC Advanced. The guide provides a review of the
More informationNo Time for Zero-Day Solutions John Muir, Managing Partner
No Time for Zero-Day Solutions John Muir, Managing Partner Executive Summary Innovations in virus construction and propagation have created a zero-day threat from email attachments that can wreak significant
More informationSOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM
SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM OVERVIEW The Verizon 2016 Data Breach Investigations Report highlights that attackers are regularly outpacing the defenders.
More informationFeatured Articles II Security Research and Development Research and Development of Advanced Security Technology
364 Hitachi Review Vol. 65 (2016), No. 8 Featured Articles II Security Research and Development Research and Development of Advanced Security Technology Tadashi Kaji, Ph.D. OVERVIEW: The damage done by
More informationTEL2813/IS2621 Security Management
TEL2813/IS2621 Security Management James Joshi Associate Professor Lecture 4 + Feb 12, 2014 NIST Risk Management Risk management concept Goal to establish a relationship between aggregated risks from information
More informationCA Host-Based Intrusion Prevention System r8
PRODUCT BRIEF: CA HOST-BASED INTRUSION PREVENTION SYSTEM CA Host-Based Intrusion Prevention System r8 CA HOST-BASED INTRUSION PREVENTION SYSTEM (CA HIPS) BLENDS A STAND-ALONE FIREWALL WITH INTRUSION DETECTION
More informationAutonomic Computing. Pablo Chacin
Autonomic Computing Pablo Chacin Acknowledgements Some Slides taken from Manish Parashar and Omer Rana presentations Agenda Fundamentals Definitions Objectives Alternative approaches Examples Research
More informationData Retrieval Firm Boosts Productivity while Protecting Customer Data
Data Retrieval Firm Boosts Productivity while Protecting Customer Data With HEIT Consulting, DriveSavers deployed a Cisco Self-Defending Network to better protect network assets, employee endpoints, and
More informationAPPLYING SIMILARITIES BETWEEN IMMUNE SYSTEMS AND MOBILE AGENT SYSTEMS IN INTRUSION DETECTION
APPLYING SIMILARITIES BETWEEN IMMUNE SYSTEMS AND MOBILE AGENT SYSTEMS IN INTRUSION DETECTION Marek Zielinski, Lucas Venter School of Computing, University of South Africa Marek Zielinski (contact author):
More informationOUTSMART ADVANCED CYBER ATTACKS WITH AN INTELLIGENCE-DRIVEN SECURITY OPERATIONS CENTER
OUTSMART ADVANCED CYBER ATTACKS WITH AN INTELLIGENCE-DRIVEN SECURITY OPERATIONS CENTER HOW TO ADDRESS GARTNER S FIVE CHARACTERISTICS OF AN INTELLIGENCE-DRIVEN SECURITY OPERATIONS CENTER 1 POWERING ACTIONABLE
More informationCA Security Management
CA Security CA Security CA Security In today s business environment, security remains one of the most pressing IT concerns. Most organizations are struggling to protect an increasing amount of disparate
More informationPopular SIEM vs aisiem
Popular SIEM vs aisiem You cannot flip a page in any Cybersecurity magazine, or scroll through security blogging sites without a mention of Next Gen SIEM. You can understand why traditional SIEM vendors
More informationStandardizing Network Access Control: TNC and Microsoft NAP to Interoperate
Standardizing Network Access Control: TNC and Microsoft NAP to Interoperate May 2007 Trusted Computing Group 3855 SW 153 rd Dr. Beaverton, OR 97006 TEL: (503) 619-0563 FAX: (503) 664-6708 admin@trustedcomputinggroup.org
More informationArchitecture-Based Self-Protecting Software Systems Adnan Alawneh CS 788
Architecture-Based Self-Protecting Software Systems Adnan Alawneh CS 788 Outline Introduction - What is the problem? - What is the solution? - Motivating Example - How ABSP addresses these challenges?
