TRACT: Threat Rating and Assessment Collaboration Tool
|
|
- Evelyn Marshall
- 5 years ago
- Views:
Transcription
1 TRACT: Threat Rating and Assessment Collaboration Tool Robert Hollinger and Doran Smestad Advised by: George Heineman (WPI), Philip Marquardt (MIT/LL) Worcester Polytechnic Institute Major Qualifying Project Presentation October 16 th, 2013 Group 51: Cyber Systems and Operations This work is sponsored by the Assistant Secretary of Defense for Research & Engineering under Air Force Contract #FA C Opinions, interpretations, conclusions and recommendations are those of the author and are not necessarily endorsed by the United States Government.
2 Network Analyst Identify cyber vulnerabilities and threats The possibility of a malicious attempt to damage or disrupt a computer network or system. Take necessary steps to protect their network against such threats Sources of Information Intrusion Detection System (IDS) Intrusion Prevention System (IPS) Server Logs Online Sources Analyst Tools Tools exist to process many of these sources (e.g. Splunk) However, no tool exists to process the noisy online source data TRACT - 2
3 Problem Area - Sources Sources of Information: Twitter Blogs Apple ZDnet Microsoft MITRE Bruce Schneier Verisign Security Updates Madient Symantec Rapid7 Reported Vulnerabilities Madient McAfee Comodo Tennable RSA Intel BAE Sophos Tennable TRACT - 3
4 Background Determine which threats apply to us Lincoln Research Network Operation Center (LRNOC) Holds Lincoln Laboratory Network Data Research Environment to Build Better Cyber Tools Isolated Network Lincoln Laboratory Cyber Situational Awareness (LLCySA) Platform Framework to query data from the LRNOC LLAN TRACT - 4
5 Problem Statement 1,2 Analysts receive large amounts of data from online sources. 2 1 Sources Analyst: Is there a threat? TRACT - 5
6 Problem Statement 3,4 Analysts review source data for possible threats. Threats Sources Analyst: Is there a threat? TRACT - 6
7 Problem Statement 5,6 Analysts can query LLCySA to determine relevance Threats 4 Sources Analyst: Is there a threat? Analysts are required to manually review search, sort, and organize data. TRACT - 7
8 Threat Rating and Assessment Collaboration Tool 1,2 Analysts search data held by TRACT TRACT Threats 1 2 Sources Analysts: Is there a threat? TRACT - 8
9 Threat Rating and Assessment Collaboration Tool 3,4 Analysts query LLCySA to determine relevance TRACT Threats Sources Analysts: Is there a threat? TRACT allows Analysts to collectively process more data with less noise. TRACT - 9
10 Information Retrieval Information Retrieval: Location of relevant documents from a corpus of information Regular Expression: Sequence of characters describing a text pattern Examples: (Firefox) (Firefox) (Chrome) (Firefox).{0-5}(4) ([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3}) TRACT - 10
11 Design Considerations Transfer of Information LLAN Permanent Storage of Information User Interface communication with the database Collaboration between Analysts TRACT - 11
12 User Interface - Welcome TRACT - 12
13 User Interface - Search TRACT - 13
14 User Interface - Search TRACT - 14
15 User Interface - Refine TRACT - 15
16 User Interface - Refine TRACT - 16
17 User Interface - LLCySA TRACT - 17
18 User Interface - LLCySA 40 Use of Firefox in Lincoln Laboratory Example Purposes Only Not Actual Data 35 Percent of Users Firefox 5.0 Firefox 4.0 Firefox 3.6 Firefox Firefox 5.0 Firefox 4.0 Firefox 3.6 Firefox 3.0 Browser Version TRACT - 18
19 User Interface - Dashboard TRACT - 19
20 User Interface - Dashboard TRACT - 20
21 User Interface - Dashboard TRACT - 21
22 User Interface - Dashboard TRACT - 22
23 Evaluation Analysts Dedicated display to show our Dashboard in the LRNOC Ingestion of user refinement data into the LLCySA platform Received positive reaction from Analysts and they plan to use it in their work TRACT - 23
24 Conclusion Identified a gap in the analyst toolset Developed system to assist analysts in the process of gaining relevant threat information from online sources Reviewed system with analysts TRACT - 24
25 Future Work Advanced Information Retrieval Full Graphing of Refinements Full integration with LRNOC TRACT - 25
