Cyber Threat Landscape SCIT Concept SCIT Labs A new way to protect computing systems SCIT Technical Case Studies SCIT Status Questions? All Rights Reserved - SCIT Labs Company Confidential and Proprietary

Cyber Threat Landscape Resilience SCIT Concept Continuity of operations Mission Availability driven? Degradation of performance Recovery SCIT Technical Case Studies SCIT Status Questions? All Rights Reserved - SCIT Labs Company Confidential and Proprietary

SCIT Labs Fourth generation cyber security products Cyber Threat Landscape SCIT Concept George Mason University startup Products SCIT IT Early Warning Services Security assessment and security optimization Patents – 6 issued Award winning technology SCIT Technical Case Studies SCIT Status Questions? All Rights Reserved - SCIT Labs Confidential and Proprietary

Cyber Threat Landscape Preliminary Survey SCIT Concept How often are your servers reimaged? {Daily, Weekly, Monthly, Infrequently} What if attacker is in? How long before patches are applied? {Day, Week, Month, 3 Months, 6 Months} How are the servers protected in this period? How do you protect your Data Centers and Clouds: Infrequently used servers, Un-patchable legacy systems, DevOps? Future apps: Internet of Things – transport, ground stations, etc. SCIT Technical Case Studies SCIT Status Questions? All Rights Reserved - SCIT Labs Company Confidential and Proprietary

Cyber Threat Landscape SCIT Concept SCIT Technical Case Studies SCIT Status Questions? Attackers are agile and constantly searching Intrusions can go undetected for 8 months Time for successful attack = 4 to 6 days Time to resolve an attack = 46 days Overreliance on detection of cyber intruders is unwise The cyber threat landscape is multidimensional and subject to evolving threats by a variety of actors and sophisticated hacking tools. There are many technologies and protocols to help mitigate cyber threats, but there is really no panacea. A comprehensive strategy of risk management is still the best cyber defense. attackers are agile and constantly searching. When potential attackers become aware of a vulnerability, an exploit is typically available within days. McAfee reports that it detects more than 100,000 new malwares every day. In widely reported breaches, the intruders installed malware and stayed inside the system for months. In the majority of cases, the initial analysis underestimated the level of damage. It is reasonable to conclude that the longer the compromise lasts, the more time the attacker has to explore the digital footprint of the enterprise and to extract data. Ponemon Institute in its February 2013 report states that a typical data breach takes 80 days to detect and 123+ days to resolve. An estimated financial loss amounts to an average of $40,000 per data breach. This number is very conservative and on the lower side of the estimate. For example, in cases when technical designs are stolen, the value of breaches can be few orders of magnitude higher than this $40,000 estimate. All Rights Reserved - SCIT Labs Company Confidential and Proprietary

SCIT – Resilience, Restoration, Recovery, Forensics Cyber Threat Landscape SCIT Concept SCIT Technical Case Studies SCIT Status Questions? we have to explore new ways to protect our computing systems. Maybe it is time to accept that some failure may be inevitable and criminals will get in. If criminals are likely to breach the systems, perhaps a new solution is building an extra layer of defense that shifts the target by reducing the duration of the failure, thus reducing the amount of data lost. One approach would be to add a proactive defense layer to the overall cyber defense. This proactive layer would not depend on knowledge of the vulnerabilities or the attacker. If you are willing to accept the possibility of failure, the goal is no longer to eliminate the vulnerabilities, but to make it extremely difficult for the attacker to exploit them. We do this by asking, “How long will it take for the attacker to succeed?” In the proactive approach, the focus would be on moving and changing the exposed systems so that the attacker would not be able to stay in the system long enough to cause damage. The proactive approach is different from the current five-stage method mentioned earlier in one major aspect: It entails using time as an important part of a cyber defense strategy. While the current approach focuses on preventing the criminals from getting in, a proactive approach recognizes that this is an almost impossible problem and failure will likely occur. SCIT – Resilience, Restoration, Recovery, Forensics A New Way of Doing Business All Rights Reserved - SCIT Labs Company Confidential and Proprietary