More informationDetecting Internal Malware Spread with the Cisco Cyber Threat Defense Solution 1.0
Detecting Internal Malware Spread with the Cisco Cyber Threat Defense Solution 1.0 April 9, 2012 Comments and errata should be directed to: cyber- tm@cisco.com Introduction One of the most common network
More informationNetDefend Firewall UTM Services
NetDefend Firewall UTM Services Unified Threat Management D-Link NetDefend UTM firewalls (DFL-260/860/1660/2560/2560G) integrate an Intrusion Prevention System (IPS), gateway AntiVirus (AV), and Web Content
More informationThe threat landscape is constantly
A PLATFORM-INDEPENDENT APPROACH TO SECURE MICRO-SEGMENTATION Use Case Analysis The threat landscape is constantly evolving. Data centers running business-critical workloads need proactive security solutions
More informationWHITEPAPER. Vulnerability Analysis of Certificate Validation Systems
WHITEPAPER Vulnerability Analysis of Certificate Validation Systems The US Department of Defense (DoD) has deployed one of the largest Public Key Infrastructure (PKI) in the world. It serves the Public
More informationDEFINING SECURITY FOR TODAY S CLOUD ENVIRONMENTS. Security Without Compromise
DEFINING SECURITY FOR TODAY S CLOUD ENVIRONMENTS Security Without Compromise CONTENTS INTRODUCTION 1 SECTION 1: STRETCHING BEYOND STATIC SECURITY 2 SECTION 2: NEW DEFENSES FOR CLOUD ENVIRONMENTS 5 SECTION
More informationThe McGill University Health Centre (MUHC)
The McGill University Health Centre (MUHC) Strengthening its security posture with in- depth global intelligence Overview The need MUHC security staff wanted to more quickly identify and assess potential
More informationInternational Journal of Scientific & Engineering Research Volume 8, Issue 5, May ISSN
International Journal of Scientific & Engineering Research Volume 8, Issue 5, May-2017 106 Self-organizing behavior of Wireless Ad Hoc Networks T. Raghu Trivedi, S. Giri Nath Abstract Self-organization
More informationIsla Web Malware Isolation and Network Sandbox Solutions Security Technology Comparison and Integration Guide
Isla Web Malware Isolation and Network Sandbox Solutions Security Technology Comparison and Integration Guide How the Two Approaches Compare and Interoperate Your organization counts on its security capabilities
More informationUsing Threat Analytics to Protect Privileged Access and Prevent Breaches
Using Threat Analytics to Protect Privileged Access and Prevent Breaches Under Attack Protecting privileged access and preventing breaches remains an urgent concern for companies of all sizes. Attackers
More informationBUILT TO STOP BREACHES. Cloud-Delivered Endpoint Protection
BUILT TO STOP BREACHES Cloud-Delivered Endpoint Protection CROWDSTRIKE FALCON: THE NEW STANDARD IN ENDPOINT PROTECTION ENDPOINT SECURITY BASED ON A SIMPLE, YET POWERFUL APPROACH The CrowdStrike Falcon
More informationCanada Highlights. Cybersecurity: Do you know which protective measures will make your company cyber resilient?
Canada Highlights Cybersecurity: Do you know which protective measures will make your company cyber resilient? 21 st Global Information Security Survey 2018 2019 1 Canada highlights According to the EY
More informationTransforming Security from Defense in Depth to Comprehensive Security Assurance
Transforming Security from Defense in Depth to Comprehensive Security Assurance February 28, 2016 Revision #3 Table of Contents Introduction... 3 The problem: defense in depth is not working... 3 The new
More informationWHITEPAPER ENDPOINT DETECTION AND RESPONSE BEYOND ANTIVIRUS PROACTIVE THREAT HUNTING AT THE ENDPOINT
WHITEPAPER ENDPOINT DETECTION AND RESPONSE BEYOND ANTIVIRUS PROACTIVE THREAT HUNTING AT THE ENDPOINT THREE DECADES OF COMPUTER THREATS In 1986, the Brain boot sector virus caused the first widespread realization
More informationThe Value of Automated Penetration Testing White Paper
The Value of Automated Penetration Testing White Paper Overview As an information security expert and the security manager of the company, I am well aware of the difficulties of enterprises and organizations
More informationVulnerabilities. To know your Enemy, you must become your Enemy. Information security: Vulnerabilities & attacks threats. difficult.