26 Acknowledgements Philip Marquardt, MIT/LL Advisor, LRNOC Lead George Heineman, WPI Advisor David O Gwynn, LLCySA Technical Staff Kathleen Haas, MQP Coordinator Ted Clancy, WPI Project Site Lead TRACT - 26
27 Backup Slides BACKUP SLIDES TRACT - 27
28 System Flow of Information Twi$er, RSS, Atom ApplicaAon User Login User Queries Display Posts MySQL Refine Query Ingester DB Transfer SQLite LRNOC SQLite TRACT - 28
BubbleNet: A Cyber Security Dashboard for Visualizing Patterns
BubbleNet: A Cyber Security Dashboard for Visualizing Patterns Sean McKenna 1,2 Diane Staheli 2 Cody Fulcher 2 Miriah Meyer 1 1 University of Utah 2 MIT Lincoln Laboratory The Lincoln Laboratory portion
More informationGARNET. Graphical Attack graph and Reachability Network Evaluation Tool* Leevar Williams, Richard Lippmann, Kyle Ingols. MIT Lincoln Laboratory
GARNET Graphical Attack graph and Reachability Network Evaluation Tool* Leevar Williams, Richard Lippmann, Kyle Ingols 15 September 2008 9/15/2008-1 R. Lippmann, K. Ingols *This work is sponsored by the
More informationLeveraging Data Provenance to Enhance Cyber Resilience
Leveraging Data Provenance to Enhance Cyber Resilience Thomas Moyer Karishma Chadha, Robert Cunningham, Nabil Schear, Warren Smith, Adam Bates, Kevin Butler, Frank Capobianco, Trent Jaeger, and Patrick
More informationKara Greenfield, William Campbell, Joel Acevedo-Aviles
Kara Greenfield, William Campbell, Joel Acevedo-Aviles GraphEx 2014 8/21/2014 This work was sponsored by the Defense Advanced Research Projects Agency under Air Force Contract FA8721-05-C-0002. Opinions,
More informationGPS Vulnerability and DHS Mitigation Efforts. David Wulf Acting Deputy Assistant Secretary Infrastructure Protection Department of Homeland Security
GPS Vulnerability and DHS Mitigation Efforts David Wulf Acting Deputy Assistant Secretary Infrastructure Protection Department of Homeland Security The Office of Infrastructure Protection National Protection
More informationInformation Technology Information Sharing and Analysis Center. First Symposium Barcelona, Spain Feb. 2, 2011
Information Technology Information Sharing and Analysis Center First Symposium Barcelona, Spain Feb. 2, 2011 About Us Non Profit, US Corporation established in 2000 and operational in 2001 Fully funded
More informationGDPR: An Opportunity to Transform Your Security Operations
GDPR: An Opportunity to Transform Your Security Operations McAfee SIEM solutions improve breach detection and response Is your security operations GDPR ready? General Data Protection Regulation (GDPR)
More informationAdvanced Cyber Risk Management Threat Modeling & Cyber Wargaming April 23, 2018
Advanced Cyber Risk Management Threat Modeling & Cyber Wargaming April 23, 2018 The Homeland Security Systems Engineering and Development Institute (HSSEDI ) is a trademark of the U.S. Department of Homeland
More informationVisualizing Attack Graphs, Reachability, and Trust Relationships with NAVIGATOR*
Visualizing Attack Graphs, Reachability, and Trust Relationships with NAVIGATOR* Matthew Chu, Kyle Ingols, Richard Lippmann, Seth Webster, Stephen Boyer 14 September 2010 9/14/2010-1 *This work is sponsored
More informationCYBERSECURITY. The Intersection of Policy and Technology YOU RE HERE TO MAKE A DIFFERENCE ṢM
CYBERSECURITY The Intersection of Policy and Technology WWW.HKS.HARVARD.EDU/EE/CYBER YOU RE HERE TO MAKE A DIFFERENCE ṢM CYBERSECURITY THE INTERSECTION OF POLICY AND TECHNOLOGY In a world with almost limitless
More informationThreat-Based Metrics for Continuous Enterprise Network Security
Threat-Based Metrics for Continuous Enterprise Network Security Management and James Riordan Lexington, MA 02420-9108 {lippmann,james.riordan}@ll.mit.edu To be Presented at IFIP Working Group 10.4 Workshop
More informationAn Operational Cyber Security Perspective on Emerging Challenges. Michael Misumi CIO Johns Hopkins University Applied Physics Lab (JHU/APL)
An Operational Cyber Security Perspective on Emerging Challenges Michael Misumi CIO Johns Hopkins University Applied Physics Lab (JHU/APL) Johns Hopkins University Applied Physics Lab (JHU/APL) University
