ARSTRAT Cyber Threat Center

Slides:



Advertisements
Similar presentations
Malware\Host Analysis for Level 1 Analysts “Decrease exposure time from detection to eradication” Garrett Schubert – EMC Corporation Critical Incident.
Advertisements

1www.skyboxsecurity.com Skybox Cyber Security Best Practices Three steps to reduce the risk of Advanced Persistent Threats With continuing news coverage.
©2014 Bit9. All Rights Reserved Building a Continuous Response Architecture.
Mel Pless, Sr. Director, Solutions Consulting Guidance Software, Inc. Let’s Get Right To The Endpoint Leveraging Endpoint Data to Expose,
1Cisco Security NOW © 2003, Cisco Systems, Inc. All rights reserved. THIS IS THE POWER OF CISCO SECURITY. now.
©2014 Bit9. All Rights Reserved Endpoint Threat Prevention Charles Roussey | Sr. Sales Engineer Detection and Response in Seconds.
Corporate Information Reconnaissance Cell (CIRC).
Security Innovation & Startup. OPEN THREAT EXCHANGE (OTX): THE HISTORY AND FUTURE OF OPEN THREAT INTELLIGENCE COMMUNITY ALIENVAULT OTX.
Week 10-11c Attacks and Malware III. Remote Control Facility distinguishes a bot from a worm distinguishes a bot from a worm worm propagates itself and.
Understanding the Human Network Martin Kruger LCDR Jodie Gooby November 2008.
Geospatial Systems Architecture Todd Bacastow. Views of a System Architecture Enterprise Information Computational Engineering Technology.
1 HoneyNets. 2 Introduction Definition of a Honeynet Concept of Data Capture and Data Control Generation I vs. Generation II Honeynets Description of.
Connected Security Your best defense against advanced threats Anne Aarness – Intel Security.
By, CA K RAGHU, PAST PRESIDENT – INSTITUTE OF CHARTERED ACCOUNTANTS OF INDIA.
©2016 Check Point Software Technologies Ltd. 1 Latest threats…. Rolando Panez | Security Engineer RANSOMWARE.
ECAT 4.1 – Rule Your Endpoints What’s New Customer Overview.
Enterprise’ Ever-Evolving Challenge & Constraints Dealing with BYOD Challenges Enable Compliance to Regulations Stay Current with New Consumption Models.
How to Make Cyber Threat Intelligence Actionable
Welcome Information Security Office Services Available to Counties Security Operations Center Questions.
Financial Sector Cybersecurity R&D Priorities The Members of the FSSCC R&D Committee November 2014.
Visual Analytics for Cyber Defense Decision-Making Anita D’Amico, Ph.D. Secure Decisions division of Applied Visions, Inc.
Tripwire Threat Intelligence Integrations. 2 Threat Landscape by the Numbers Over 390K malicious programs are found every day AV-Test.org On day 0, only.
Surveillance and Security Systems Cyber Security Integration.
Air Force Research Labs Dept Homeland Security (HSARPA)
“Enterprise Malware Detection”
ACTIVE DEFENSE Leveraging Threat Intelligence in the Enterprise
History of Industry Leadership
Agenda Enterprise Situational Awareness Active Defense
Actionable Intelligence
Company Overview.
Detecting Tomorrows Threats Today
Detect Malware No One Else Can… Rapidly Identify it’s capabilities, Mitigate the Threat with Actionable Risk Intelligence.
Accenture Proprietary, All Rights Reserved, Not for Distribution
Center of Excellence in Cyber Security
A lustrum of malware network communication: Evolution & insights
Malware Reverse Engineering Process
Company Overview.
Vikas Uberoy -Channel Director ANZ
Real-time protection for web sites and web apps against ATTACKS
Enterprise Botnet Detection and Mitigation System DHS Phase II SBIR Contract QUESTION: By a show of hands, how many of you believe that your networks.
Enterprise Botnet Detection and Mitigation System
DHS Phase II SBIR Contract Senior Security Engineer
Compliance with hardening standards
DISA Global Operations
Defeat Tomorrow’s Threats Today
Intelligence Driven Defense, The Next Generation SOC
Malware Reverse Engineering Process
Active Cyber Security, OnDemand
Overview.
Global Services.
Defeat Tomorrow’s Threats Today
Board Concerns About Cyber Security
Threat Monitoring Center
Advanced Threat Protection
ACTIVE DEFENSE Leveraging Threat Intelligence in the Enterprise
بهترین راهکار را انتخاب کنید...
CIS 333Competitive Success/tutorialrank.com
Valid And Updated CS0-001 Exam Certifications Dumps Questions
CIS 333 RANK Lessons in Excellence-- cis333rank.com.
CIS 333 Education for Service-- tutorialrank.com.
11/17/2018 9:32 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.
Shifting from “Incident” to “Continuous” Response
Skybox Cyber Security Best Practices
Panda Adaptive Defense Platform and Services
Coordinated Security Response
Strategic threat assessment
Managing IT Risk in a digital Transformation AGE
Counter APT Counter APT HUNT operations combine best of breed endpoint detection response technology with an experienced cadre of cybersecurity experts.
OPIsrael And The Value Of Next Generation SOCs
Presentation transcript:

ARSTRAT Cyber Threat Center Concept Overview & HBGary Capabilities

Presentation Outline HBGary Overview Products Services ARSTRAT Cyber Threat Center Concept Overview

HBGary Company established in 2003, founded by Greg Hoglund Recently formed HBGary Federal Provide classified software and services, leveraging HBGary malware analysis product-line HQs in Sacremento, CA offices in DC, establishing SCIF in Colorado Aaron Barr CEO Ted Vera President | COO

Evolving Risk Environment Valuable cyber targets Attackers are motivated and well-funded Malware is sophisticated and targeted Existing security isn’t stopping the attacks

Traditional Malware Analysis is Difficult Requires lots of technical expertise Time consuming Expensive Doesn’t scale Traditional methods to analyze memory and malware are difficult. It requires expertise, is time consuming and expensive, and it doesn’t scale.

HBGary Responder

Digital DNA Automated zero-day malware detection. 75% effective against zero-day malware attacks. Trait/Behavior based software classification system 3500 software and malware behavioral traits Example Huge number of key logger variants in the wild About 10 logical ways to build a key logger

Digital DNA Ranking Software Modules by Threat Severity 0B 8A C2 05 0F 51 03 0F 64 27 27 7B ED 06 19 42 00 C2 02 21 3D 00 63 02 21 Malware shows up as a red alert. Suspicious binaries are orange. For each binary we show its underlying behavioral traits. Examples of traits might be “packed with UPX”, “uses IRC to communicate”, or “uses kernel hooking with may indicate a presence of a rootkit”. The blue bar shows the Digital DNA sequence for the binary iimo.sys. 8A C2 0F 51 0F 64 Software Behavioral Traits

HBGary Cybersecurity Services Advanced malware detection & threat analysis Live first response triage of servers and workstations Enterprise scope of breach analysis Root cause analysis Malware analysis Enterprise containment, mitigation and remediation

HBGary IO Mission Expertise Computer Network Operations Computer Network Attack Custom malware development Computer Network Exploitation Persistent software implants Covert Communications Net-centric Space Based Influence Operations Netcentric influence operations Payload & platform development Campaign management

CNA/CNE 0-day Exploit Development Unpublished 0-day Exploits (on the shelf) VMware ESX and ESXi Win2K3 Terminal Services Win2K3 MSRP Solaris 10 RPC Adobe Flash Sun Java  Win2k Professional & Server XRK Rootkit and Keylogger  (NextGen) Rootkit 2009

Space-based IO Space-based COVCOM system Uses COTs capabilities Secure message traffic Red - Black interface Secure space-based implant C2

HBGary Global Malware Genome Malware feeds (over $25K in subscriptions) Receives thousands of malware samples daily 64 simultaneous VMWare instances of Windows HBGary Responder automated reverse engineering and classification of 5000 unique malware daily Automated signature, DDNA behavior, and social analysis (attribution) Accessible via online Portal Nobody else does this!

Global Malware Genome Portal

Cybersecurity Challenges Most CERT/SOCs do not have the tools or capabilities to enable them to move past analysis of infections to analysis of threats. A set of capabilities need to be developed and integrated in the following areas to enable better situational awareness and incident response. Malware and Threat analysis Workflow and knowledge management Communications and Collaboration Resource Characterization and Visualization Mission Impact and COAs 

How can ARSTRAT Help the Cyber Mission How can ARSTRAT Help the Cyber Mission? Establish ARSTRAT Cyber Threat Center ARSTRAT can drive past the vehicles of infection to analyze and identify the threats and their methods of attack - attribution. ARSTRAT can provide cyber threat products to subordinate commands.  Enhance their capability to fight infections. ARSTRAT cyber threat products would significantly benefit the entire cybersecurity community.

ARSTRAT Cyber Threat Center (Concept) All-source analysis Blueshash/Tutiledge Alerts Joint Cyber Database (JCD) Centaur DB (Netflow) SIPR Intel Feeds Open Source HBGary feed processor Automatically REs 5000 malware/day (scalable) Racks and stacks by severity Force multiplier - queues malware up for analysts Staffing Requirement:  6 FTEs 1 Threat Analyst (Palantir) 3 FTE malware/threat analyst (REs) 2 FTE linguist/analysts (chinese & russian)

ARSTRAT Cyber Threat Products (Concept) Threat Maps Link analysis Threat Vectors Distributed Malware association Threat Reports Digital DNA sequences (behaviors) Threat markers Author Digital Fingerprints - attribution Evolution of attacks / threats

Questions? Aaron Barr aaron@hbgary.com Ted Vera ted@hbgary.com