Vulnerabilities To know your Enemy, you must become your Enemy. "The Art of War", Sun Tzu André Zúquete Security 1 Information security: Vulnerabilities & attacks threats Discouragement measures difficult
More informationThe Top 6 WAF Essentials to Achieve Application Security Efficacy
The Top 6 WAF Essentials to Achieve Application Security Efficacy Introduction One of the biggest challenges IT and security leaders face today is reducing business risk while ensuring ease of use and
More informationCisco Self Defending Network
Cisco Self Defending Network Integrated Network Security George Chopin Security Business Development Manager, CISSP 2003, Cisco Systems, Inc. All rights reserved. 1 The Network as a Strategic Asset Corporate
More informationMcAfee epolicy Orchestrator
McAfee epolicy Orchestrator Centrally get, visualize, share, and act on security insights Security management requires cumbersome juggling between tools and data. This puts the adversary at an advantage
More informationCritical Systems. Objectives. Topics covered. Critical Systems. System dependability. Importance of dependability
Objectives Critical Systems To explain what is meant by a critical system where system failure can have severe human or economic consequence. To explain four dimensions of dependability - availability,
More informationEvolutionary Algorithm Approaches for Detecting Computer Network Intrusion (Extended Abstract)
Evolutionary Algorithm Approaches for Detecting Computer Network Intrusion (Extended Abstract) Kevin P. Anchor, Paul D. Williams, Gregg H. Gunsch, and Gary B. Lamont Department of Electrical and Computer
More informationBrowsing the World in the Sensors Continuum. Franco Zambonelli. Motivations. all our everyday objects all our everyday environments
Browsing the World in the Sensors Continuum Agents and Franco Zambonelli Agents and Motivations Agents and n Computer-based systems and sensors will be soon embedded in everywhere all our everyday objects
More informationNEXT GENERATION SECURITY OPERATIONS CENTER
DTS SOLUTION NEXT GENERATION SECURITY OPERATIONS CENTER SOC 2.0 - ENHANCED SECURITY O&M SOC 2.0 - SUCCESS FACTORS SOC 2.0 - FUNCTIONAL COMPONENTS DTS SOLUTION SOC 2.0 - ENHANCED SECURITY O&M SOC 2.0 Protecting
More informationBuilding Resilience in a Digital Enterprise
Building Resilience in a Digital Enterprise Top five steps to help reduce the risk of advanced targeted attacks To be successful in business today, an enterprise must operate securely in the cyberdomain.
More informationSurvey of Cyber Moving Targets. Presented By Sharani Sankaran
Survey of Cyber Moving Targets Presented By Sharani Sankaran Moving Target Defense A cyber moving target technique refers to any technique that attempts to defend a system and increase the complexity of
More informationForeScout ControlFabric TM Architecture
ForeScout ControlFabric TM Architecture IMPROVE MULTI-VENDOR SOLUTION EFFECTIVENESS, RESPONSE AND WORKFLOW AUTOMATION THROUGH COLLABORATION WITH INDUSTRY-LEADING TECHNOLOGY PARTNERS. The Challenge 50%
More informationAdvanced Threat Protection Buyer s Guide GUIDANCE TO ADVANCE YOUR ORGANIZATION S SECURITY POSTURE
Advanced Threat Protection Buyer s Guide GUIDANCE TO ADVANCE YOUR ORGANIZATION S SECURITY POSTURE 1 Advanced Threat Protection Buyer s Guide Contents INTRODUCTION 3 ADVANCED THREAT PROTECTION 4 BROAD COVERAGE
More informationA fault tolerance honeypots network for securing E-government
A fault tolerance honeypots network for securing E-government Shahriar Mohammadi Bahman Nikkhahan smohammadi40@yahoo.com Nikkhahan@sina.kntu.ac.ir Information Technology Engineering Group, Department of
More informationCyberspace : Privacy and Security Issues
Cyberspace : Privacy and Security Issues Chandan Mazumdar Professor, Dept. of Computer Sc. & Engg Coordinator, Centre for Distributed Computing Jadavpur University November 4, 2017 Agenda Cyberspace Privacy
More informationTHE SIX ESSENTIAL CAPABILITIES OF AN ANALYTICS-DRIVEN SIEM
THE SIX ESSENTIAL CAPABILITIES OF AN ANALYTICS-DRIVEN SIEM Modern threats demand analytics-driven security and continuous monitoring Legacy SIEMs are Stuck in the Past Finding a mechanism to collect, store