More informationRID IETF Draft Update
RID IETF Draft Update Kathleen M. Moriarty INCH Working Group 29 March 2005 This work was sponsored by the Air Force under Air Force Contract Number F19628-00-C-0002. "Opinions, interpretations, conclusions,
More informationMulti-Modal Audio, Video, and Physiological Sensor Learning for Continuous Emotion Prediction
Multi-Modal Audio, Video, and Physiological Sensor Learning for Continuous Emotion Prediction Youngjune Gwon 1, Kevin Brady 1, Pooya Khorrami 2, Elizabeth Godoy 1, William Campbell 1, Charlie Dagli 1,
More informationData Collection and Incident Analysis: IT-ISAC Perspective. ENISA Workshop March 17, 2010
Data Collection and Incident Analysis: IT-ISAC Perspective ENISA Workshop March 17, 2010 Agenda IT-ISAC Overview ISAC Model with Case Studies (ISAC Initiatives and Conficker) Building a Joint Capability
More informationAdvancing Cyber Intelligence Practices Through the SEI s Consortium
Advancing Cyber Intelligence Practices Through the SEI s Consortium SEI Emerging Technology Center Jay McAllister Melissa Kasan Ludwick Copyright 2015 Carnegie Mellon University This material is based
More informationA Taxonomy and a Knowledge Portal for Cybersecurity
A Taxonomy and a Knowledge Portal for Cybersecurity David Klaper Adviser: Eduard Hovy 19.06.2014 DG.O 2014 1 Outline Why Cybersecurity Education for Smart Governments? Taxonomy: Technical Aspects Impact
More informationCyber Security Awareness for SmallSat Ground Networks
Cyber Security Awareness for SmallSat Ground Networks SSC16-IX-02 SmallSat 2016 Ted Vera Colorado Springs, CO (719) 598-2801 Denver, CO (303) 703-3834 Chantilly, VA (703) 488-2500 http://www.rtlogic.com
More informationWelcome to Tomorrow... Today
Copyright 2016 Splunk Inc. Welcome to Tomorrow... Today The need and benefit of merging of IT and Security in today's ever connected world of security and IT Tim Lee CISO, City of LA Ernie Welch Sales
More informationUNCLASSIFIED R-1 ITEM NOMENCLATURE FY 2013 OCO
Exhibit R-2, RDT&E Budget Item Justification: PB 2013 Office of Secretary Of Defense DATE: February 2012 COST ($ in Millions) FY 2011 FY 2012 Base OCO Total FY 2014 FY 2015 FY 2016 FY 2017 Cost To Complete
More informationHow NOT To Get Hacked
How NOT To Get Hacked The right things to do so the bad guys can t do the wrong ones Mark Burnette Partner, LBMC -Risk Services October 25, 2016 Today s Agenda Protecting Against A Hack How should I start?
More informationIMPACT Global Response Centre. Technical Note GLOBAL RESPONSE CENTRE
Technical Note GLOBAL RESPONSE CENTRE INTRODUCTION IMPACT s Global Response (GRC) acts as the foremost cyber threat resource centre for the global. It provides emergency response to facilitate identification
More informationSymantec Advanced Threat Protection: Endpoint
Symantec Advanced Threat Protection: Endpoint Data Sheet: Advanced Threat Protection The Problem Virtually all of today's advanced persistent threats leverage endpoint systems in order to infiltrate their
More informationFirewalls (IDS and IPS) MIS 5214 Week 6
Firewalls (IDS and IPS) MIS 5214 Week 6 Agenda Defense in Depth Evolution of IT risk in automated control systems Security Domains Where to put firewalls in an N-Tier Architecture? In-class exercise Part
More informationDetection and Analysis of Threats to the Energy Sector (DATES)
Detection and Analysis of Threats to the Energy Sector (DATES) Sponsored by the Department of Energy National SCADA Test Bed Program Managed by the National Energy Technology Laboratory The views herein
More informationA Measurement Companion to the CIS Critical Security Controls (Version 6) October
A Measurement Companion to the CIS Critical Security Controls (Version 6) October 2015 1 A Measurement Companion to the CIS Critical Security Controls (Version 6) Introduction... 3 Description... 4 CIS
More informationEnd-to-End Trust, Segmentation and Segregation in the IIoT
End-to-End Trust, Segmentation and Segregation in the IIoT www.blackridge.us Michael Murray - SVP & GM Cyber Physical Systems www.blackridge.us Company Origin BlackRidge technology originated from a Department
More informationDefending Our Digital Density.
