Resilient Architectures

Similar documents
Overview. Priorities for Immediate Action with Adaptive Response The top priorities for Adaptive Response are:

UNCLASSIFIED R-1 ITEM NOMENCLATURE FY 2013 OCO

RiskSense Attack Surface Validation for IoT Systems

IoT & SCADA Cyber Security Services

CS 356 Operating System Security. Fall 2013

TOP 10 IT SECURITY ACTIONS TO PROTECT INTERNET-CONNECTED NETWORKS AND INFORMATION

UNCLASSIFIED R-1 ITEM NOMENCLATURE FY 2013 OCO

HOLISTIC NETWORK PROTECTION: INNOVATIONS IN SOFTWARE DEFINED NETWORKS

K12 Cybersecurity Roadmap

Space Cyber: An Aerospace Perspective

Designing and Building a Cybersecurity Program

Cyber Resiliency Assessment: Enabling Architectural Improvement

10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS

ISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002

Make IR Effective with Risk Evaluation and Reporting

Forecast to Industry 2016

Cyber Resiliency & Agility Call to Action

Crises Control Cloud Security Principles. Transputec provides ICT Services and Solutions to leading organisations around the globe.

Proposed Capability-Based Reference Architecture for Real-Time Network Defense

Changing face of endpoint security

Risk-Based Cyber Security for the 21 st Century

May 14, :30PM to 2:30PM CST. In Plain English: Cybersecurity and IT Exam Expectations

Securing Your Digital Transformation

Enhancing the Cybersecurity of Federal Information and Assets through CSIP

Security+ SY0-501 Study Guide Table of Contents

SIEM: Five Requirements that Solve the Bigger Business Issues

ICBA Summary of FFIEC Cybersecurity Assessment Tool (May 2017 Update)

Building Resilience in a Digital Enterprise

SOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT

align security instill confidence

Industrial Security - Protecting productivity. Industrial Security in Pharmaanlagen

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Unauthorized Access

Understanding Security Metrics to Drive Business and Security Results

Security by Default: Enabling Transformation Through Cyber Resilience

Course overview. CompTIA Security+ Certification (Exam SY0-501) Study Guide (G635eng v107)

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Elevation of Privilege

Technology Risk Management in Banking Industry. Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited

SOLUTIONS BRIEF GOGO AIRBORNE SECURITY SUMMARY 2017 Q3 RELEASE

CYBERSECURITY MATURITY ASSESSMENT

An Integrative Framework for Secure and Resilient Mission Assurance

NEXT GENERATION SECURITY OPERATIONS CENTER

Readiness, Response & Resilence:

Cyber Security. Building and assuring defence in depth

AppDefense Cb Defense Configuration Guide. AppDefense Appendix Cb Defense Integration Configuration Guide

eguide: Designing a Continuous Response Architecture 5 Steps to Reduce the Complexity of PCI Security Assessments

ANATOMY OF AN ATTACK!

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Data Theft

Reinvent Your 2013 Security Management Strategy

BUILDING AND MAINTAINING SOC

Survey of Cyber Moving Targets. Presented By Sharani Sankaran

WHITEPAPER ATTIVO NETWORKS THREATDEFEND PLATFORM AND THE MITRE ATT&CK MATRIX

Cyber Protections: First Step, Risk Assessment

RSA IT Security Risk Management

TRAINING WEEK COURSE OUTLINE May RADISSON HOTEL TRINIDAD Port of Spain, Trinidad, W.I.

Cybersecurity-Related Information Sharing Guidelines Draft Document Request For Comment

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Malware Outbreak

Honey, I Hacked the SCADA! :Industrial CONTROLLED Systems!

Cylance Axiom Alliances Program

UNCLASSIFIED. FY 2016 Base FY 2016 OCO

External Supplier Control Obligations. Cyber Security

ENDNOTE SECURITY OVERVIEW INCLUDING ENDNOTE DESKTOP AND ONLINE

Cyber Resiliency Engineering Framework (CREF)

University of Pittsburgh Security Assessment Questionnaire (v1.7)

How Boards use the NIST Cybersecurity Framework as a Roadmap to oversee cybersecurity

THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION

SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM

RSA NetWitness Suite Respond in Minutes, Not Months

FAA Cybersecurity Test Facility (CyTF) By: Enterprise Information Security Team ANG-B31 Patrick Hyle, William J Hughes Technical Center

Adversary Playbooks. An Approach to Disrupting Malicious Actors and Activity

Information Security Continuous Monitoring (ISCM) Program Evaluation

Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS

Designing an Adaptive Defense Security Architecture. George Chiorescu FireEye

Managing Microsoft 365 Identity and Access

Service. Sentry Cyber Security Gain protection against sophisticated and persistent security threats through our layered cyber defense solution

New York Cybersecurity. New York Cybersecurity. Requirements for Financial Services Companies (23NYCRR 500) Solution Brief

ACM Retreat - Today s Topics:

Virtualization Security & Audit. John Tannahill, CA, CISM, CGEIT, CRISC

Secure Development Lifecycle

ForeScout CounterACT. Continuous Monitoring and Mitigation. Real-time Visibility. Network Access Control. Endpoint Compliance.