More informationAchieving Digital Transformation: FOUR MUST-HAVES FOR A MODERN VIRTUALIZATION PLATFORM WHITE PAPER
Achieving Digital Transformation: FOUR MUST-HAVES FOR A MODERN VIRTUALIZATION PLATFORM WHITE PAPER Table of Contents The Digital Transformation 3 Four Must-Haves for a Modern Virtualization Platform 3
More informationCisco Incident Control System
Cisco Incident Control System The Cisco Incident Control System (ICS) prevents new worm and virus outbreaks from affecting businesses by enabling the network to rapidly adapt and provide a distributed
More informationSOLUTION BRIEF ASSESSING DECEPTION TECHNOLOGY FOR A PROACTIVE DEFENSE
SOLUTION BRIEF ASSESSING DECEPTION TECHNOLOGY FOR A PROACTIVE DEFENSE 1 EXECUTIVE SUMMARY Attackers have repeatedly demonstrated they can bypass an organization s conventional defenses. To remain effective,
More informationMcAfee Embedded Control
McAfee Embedded Control System integrity, change control, and policy compliance in one solution McAfee Embedded Control maintains the integrity of your system by only allowing authorized code to run and
More informationFOUR WAYS TO IMPROVE ENDPOINT SECURITY: MOVING BEYOND TRADITIONAL APPROACHES
FOUR WAYS TO IMPROVE ENDPOINT SECURITY: MOVING BEYOND TRADITIONAL APPROACHES TABLE OF CONTENTS 1 INTRODUCTION NETWORK AND ENDPOINT SECURITY INTEGRATION 2 SECTION 1 RISK-BASED VISIBILITY 3 SECTION 2 CONTROL
More informationMcAfee Complete Endpoint Threat Protection Advanced threat protection for sophisticated attacks
McAfee Complete Endpoint Threat Protection Advanced threat protection for sophisticated attacks Key Advantages Stay ahead of zero-day threats, ransomware, and greyware with machine learning and dynamic
More informationAchieving a Secure and Resilient Cyber Ecosystem: A Way Ahead
Achieving a Secure and Resilient Cyber Ecosystem: A Way Ahead January 2016 Continuing to strengthen the security and resilience of our nation s critical infrastructure in partnership with you Our Responsibilities
More informationRSA INCIDENT RESPONSE SERVICES
RSA INCIDENT RESPONSE SERVICES Enabling early detection and rapid response EXECUTIVE SUMMARY Technical forensic analysis services RSA Incident Response services are for organizations that need rapid access
More informationSecuring IoT-based Cyber-Physical Human Systems against Collaborative Attacks
Securing IoT-based Cyber-Physical Human Systems against Collaborative Attacks Sathish A.P Kumar, Coastal Carolina University, Conway, SC, USA Bharat Bhargava and Ganapathy Mani Purdue University, West
More informationRSA INCIDENT RESPONSE SERVICES
RSA INCIDENT RESPONSE SERVICES Enabling early detection and rapid response EXECUTIVE SUMMARY Technical forensic analysis services RSA Incident Response services are for organizations that need rapid access
More informationDNA Intrusion Detection Methodology. James T. Dollens, Ph.D Cox Road Roswell, GA (678)
DNA Intrusion Detection Methodology by James T. Dollens, Ph.D. 1675 Cox Road Roswell, GA 30075 JTDDGC@aol.com (678) 576-3759 Copyright 2001, 2004 James T. Dollens Page 1 of 1 Introduction Computer viruses,
More informationWHY LEGACY SECURITY ARCHITECTURES ARE INADEQUATE IN A MULTI-CLOUD WORLD
WHY LEGACY SECURITY ARCHITECTURES ARE INADEQUATE IN A MULTI-CLOUD WORLD CONTENTS EXECUTIVE SUMMARY 1 MULTI-CLOUD CHANGES THE SECURITY EQUATION 2 SECTION 1: CLOUD SILOS IMPAIR VISIBILITY AND RESPONSE 3
More informationAND FINANCIAL CYBER FRAUD INSTITUTIONS FROM. Solution Brief PROTECTING BANKING
PROTECTING BANKING AND FINANCIAL INSTITUTIONS FROM CYBER FRAUD Enabling the financial industry to become proactively secure and compliant Overview In order to keep up with the changing digital payment
More informationTHE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION
BREACH & ATTACK SIMULATION THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION Cymulate s cyber simulation platform allows you to test your security assumptions, identify possible security gaps and receive