New Jersey Cybersecurity & Communications Integration Cell Defending Our Digital Density. @NJCybersecurity www.cyber.nj.gov NJCCIC@cyber.nj.gov The New Jersey Cybersecurity & Communications Integration
More informationBUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE
BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE 1 WHAT IS YOUR SITUATION? Excel spreadsheets Manually intensive Too many competing priorities Lack of effective reporting Too many consultants Not
More informationAudit Tools That Won t Break the Bank
Audit Tools That Won t Break the Bank Independent Community Bankers of Minnesota May 2, 2017 Date or subtitle Presented by: Mark Scholl, Partner 1 Objectives Discuss tools that can help you manage and
More informationEnterprise Cybersecurity Best Practices Part Number MAN Revision 006
Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 April 2013 Hologic and the Hologic Logo are trademarks or registered trademarks of Hologic, Inc. Microsoft, Active Directory,
More informationIntegrated, Intelligence driven Cyber Threat Hunting
Integrated, Intelligence driven Cyber Threat Hunting THREAT INVESTIGATION AND RESPONSE PLATFORM Zsolt Kocsis IBM Security Technical Executive, CEE zsolt.kocsis@hu.ibm.com 6th Nov 2018 Build an integrated
More informationA Data-Centric Approach to Endpoint Security
A Data-Centric Approach to Endpoint Security September 28, 2017 Eric Ogren Senior Analyst, Security 451 Research Bill Bradley Director of Product Marketing Digital Guardian About Eric Ogren Eric Ogren
More informationHow to Optimize Cyber Defenses through Risk-Based Governance. Steven Minsky CEO of LogicManager & Author of the RIMS Risk Maturity Model
How to Optimize Cyber Defenses through Risk-Based Governance Steven Minsky CEO of LogicManager & Author of the RIMS Risk Maturity Model The Goal: Risk-Based Operationalization Incident Management IT/IS
More informationTIES for Microsoft CityNext Next-Generation Situational Awareness
BROCHURE A CLOSER LOOK AT! TIES for Microsoft CityNext Next-Generation Situational Awareness INTRODUCTION! TIES for Microsoft CityNext (TMCN) is an all-hazard threat monitoring and situation awareness
More informationDefining Computer Security Incident Response Teams
Defining Computer Security Incident Response Teams Robin Ruefle January 2007 ABSTRACT: A computer security incident response team (CSIRT) is a concrete organizational entity (i.e., one or more staff) that
More informationQuick Start Guide for Administrators and Operators Cyber Advanced Warning System
NSS Labs Quick Start Guide for Administrators and Operators Cyber Advanced Warning System Introduction to the Cyber Advanced Warning System and RiskViewer... 1 Activating Your Account... 2 Adding a New
More informationCluster-based 3D Reconstruction of Aerial Video
Cluster-based 3D Reconstruction of Aerial Video Scott Sawyer (scott.sawyer@ll.mit.edu) MIT Lincoln Laboratory HPEC 12 12 September 2012 This work is sponsored by the Assistant Secretary of Defense for
More informationScott Philips, Edward Kao, Michael Yee and Christian Anderson. Graph Exploitation Symposium August 9 th 2011
Activity-Based Community Detection Scott Philips, Edward Kao, Michael Yee and Christian Anderson Graph Exploitation Symposium August 9 th 2011 23-1 This work is sponsored by the Office of Naval Research
More informationCORNERSTONE: Foundational Models and Services for Integrated Battle Planning
CORNERSTONE: Foundational Models and Services for Integrated Battle Planning Paper ID # 78 Topic 4: Collaboration, Shared Awareness, & Decision Making 17th ICCRTS Operationalizing C2 Agility Robert J.