Integrated Mitigation Framework Cyber Threat Landscape Integrated Mitigation Framework SCIT Concept Cyber Kill Chain: Get In, Stay In, Act SCIT Technical Case Studies SCIT Status Questions? All Rights Reserved - SCIT Labs Confidential and Proprietary

Cyber Threat Landscape SCIT Concept SCIT Technical Case Studies SCIT Status Questions? The pristine re-launch of the service (PRS), where service refers to an operating system, application, or server or all of them, is the key underlying mechanism that is important in SCIT. Note, the PRS at browser or app level is well developed, and readily deployed at a minimal security scale in Hotels, Libraries and many other publicly accessible Without going into details of technology implementations, one can understand SCIT solution in simple terms. A server farm is deployed using virtualization technology with multiple copies of the pristine uncontaminated server but only a few selected ones are active or hot for receiving connections or servicing the client. The others are not accessible to the users. Every 60 seconds or less, based on the use case these servers are now rotated from cold to hot state and during the cold state, the server is rebuilt with the pristine configuration. What this does is that any malware or intrusion that took place 60 seconds ago is completely wiped out. So, if hacker who had defaced a website hosted on this instance of the server is now back to it original and hacker would need to re-hack a new avatar of that server. It is also possible in that 60 seconds prior hacker did not have enough time to actually completely deface the site. Thus it becomes a moving target. Graphic from pp 3 of white paper.   SCIT thus addresses many of the concerns that current mitigation techniques are unable to address. SCIT provides a long range of benefit including the following o Limits the exposure time to a minimal thus makes it difficult to exploit the vulnerabilities within the system. o Auto recovery from intrusion in the shortest time possible o Independence from understanding the threat, intrusion related to any threat will be cleaned. All Rights Reserved - SCIT Labs Company Confidential and Proprietary

Cyber Threat Landscape Performance Test SCIT Concept SCIT Technical Test Environment Rackspace public cloud Drupal web site Concurrency factor: 250 20,000, 30,000, 35,000, 40,000 and 50,000 requests per run Baseline – no rotation Average of 2.5 to 3.0 seconds per request SCIT Exposure times 3 to 4 minutes: Most runs change < 1% Case Studies SCIT Status Questions? All Rights Reserved - SCIT Labs Confidential and Proprietary

Independent Evaluation Cyber Threat Landscape Independent Evaluation SCIT Concept IIT previously part of EWA IIT believes this technology has the potential to have dramatic impact on our ability to defend against current and future APT……IIT believes that SCIT has the potential to become the next high value additional to the body of Government- Industry Best Practice. Telos Test No firewall, IDS, IPS or DLP. Disabled throttling. 90 second exposure time. Challenge steal a 3 GB file Telos engineers used scripts to automate download. Could steal 3.8 megabits per cycle. Must repeat 3 times to ensure quality. SCIT Technical Case Studies SCIT Status Questions? All Rights Reserved - SCIT Labs Confidential and Proprietary

Security Domain Separation and Display Cyber Threat Landscape SCIT Concept Public Internet SCIT Technical NIPRNet SIPRNet JWICS Case Studies SCIT Status Servers separated by security domains Questions? Screen with separated displays All Rights Reserved - SCIT Labs Confidential and Proprietary

SCIT Secures Hyperscale Microservers Cyber Threat Landscape N m-servers SCIT Controller Chassis layout Microservers have small form factor, low weight and low power requirements. SCIT builds in security Suitable for tactical applications Highly scalable: more than 1000 cores per rack: VDI in a rack Microservers are suitable for functions such as web, DNS, LDAP or email . Specific application cores simplifies implementation and operations Hybrid configurations are possible SCIT Concept SCIT Technical Case Studies SCIT Status Questions? SCIT Labs is developing SCIT appliances using Hyperscale microserver technology. Following the applications discussed in slides 3 and 4 these appliances will have special functions, for example webserver, DNS server, etc. We plan to build these appliances using microservers. The appliance could be in a standalone box performing a single function – for example a SCIT webserver or DNS server or honeypot. The SCIT appliance may have just one function or many functions. For example, the appliance could also be in a rack with 10 multi-core chassis – each chassis specialized to a different function. Hybrid configurations can be designed to meet user requirements. All Rights Reserved - SCIT Labs Confidential and Proprietary