More informationIncident Response Services to Help You Prepare for and Quickly Respond to Security Incidents
Services to Help You Prepare for and Quickly Respond to Security Incidents The Challenge The threat landscape is always evolving and adversaries are getting harder to detect; and with that, cyber risk
More informationSecuring your Virtualized Datacenter. Charu Chaubal Senior Architect, Technical Marketing 6 November, 2008
Securing your Virtualized Datacenter Charu Chaubal Senior Architect, Technical Marketing 6 November, 2008 Agenda VMware Virtualization Technology How Virtualization Affects Datacenter Security Keys to
More informationNOTHING IS WHAT IT SIEMs: COVER PAGE. Simpler Way to Effective Threat Management TEMPLATE. Dan Pitman Principal Security Architect
NOTHING IS WHAT IT SIEMs: COVER PAGE Simpler Way to Effective Threat Management TEMPLATE Dan Pitman Principal Security Architect Cybersecurity is harder than it should be 2 SIEM can be harder than it should
More informationDetecting Network Reconnaissance with the Cisco Cyber Threat Defense Solution 1.0
Detecting Network Reconnaissance with the Cisco Cyber Threat Defense Solution 1.0 April 9, 2012 Introduction One of the earliest indicators of an impending network attack is the presence of network reconnaissance.
More informationSymantec Client Security. Integrated protection for network and remote clients.
Symantec Client Security Integrated protection for network and remote clients. Complex Internet threats require comprehensive security. Today's complex threats require comprehensive security solutions
More informationTraditional Security Solutions Have Reached Their Limit
Traditional Security Solutions Have Reached Their Limit CHALLENGE #1 They are reactive They force you to deal only with symptoms, rather than root causes. CHALLENGE #2 256 DAYS TO IDENTIFY A BREACH TRADITIONAL
More informationSECURITY & PRIVACY DOCUMENTATION
Okta s Commitment to Security & Privacy SECURITY & PRIVACY DOCUMENTATION (last updated September 15, 2017) Okta is committed to achieving and preserving the trust of our customers, by providing a comprehensive
More informationFour Grand Challenges in Trustworthy Computing
Overview Four Grand Challenges in Trustworthy Computing Reformatted from the presentation created and given by Dr. Gene Spafford, Purdue University. CS 6204 Spring 2005 2 Why Grand Challenges? Inspire
More informationHelp Your Security Team Sleep at Night
White Paper Help Your Security Team Sleep at Night Chief Information Security Officers (CSOs) and their information security teams are paid to be suspicious of everything and everyone who might just might
More informationProtect Your Endpoint, Keep Your Business Safe. White Paper. Exosphere, Inc. getexosphere.com
Protect Your Endpoint, Keep Your Business Safe. White Paper Exosphere, Inc. getexosphere.com White Paper Today s Threat Landscape Cyber attacks today are increasingly sophisticated and widespread, rendering
More informationA CISO GUIDE TO MULTI-CLOUD SECURITY Achieving Transparent Visibility and Control and Enhanced Risk Management
A CISO GUIDE TO MULTI-CLOUD SECURITY Achieving Transparent Visibility and Control and Enhanced Risk Management CONTENTS INTRODUCTION 1 SECTION 1: MULTI-CLOUD COVERAGE 2 SECTION 2: MULTI-CLOUD VISIBILITY
More informationAT&T Endpoint Security
AT&T Endpoint Security November 2016 Security Drivers Market Drivers Online business 24 x 7, Always on Globalization Virtual Enterprise Business Process / IT Alignment Financial Drivers CapEx / OpEx Reduction
More informationIntelligent Risk Identification and Analysis in IT Network Systems
Intelligent Risk Identification and Analysis in IT Network Systems Masoud Mohammadian University of Canberra, Faculty of Information Sciences and Engineering, Canberra, ACT 2616, Australia masoud.mohammadian@canberra.edu.au
More informationRSA NetWitness Suite Respond in Minutes, Not Months
RSA NetWitness Suite Respond in Minutes, Not Months Overview One can hardly pick up a newspaper or turn on the news without hearing about the latest security breaches. The Verizon 2015 Data Breach Investigations