More informationSymantec Security Monitoring Services
24x7 real-time security monitoring and protection Protect corporate assets from malicious global threat activity before it impacts your network. Partnering with Symantec skilled and experienced analysts
More informationTHREAT INTEL AND CONTENT CURATION: ORGANIZING THE PATH TO SUCCESSFUL DETECTION
SESSION ID: AIR-W12 THREAT INTEL AND CONTENT CURATION: ORGANIZING THE PATH TO SUCCESSFUL DETECTION Justin Monti CTO MKACyber Mischel Kwon CEO MKACyber @MKACyber What is Cyber Threat Intelligence Data collected,
More informationCyber Threat Intelligence Standards - A high-level overview
Cyber Threat Intelligence Standards - A high-level overview Christian Doerr TU Delft, Cyber Threat Intelligence Lab Delft University of Technology Challenge the future ~ whoami At TU Delft since 2008 in
More informationSocial Behavior Prediction Through Reality Mining
Social Behavior Prediction Through Reality Mining Charlie Dagli, William Campbell, Clifford Weinstein Human Language Technology Group MIT Lincoln Laboratory This work was sponsored by the DDR&E / RRTO
More informationSymantec Endpoint Protection Integration Component User's Guide. Version 7.0
Symantec Endpoint Protection Integration Component User's Guide Version 7.0 The software described in this book is furnished under a license agreement and may be used only in accordance with the terms
More informationInformation Security Controls Policy
Information Security Controls Policy Classification: Policy Version Number: 1-00 Status: Published Approved by (Board): University Leadership Team Approval Date: 30 January 2018 Effective from: 30 January
More informationProviding Information Superiority to Small Tactical Units
Providing Information Superiority to Small Tactical Units Jeff Boleng, PhD Principal Member of the Technical Staff Software Solutions Conference 2015 November 16 18, 2015 Copyright 2015 Carnegie Mellon
More informationAUSTRALIAN WELDER CERTIFICATION REGISTER (AWCR) CREATE A PROFILE. Bruce Cannon WTIA January 2018 Technical Publications Manager
AUSTRALIAN WELDER CERTIFICATION REGISTER (AWCR) CREATE A PROFILE OVERVIEW The AWCR provides a national framework for qualifying and testing welders to standards such as AS/NZS ISO 9606-1 and AS/NZS 2980,
More information2. D3 Cyber Incident Response Integration for Splunk
Table of Contents 1. Description D3 Add-on and App... 2 1.1 D3 Cyber Add-on... 2 1.2 D3 Cyber App... 2 2. D3 Cyber Incident Response Integration for Splunk... 2 3. D3 Cyber App for Splunk... 2 4. Installation
More informationSymantec Ransomware Protection
Symantec Ransomware Protection Protection Against Ransomware Defense in depth across all control points is required to stop ransomware @ Email Symantec Email Security.cloud, Symantec Messaging Gateway
More informationBusiness continuity management and cyber resiliency
Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently owned and managed member of Baker Tilly International. Business continuity management and cyber resiliency Introductions Eric Wunderlich,
More informationmydevelopment Troubleshooting Online Course Completion A step-by-step guide for continuing and fixed-term contract staff to login to mydevelopment
A step-by-step guide for continuing and fixed-term contract staff to login to mydevelopment mydevelopment Troubleshooting Online Course Completion Contents This step-by-step user guide shows: Page How
More informationCybersecurity Test and Evaluation at the National Cyber Range
Cybersecurity Test and Evaluation at the National Cyber Range 17 November 2015 Dr. Robert N. Tamburello Deputy Director National Cyber Range robert.n.tamburello.civ@mail.mil 571-372-2753 What is a Cyber
More informationGlobal Response Centre (GRC) & CIRT Lite. Regional Cyber security Forum 2009, Hyderabad, India 23 rd to 25 th September 2009
Global Response Centre (GRC) & CIRT Lite Regional Cyber security Forum 2009, Hyderabad, India 23 rd to 25 th September 2009 IMPACT Service offerings Global Response Centre CIRT Lite Need for GRC Access
More informationTop 10 most important IT priorities over the next 12 months. (Percent of respondents, N=633, ten responses accepted)
ESG Lab Review Sophos Security Heartbeat Date: January 2016 Author: Tony Palmer, Sr. ESG Lab Analyst; and Jack Poller, ESG Lab Analyst Abstract: This report examines the key attributes of Sophos synchronized
More informationDataSToRM: Data Science and Technology Research Environment
The Future of Advanced (Secure) Computing DataSToRM: Data Science and Technology Research Environment This material is based upon work supported by the Assistant Secretary of Defense for Research and Engineering
More informationCybersecurity in Government
Cybersecurity in Government Executive Development Course: Digital Government Ng Lup Houh, Principal Cybersecurity Specialist Cybersecurity Group 03 April 2018 Agenda Cyber Threats & Vulnerabilities Cyber
More informationSOLUTION BRIEF DFLabs IncMan SOAR - The Security Orchestration, Automation and Response Platform for SOCs.