SCIT Disrupts Attacks Restores servers to pristine state in minutes Cyber Threat Landscape SCIT Disrupts Attacks SCIT Concept Restores servers to pristine state in minutes Reduces malware persistence Disrupts “stay in” and “act” stages Eliminates detected and undetected attacks SCIT Technical Case Studies SCIT Status Questions? Breaches are inevitable. Relying on detection is yesterdays war All Rights Reserved - SCIT Labs Company Confidential and Proprietary

Case Study: Tactical Cyber Attack Deterrence (TCAD) Cyber Threat Landscape Case Study: Tactical Cyber Attack Deterrence (TCAD) SCIT Concept SCIT Technical One of the most vulnerable aspects in tactical cyber security arises from the need to fuse data from secure and unsecure (usually local or regional) data. The field commander needs to rely on reliable data fusion strategies to guide and inform the daily decision making. While many of the data sources have been vetted, the typical tactical command and control center accepts information from sources that have not been vetted. Case Studies SCIT Status Restored the data collection servers to a pristine state every minute, thus removing any malicious codes installed on the computer Increased Cyber Resiliency Used Redundancy to provide uninterrupted service Solutions Provided Made it significantly harder to steal critical tactical data Reduced the opportunity to spread infection to other systems Business Results Questions? Next Project: Tactical Cloud Server Protection (TCSP) Space and Naval Warfare Systems Center, Pacific (SSC Pacific), San Diego All Rights Reserved - SCIT Labs Company Confidential and Proprietary

SCIT App to Test Developer Users App Testing Platform Trusted Cyber Threat Landscape Developer Users App Testing Platform Attack Profiles Vulnerabilities Trusted App Platform Commercial Customer dB On-Premise OR Cloud One-Time OR Software as a Service SCIT App to Test SCIT Concept SCIT Technical Case Studies SCIT Status Questions? All Rights Reserved - SCIT Labs Company Confidential and Proprietary

Cyber Threat Landscape SCIT Advantage SCIT Concept Security : Resilience Mitigate APT attacks: Reduce data ex-filtration losses IT early warning alerts: Discover zero days Respond to high threat intensity Recovery Forensic System and Network Management Operational Resilience. No memory leaks Apply hot patches Configuration Management Automatically replace compromised VMs Disaster Recovery SCIT Technical Case Studies SCIT Status Questions? All Rights Reserved - SCIT Labs Company Confidential and Proprietary

Not dependent on detection! Cyber Threat Landscape SCIT Advantage SCIT Concept Security Mitigate APT attacks: Reduce data ex-filtration losses IT early warning alerts: Discover zero days Respond to high threat intensity Recovery Forensic System and Network Management Operational Resilience--No memory leaks Apply hot patches Configuration Management Automatically replace compromised VMs Disaster Recovery SCIT Technical Case Studies Not dependent on detection! SCIT Status Questions? All Rights Reserved - SCIT Labs Company Confidential and Proprietary

Cyber Threat Landscape Status of SCIT SCIT Concept Implemented on VMware, AWS Cloud, Rackspace Cloud Awarded 6 US Patents Interfaced with other security tools: HP Fortify, CA APIM Gateway Demonstrated to SPAWAR SCP and DOD JCTD Office. App protection proposal reviewed by DHS S&T (2/2017) – rated selectable SCIT Technical Case Studies SCIT Status Questions? “SCIT technology shifts the cyber security focus from vulnerability elimination to consequence management.” Gen. Michael Hayden, (Ret) former Director of the Central Intelligence Agency and National Security Agency. All Rights Reserved - SCIT Labs Company Confidential and Proprietary

Questions ? Arun Sood asood@gmu.edu asood@scitlabs.com 703.347.4494 Cyber Threat Landscape Questions ? SCIT Concept Arun Sood asood@gmu.edu asood@scitlabs.com 703.347.4494 SCIT Technical Case Studies SCIT Status Questions? All Rights Reserved - SCIT Labs Company Confidential and Proprietary