More informationATTIVO NETWORKS THREATDEFEND PLATFORM INTEGRATION WITH CISCO SYSTEMS PROTECTS THE NETWORK
PARTNER BRIEF ATTIVO NETWORKS THREATDEFEND PLATFORM INTEGRATION WITH CISCO SYSTEMS PROTECTS THE NETWORK INTRODUCTION Attivo Networks has partnered with Cisco Systems to provide advanced real-time inside-the-network
More informationBring Your Own Device (BYOD)
Bring Your Own Device (BYOD) An information security and ediscovery analysis A Whitepaper Call: +44 345 222 1711 / +353 1 210 1711 Email: cyber@bsigroup.com Visit: bsigroup.com Executive summary Organizations
More informationModelling Cyber Security Risk Across the Organization Hierarchy
Modelling Cyber Security Risk Across the Organization Hierarchy Security issues have different causes and effects at different layers within the organization one size most definitely does not fit all.
More informationSYMANTEC: SECURITY ADVISORY SERVICES. Symantec Security Advisory Services The World Leader in Information Security
SYMANTEC: SECURITY ADVISORY SERVICES Symantec Security Advisory Services The World Leader in Information Security Knowledge, as the saying goes, is power. At Symantec we couldn t agree more. And when it
More information- Table of Contents -
- Table of Contents - 1 INTRODUCTION... 1 1.1 OBJECTIVES OF THIS GUIDE... 1 1.2 ORGANIZATION OF THIS GUIDE... 2 1.3 COMMON CRITERIA STANDARDS DOCUMENTS... 3 1.4 TERMS AND DEFINITIONS... 5 2 BASIC KNOWLEDGE
More informationCyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS
Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS Continual disclosed and reported
More informationSecuring the Empowered Branch with Cisco Network Admission Control. September 2007
Securing the Empowered Branch with Cisco Network Admission Control September 2007 Presentation_ID 2006 Cisco Systems, Inc. All rights reserved. 1 Contents 1 The Cisco Empowered Branch 2 Security Considerations
More informationAchieving End-to-End Security in the Internet of Things (IoT)
Achieving End-to-End Security in the Internet of Things (IoT) Optimize Your IoT Services with Carrier-Grade Cellular IoT June 2016 Achieving End-to-End Security in the Internet of Things (IoT) Table of
More informationSustainable Security Operations
Sustainable Security Operations Optimize processes and tools to make the most of your team s time and talent The number and types of security incidents organizations face daily are steadily increasing,
More informationMcAfee Public Cloud Server Security Suite
McAfee Public Cloud Server Security Suite Comprehensive security for AWS and Azure cloud workloads As enterprises shift their data center strategy to include and often lead with public cloud server instances,
More informationINCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Malware Outbreak
Automate Response Congratulations on selecting IncidentResponse.com to retrieve your custom incident response playbook guide. This guide has been created especially for you for use in within your security
More informationLTI Security Services. Intelligent & integrated Approach to Cyber & Digital Security
LTI Security Intelligent & integrated Approach to Cyber & Digital Security Overview As businesses are expanding globally into new territories, propelled and steered by digital disruption and technological
More informationContinuous protection to reduce risk and maintain production availability
Industry Services Continuous protection to reduce risk and maintain production availability Managed Security Service Answers for industry. Managing your industrial cyber security risk requires world-leading
More informationInformation Security and Cyber Security
Information Security and Cyber Security Policy NEC recognizes that it is our duty to protect the information assets entrusted to us by our customers and business partners as well as our own information
More informationC1: Define Security Requirements
OWASP Top 10 Proactive Controls IEEE Top 10 Software Security Design Flaws OWASP Top 10 Vulnerabilities Mitigated OWASP Mobile Top 10 Vulnerabilities Mitigated C1: Define Security Requirements A security
More information