SOLUTION BRIEF DFLabs IncMan SOAR - The Security Orchestration, Automation and Response Platform for SOCs. This Solution Brief outlines how DFLabs IncMan SOAR is designed to automate, orchestrate and measure
More informationSecuring Your Web Application against security vulnerabilities. Alvin Wong, Brand Manager IBM Rational Software
Securing Your Web Application against security vulnerabilities Alvin Wong, Brand Manager IBM Rational Software Agenda Security Landscape Vulnerability Analysis Automated Vulnerability Analysis IBM Rational
More informationManaged Endpoint Defense
DATA SHEET Managed Endpoint Defense Powered by CB Defense Next-gen endpoint threat detection and response DEPLOY AND HARDEN. Rapidly deploy and optimize endpoint prevention with dedicated security experts
More informationBetter skilled workforce
Better skilled workforce for the New Style of Business HPE Education Services November 20, 2015 Education is the most powerful weapon which you can use to change the world Nelson Mandela The New Style
More informationSecurity Architecture
Security Architecture RDX s top priority is to safeguard our customers sensitive information. Introduction RDX understands that our customers have turned over the keys to their sensitive data stores to
More informationCYBER THREAT INTEL: A STATE OF MIND. Internal Audit, Risk, Business & Technology Consulting
CYBER THREAT INTEL: A STATE OF MIND Internal Audit, Risk, Business & Technology Consulting WHO ARE WE? Randy Armknecht, CISSP, EnCE Protiviti Director - IT Consulting randy.armknecht@protiviti.com Albin
More informationENDNOTE SECURITY OVERVIEW INCLUDING ENDNOTE DESKTOP AND ONLINE
ENDNOTE SECURITY OVERVIEW INCLUDING ENDNOTE DESKTOP AND ONLINE INTRODUCTION In line with commercial industry standards, the data center used by EndNote employs a dedicated security team to protect our
More informationQuickBooks Online Security White Paper July 2017
QuickBooks Online Security White Paper July 2017 Page 1 of 6 Introduction At Intuit QuickBooks Online (QBO), we consider the security of your information as well as your customers and employees data a
More informationCybersecurity Survey Results
Cybersecurity Survey Results 4 November 2015 DISCLAIMER: The views and opinions expressed in this presentation are those of the author and do not necessarily represent official policy or position of HIMSS.
More informationCisco Networking Academy CCNA Cybersecurity Operations 1.1 Curriculum Overview Updated July 2018
Cisco Networking Academy CCNA Cybersecurity Operations 1.1 Curriculum Overview Updated July 2018 Cybersecurity Opportunities Cybercrime Costs Security Spending Cybersecurity Ventures: Cybersecurity Market
More informationCurrent skills gap for capable CTI analysts: Training for forensics & analysis
Current skills gap for capable CTI analysts: Training for forensics & analysis WORKSHOP CTI EU Bonding EU Cyber Threat Intelligence 30-31 October, Link Campus University, Rome, Italy Ing. Selene Giupponi
More informationCyber Hygiene: A Baseline Set of Practices
[DISTRIBUTION STATEMENT A] Approved for public Cyber Hygiene: A Baseline Set of Practices Matt Trevors Charles M. Wallen Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213 Copyright
More informationSimulation of Workflow and Threat Characteristics for Cyber Security Incident Response Teams
Simulation of Workflow and Threat Characteristics for Cyber Security Incident Response Teams Theodore Reed, Robert G. Abbott, Benjamin Anderson, Kevin Nauer & Chris Forsythe Sandia National Laboratories
More informationPrioritizing Alerts from Static Analysis with Classification Models
Prioritizing Alerts from Static Analysis with Classification Models PI: Lori Flynn, PhD Team: Will Snavely, David Svoboda, Dr. David Zubrow, Bob Stoddard, Dr. Nathan VanHoudnos, Dr. Elli Kanal, Richard