ATTIVO NETWORKS THREATDEFEND PLATFORM INTEGRATION WITH CISCO SYSTEMS PROTECTS THE NETWORK

Cisco Secure Ops Solution

Proactive Approach to Cyber Security

Boston Chapter AGA 2018 Regional Professional Development Conference Cyber Security MAY 2018

Forecast to Industry Program Executive Office Mission Assurance/NetOps

The Common Controls Framework BY ADOBE

RSA Solution Brief. Managing Risk Within Advanced Security Operations. RSA Solution Brief

Cisco Connected Factory Accelerator Bundles

Course Outline Topic 1: Current State Assessment, Security Operations Centers, and Security Architecture

Information Security Controls Policy

Internet of Things. Internet of Everything. Presented By: Louis McNeil Tom Costin

Security Management Models And Practices Feb 5, 2008

Protecting the Nation s Critical Assets in the 21st Century

Vulnerability Assessments and Penetration Testing

CISO as Change Agent: Getting to Yes

DHG presenter. August 17, Addressing the Evolving Cybersecurity Landscape. DHG Birmingham CPE Seminar 1

ABB Ability Cyber Security Services Protection against cyber threats takes ability

An Operational Cyber Security Perspective on Emerging Challenges. Michael Misumi CIO Johns Hopkins University Applied Physics Lab (JHU/APL)

RSA INCIDENT RESPONSE SERVICES

Cyber Resiliency Design Principles

TEL2813/IS2621 Security Management

Transcription:

Resilient Architectures Jeffrey Picciotto 2 nd Annual Secure and Resilient Cyber Architectures Workshop

Transformation of Thought CONOPS Use Cases End to End Flows Cyber Threats & Intelligence Prioritize Missions Identify Mission Dependencies on Cyber Mission Impact Analysis Cyber Threat Susceptibility Assessment WHAT S MOST IMPORTANT WHAT RESOURCES ARE MOST IMPORTANT WHAT ARE THE RISKS HOW TO MITIGATE THE RISKS Mitigations Cyber Risk Remediation Engineering Analysis Security Engineering Assurance Practices Resiliency Practices Anti Tamper SCRM Practices 2

Desired Outcome The cyber resiliency foundation we develop & shape is adopted by sponsors so missions are more assured. Identify Requirements Create Solutions Prove Effectiveness Apply Resiliency Framework Goals Objectives Techniques Bring community together to Technology work collectively Metrics Commercial Cost products Research snapshot R&D tasks Performance Use Case Integration Techniques Operational context 3

Technology Commercial Products Products By Technical Area 111 Resiliency Vendors Segmentation 6% Substantiated Integrity 9% Privilege Restriction 14% Unpreditcability 10% Diversity 5% Analytic Monitoring 22% Dynamic Positioning 5% Non-Persistence 5% Redundancy 12% Deception 6% Adaptive Response 6% 4

Technology Research Capabilities 320 publications Reviewed Characterized Analyzed R&D Snapshot published Substantiated Integrity 11% Isolation 5% Research By Technical Area All Dynamic Categories ADDER 14% Metrics 13% Adaptive Response 10% Analytic MATA-RAMS Monitoring 29% Cross-Area 13% Deception 5% CyCS COMMANDR IBIP Labyrinth SERPENT Diversity through Virtualization Crypto Binding 5

Metrics Intended Uses Stakeholders Uses Operations Perf Length of time an attacker remains contained in a controlled environment Mission Technical Understanding Commander Cost Dollar and/or LOE cost of integrating diverse components to achieve Program Decision Manager resiliency Making Technical Perf % mission essential Cyber capabilities Compliance for which two Defender or more Checking different instantiations are available Operations Cost Degree of mission impact Assessing Vendor due to isolation of elements impeding Cost information flow needed to act in a timely Researcher manner Type Metric How Obtained Approach Layer Technical Perf % data value assertions in a mission essential data store for which a gold copy exists Red team, observation, analysis Cost estimation, Post hoc analysis Cost Performance Deception Diversity Technical Cyber Resource (system / network) Mission Node Information asset Operational Analysis Diversity Service Software Mission process Observation / post hoc analysis Analysis Segmentation Substantiated Integrity Mission process Information asset 6