More informationCloud Sandboxing Against Advanced Persistent Attacks
CANTO 2017 Cloud Sandboxing Against Advanced Persistent Attacks Ric Leung Director of Product Management Huawei Technologies Co., Ltd. Traditional Defenses Are Ineffective Against Advanced Unknown Threats
More informationReadiness, Response & Resilence:
Readiness, Response & Resilence: building out advance security operations Husam Al Saraf Solutions Principal Lead Turkey, Africa & Middle East #RSAemeaSummit 1 Traditional Security Operations Top Gaps
More informationSPAM QUARANTINE. Security Service. Information Technology Services
SPAM QUARANTINE Email Security Service Information Technology Services help@mun.ca Contents Introduction... 2 Notifications... 2 Accessing SPAM Quarantine... 3 Searching Email in SPAM Quarantine... 4 Releasing
More informationSampling Large Graphs for Anticipatory Analysis
Sampling Large Graphs for Anticipatory Analysis Lauren Edwards*, Luke Johnson, Maja Milosavljevic, Vijay Gadepally, Benjamin A. Miller IEEE High Performance Extreme Computing Conference September 16, 2015
More informationCybersecurity program & best practices
Cybersecurity program & best practices How Gogo Business Aviation secures its airborne networks and inflight internet systems Live Webinar Thursday, September 28, 2017 Welcome & housekeeping notes Webinar
More informationMEETING ISO STANDARDS
WHITE PAPER MEETING ISO 27002 STANDARDS September 2018 SECURITY GUIDELINE COMPLIANCE Organizations have seen a rapid increase in malicious insider threats, sensitive data exfiltration, and other advanced
More informationSecure Multi-Party Computation of Probabilistic Threat Propagation
Secure Multi-Party Computation of Probabilistic Threat Propagation Emily Shen Nabil Schear, Ellen Vitercik, Arkady Yerukhimovich Graph Exploitation Symposium 216 DISTRIBUTION STATEMENT A. Approved for
More informationLLMORE: Mapping and Optimization Framework
LORE: Mapping and Optimization Framework Michael Wolf, MIT Lincoln Laboratory 11 September 2012 This work is sponsored by Defense Advanced Research Projects Agency (DARPA) under Air Force contract FA8721-05-C-0002.
More informationSneak Peak at CIS Critical Security Controls V 7 Release Date: March Presented by Kelli Tarala Principal Consultant Enclave Security
Sneak Peak at CIS Critical Security Controls V 7 Release Date: March 2018 2017 Presented by Kelli Tarala Principal Consultant Enclave Security 2 Standards and Frameworks 3 Information Assurance Frameworks
More informationForeScout ControlFabric TM Architecture
ForeScout ControlFabric TM Architecture IMPROVE MULTI-VENDOR SOLUTION EFFECTIVENESS, RESPONSE AND WORKFLOW AUTOMATION THROUGH COLLABORATION WITH INDUSTRY-LEADING TECHNOLOGY PARTNERS. The Challenge 50%
More informationPanelists. Moderator: Dr. John H. Saunders, MITRE Corporation
SCADA/IOT Panel This panel will focus on innovative & emerging solutions and remaining challenges in the cybersecurity of industrial control systems ICS/SCADA. Representatives from government and infrastructure
More informationSOLUTIONS BRIEF GOGO AIRBORNE SECURITY SUMMARY 2017 Q3 RELEASE
SOLUTIONS BRIEF GOGO AIRBORNE SECURITY SUMMARY 2017 Q3 RELEASE SECURE AIRBORNE CONNECTIVITY: OVERVIEW Gogo Business Aviation realizes the ever-pressing need to be vigilant in staying ahead of potential
More informationCyber Resilience. Think18. Felicity March IBM Corporation
Cyber Resilience Think18 Felicity March 1 2018 IBM Corporation Cyber Resilience Cyber Resilience is the ability of an organisation to maintain its core purpose and integrity during and after a cyber attack
More informationPlenary Session: Branch Cybersecurity Controls Thursday, February 22 1:15 p.m. 2:15 p.m.
Plenary Session: Branch Cybersecurity Controls Thursday, February 22 1:15 p.m. 2:15 p.m. Cybersecurity is a top priority for the financial services industry. Firms dedicate significant resources every
More informationTOP 10 IT SECURITY ACTIONS TO PROTECT INTERNET-CONNECTED NETWORKS AND INFORMATION
INFORMATION TECHNOLOGY SECURITY GUIDANCE TOP 10 IT SECURITY ACTIONS TO PROTECT INTERNET-CONNECTED NETWORKS AND INFORMATION ITSM.10.189 October 2017 INTRODUCTION The Top 10 Information Technology (IT) Security
More informationSymantec Backup Exec System Recovery Granular Restore Option User's Guide
Symantec Backup Exec System Recovery Granular Restore Option User's Guide Symantec Backup Exec System Recovery Granular Restore Option User's Guide The software described in this book is furnished under
More informationVulnerability Management Policy
Vulnerability Management Policy Document Type: Policy (PLCY) Endorsed By: Information Technology Policy Committee Date: 4/29/2011 Promulgated By: Chancellor Herzog Date: 6/16/2011 I. Introduction IT resources
More informationemarketeer Information Security Policy
emarketeer Information Security Policy Version Date 1.1 2018-05-03 emarketeer Information Security Policy emarketeer AB hereafter called emarketeer is a leading actor within the development of SaaS-service
More informationMark Littlejohn June 23, 2016 DON T GO IT ALONE. Achieving Cyber Security using Managed Services
Mark Littlejohn June 23, 2016 DON T GO IT ALONE Achieving Cyber Security using Managed Services Speaker: Mark Littlejohn 1 Mark is an industrial technology professional with over 30 years of experience
More informationEndpoint Security for DeltaV Systems
Endpoint Security for DeltaV Systems Decrease risk with intelligent, adaptive scanning Utilize advanced anti-malware protection Identify, remediate and secure your DeltaV system from cybersecurity risks
More informationNEXT GENERATION SECURITY OPERATIONS CENTER
DTS SOLUTION NEXT GENERATION SECURITY OPERATIONS CENTER SOC 2.0 - ENHANCED SECURITY O&M SOC 2.0 - SUCCESS FACTORS SOC 2.0 - FUNCTIONAL COMPONENTS DTS SOLUTION SOC 2.0 - ENHANCED SECURITY O&M SOC 2.0 Protecting
More informationAdvanced Tools for Cyber Ranges
Advanced Tools for Cyber Ranges Timothy M. Braje In response to the growing number and variety of cyber threats, the government, military, and industry are widely employing network emulation environments
More informationEFFECTIVELY TARGETING ADVANCED THREATS. Terry Sangha Sales Engineer at Trustwave
EFFECTIVELY TARGETING ADVANCED THREATS Terry Sangha Sales Engineer at Trustwave THE CHALLENGE PROTECTING YOUR ENVIRONMENT IS NOT GETTING EASIER ENDPOINT POINT OF SALE MOBILE VULNERABILITY MANAGEMENT CYBER
More informationDFARS , NIST , CDI
DFARS 252.204-7012, NIST 800-171, CDI and You Overview Impacts Getting started Overview Impacts Getting started Overview & Evolving Requirements DFARS 252.204-7012 - Safeguarding Covered Defense Information
More informationDashboard. Icon Legend 25Live symbols and their meaning. Feedback for questions or concerns. Help Tips Enable or disable at anytime
25Live For best performance for this scheduling system, we strongly suggest that you use one of the following browsers: Mozilla Firefox or Google Chrome Dashboard Tool Tips was designed for general use
More informationSECURITY SERVICES SECURITY
SECURITY SERVICES SECURITY SOLUTION SUMMARY Computacenter helps organisations safeguard data, simplify compliance and enable users with holistic security solutions With users, data and devices dispersed
More informationNetwork Security Monitoring: An Open Community Approach
Network Security Monitoring: An Open Community Approach IUP- Information Assurance Day, 2011 Greg Porter 11/10/11 Agenda Introduction Current State NSM & Open Community Options Conclusion 2 Introduction
More informationExternal Quality Assurance
External Quality Assurance eportfolio Version 06.16 About this guide Contents 02 The purpose of this guide is to provide with instructions on how to access and navigate eportfolio. 1 System Requirements
More informationIntegrated Cyber Defense Working Group (ICD WG) Introduction
Integrated Cyber Defense Working Group (ICD WG) Introduction Cory Huyssoon Allison Cline October 16, 2017 2017 by The Johns Hopkins Applied Physics Laboratory. Material is made available under the Creative
More information