Practical Options Resiliency Near Term Techniques (<3 years) Reviewed current Coordinated technology options Defense Use of a defense in depth strategy within organization Assessed viability today Deception Documented in terms of near, mid, and long term options Diversity Honeypots (low interaction, based on commonly used attacker requested services) Different browsers on operating systems (OSs) Mid-Term (3-5 years) Systematic process to identify dependencies and interactions among cyber defenses Honeynets (network of honeypots intended to imitate activities of a real system) Use of different protocols / communications diversity (e.g., over time, space, frequency) Long-Term (> 5 years) Automated identification of conflicts and dependencies among defenses Use of honeynets and virtualization to run deception nets that respond dynamically to adversary actions Dynamically employ different OSs and different applications on laptops, desktops and servers Non Persistence Desk top virtualization Applying virtualization to stateful services (e.g., active directory, routers) Non persistence (media/device sanitization or data transformation via encryption) for smartphones and tablets Privilege Restriction Removal of admin rights from end users for their machines Separate processing domains based on privilege Dynamic escalation of privilege restrictions based on indications of adversary activities 7

Framework Application Data Products Data Products Catalog Data Products User Server Goal Objective Technique Technology Metric Withstand Constrain Deception Deception network Segmentation Hardware trusted path Privilege Restriction Fine grained controls Recover Reconstitute Redundancy RIAK Multi cloud storage Continue Substantiated Integrity Crypto bindings 8

Use Case Integration Mission DP Meta Data Catalog Withstand -> Constrain Analyst DP 1 FIDELIS ANALYTIC MONITORING 2 Active Dynamic Defense ADAPTIVE RESPONSE Data Retrieval Application 3 Adaptive Response Non persistence 4 DP Deception network DECEPTION Fine grained controls PRIVILEGE RESTRICTION WHAT S MOST IMPORTANT CONOPS Use Cases End to End Flows Prioritize Missions Analytic Monitoring Identify Mission Dependencies on Cyber Redundancy WHAT RESOURCES ARE MOST IMPORTANT Substantiated Integrity Deception Mission Impact Analysis Cyber Threats & Intelligence Coordinated Defense Cyber Threat Susceptibility Assessment Dynamic Representation Mitigations Engineering Practices Dynamic Positioning 6 Unpredictability HOW TO MITIGATE THE RISKS Realignment SCRM Segmentation Anti Tamper Practices Resiliency Practices Diversity CRYPTOGRAPHIC HASH SUBSTANTIATED INTEGRITY 7 Resiliency GoalsCyCS 8 SECURITY AWARE DIVERSITY Recover THRU VIRTUALIZATION 9 RIAK REDUNDANCY 10 Hardware trusted Path SEGMENTATION WHAT ARE THE RISKS Cyber Risk Remediation Engineering Analysis Security Assurance Privilege Restriction Mission Assurance through REDUNDANCY Apply the Resiliency 5 Availability Engineering Framework COMMANDR + Withstand Resiliency Objectives COORDINATED DEFENSE NON PERSISTENCE Reconstitute DIVERSITY Constrain Page 9

A Resilient Architecture DIB ESXi Servers LABYRINTH FIDELIS Adversary VM ADDER RIAK FIREWALL MATA VM LABYRINTH IBIP MITRE INFRASTRUCTURE SADV RIAK MATA AMAZON SERPENT ROCS IBIP CYCS COMMANDR 10

Demonstration CyOC Operator Resiliency Operators Analyst Adversary 11

SIMEX Cyber Resiliency Simulation Experiment The Cyber Resiliency SIMEX examined tools, concepts, and the CONOPS/TTPs necessary to manage and conduct defensive cyber operations in support of mission operations Joint Surface Warfare Scenario Carrier Strike Group IWC GCCS-J Intel Officer BWC Targeting Officer ISR LNO White Cell Regional Cyber Command Center SIM Lead Red Lead Data Col. Lead EXCON DGO DCO 12

Sample Cyber SIMEX Day Denial of Service Denial of service based on router vulnerability Deception Dynamic Redirection Before Architect resiliency for resiliency capabilities capabilities and enable capabilities o Dynamically position diverse Use redundant routers routers Shut down file servers o Recognize integrity loss and Turn off user privileges switch over to redundant capability o Redirect potential C2 Substantiated Integrity Diversity Redundancy Loss of Integrity Pre planted malware activates on target system 13

Findings Resiliency comes from integrating techniques tailored based on mission priorities, threats, and vulnerabilities Need TTPs to coordinate across CND and mission operators to distinguish cyber attacks from other events Resiliency Engineering requires a team: Mission operators CND operators System engineers/architects There are few resiliency capabilities deployed, and no C2 or SA tools We lack trainers, models, & simulators for cyber operators 14

Need Increased Adoption Solutions for current and future architectures Evidence it works in real world environments Transfer knowledge/solutions across community 15

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback