Presentation is loading. Please wait.

Presentation is loading. Please wait.

ARSTRAT Cyber Threat Center

PublishVirgil Ellis Modified over 6 years ago

Similar presentations

Presentation on theme: "ARSTRAT Cyber Threat Center"— Presentation transcript:

1 ARSTRAT Cyber Threat Center
Concept Overview & HBGary Capabilities

2 Presentation Outline HBGary Overview Products Services
ARSTRAT Cyber Threat Center Concept Overview

3 HBGary Company established in 2003, founded by Greg Hoglund
Recently formed HBGary Federal Provide classified software and services, leveraging HBGary malware analysis product-line HQs in Sacremento, CA offices in DC, establishing SCIF in Colorado Aaron Barr CEO Ted Vera President | COO

4 Evolving Risk Environment
Valuable cyber targets Attackers are motivated and well-funded Malware is sophisticated and targeted Existing security isn’t stopping the attacks

5 Traditional Malware Analysis is Difficult
Requires lots of technical expertise Time consuming Expensive Doesn’t scale Traditional methods to analyze memory and malware are difficult. It requires expertise, is time consuming and expensive, and it doesn’t scale.

6 HBGary Responder

7 Digital DNA Automated zero-day malware detection.
75% effective against zero-day malware attacks. Trait/Behavior based software classification system 3500 software and malware behavioral traits Example Huge number of key logger variants in the wild About 10 logical ways to build a key logger

8 Digital DNA Ranking Software Modules by Threat Severity 0B 8A C2 05 0F F B ED C D Malware shows up as a red alert. Suspicious binaries are orange. For each binary we show its underlying behavioral traits. Examples of traits might be “packed with UPX”, “uses IRC to communicate”, or “uses kernel hooking with may indicate a presence of a rootkit”. The blue bar shows the Digital DNA sequence for the binary iimo.sys. 8A C2 0F 51 0F 64 Software Behavioral Traits

9 HBGary Cybersecurity Services
Advanced malware detection & threat analysis Live first response triage of servers and workstations Enterprise scope of breach analysis Root cause analysis Malware analysis Enterprise containment, mitigation and remediation

10 HBGary IO Mission Expertise
Computer Network Operations Computer Network Attack Custom malware development Computer Network Exploitation Persistent software implants Covert Communications Net-centric Space Based Influence Operations Netcentric influence operations Payload & platform development Campaign management

11 CNA/CNE 0-day Exploit Development
Unpublished 0-day Exploits (on the shelf) VMware ESX and ESXi Win2K3 Terminal Services Win2K3 MSRP Solaris 10 RPC Adobe Flash Sun Java  Win2k Professional & Server XRK Rootkit and Keylogger  (NextGen) Rootkit 2009

12 Space-based IO Space-based COVCOM system Uses COTs capabilities
Secure message traffic Red - Black interface Secure space-based implant C2

13 HBGary Global Malware Genome
Malware feeds (over $25K in subscriptions) Receives thousands of malware samples daily 64 simultaneous VMWare instances of Windows HBGary Responder automated reverse engineering and classification of 5000 unique malware daily Automated signature, DDNA behavior, and social analysis (attribution) Accessible via online Portal Nobody else does this!

14 Global Malware Genome Portal

15 Cybersecurity Challenges
Most CERT/SOCs do not have the tools or capabilities to enable them to move past analysis of infections to analysis of threats. A set of capabilities need to be developed and integrated in the following areas to enable better situational awareness and incident response. Malware and Threat analysis Workflow and knowledge management Communications and Collaboration Resource Characterization and Visualization Mission Impact and COAs 

16 How can ARSTRAT Help the Cyber Mission
How can ARSTRAT Help the Cyber Mission? Establish ARSTRAT Cyber Threat Center ARSTRAT can drive past the vehicles of infection to analyze and identify the threats and their methods of attack - attribution. ARSTRAT can provide cyber threat products to subordinate commands.  Enhance their capability to fight infections. ARSTRAT cyber threat products would significantly benefit the entire cybersecurity community.

17 ARSTRAT Cyber Threat Center (Concept)
All-source analysis Blueshash/Tutiledge Alerts Joint Cyber Database (JCD) Centaur DB (Netflow) SIPR Intel Feeds Open Source HBGary feed processor Automatically REs 5000 malware/day (scalable) Racks and stacks by severity Force multiplier - queues malware up for analysts Staffing Requirement:  6 FTEs 1 Threat Analyst (Palantir) 3 FTE malware/threat analyst (REs) 2 FTE linguist/analysts (chinese & russian)

18 ARSTRAT Cyber Threat Products (Concept)
Threat Maps Link analysis Threat Vectors Distributed Malware association Threat Reports Digital DNA sequences (behaviors) Threat markers Author Digital Fingerprints - attribution Evolution of attacks / threats

19 Questions? Aaron Barr Ted Vera

Download ppt "ARSTRAT Cyber Threat Center"

Similar presentations

Malware\Host Analysis for Level 1 Analysts “Decrease exposure time from detection to eradication” Garrett Schubert – EMC Corporation Critical Incident.

Malware\Host Analysis for Level 1 Analysts “Decrease exposure time from detection to eradication” Garrett Schubert – EMC Corporation Critical Incident.
1www.skyboxsecurity.com Skybox Cyber Security Best Practices Three steps to reduce the risk of Advanced Persistent Threats With continuing news coverage.

1www.skyboxsecurity.com Skybox Cyber Security Best Practices Three steps to reduce the risk of Advanced Persistent Threats With continuing news coverage.
©2014 Bit9. All Rights Reserved Building a Continuous Response Architecture.

©2014 Bit9. All Rights Reserved Building a Continuous Response Architecture.
Www.encase.com Mel Pless, Sr. Director, Solutions Consulting Guidance Software, Inc. Let’s Get Right To The Endpoint Leveraging Endpoint Data to Expose,

Mel Pless, Sr. Director, Solutions Consulting Guidance Software, Inc. Let’s Get Right To The Endpoint Leveraging Endpoint Data to Expose,
1Cisco Security NOW © 2003, Cisco Systems, Inc. All rights reserved. THIS IS THE POWER OF CISCO SECURITY. now.

1Cisco Security NOW © 2003, Cisco Systems, Inc. All rights reserved. THIS IS THE POWER OF CISCO SECURITY. now.
©2014 Bit9. All Rights Reserved Endpoint Threat Prevention Charles Roussey | Sr. Sales Engineer Detection and Response in Seconds.

©2014 Bit9. All Rights Reserved Endpoint Threat Prevention Charles Roussey | Sr. Sales Engineer Detection and Response in Seconds.
Corporate Information Reconnaissance Cell (CIRC).

Corporate Information Reconnaissance Cell (CIRC).
Security Innovation & Startup. OPEN THREAT EXCHANGE (OTX): THE HISTORY AND FUTURE OF OPEN THREAT INTELLIGENCE COMMUNITY ALIENVAULT OTX.

Security Innovation & Startup. OPEN THREAT EXCHANGE (OTX): THE HISTORY AND FUTURE OF OPEN THREAT INTELLIGENCE COMMUNITY ALIENVAULT OTX.
Week 10-11c Attacks and Malware III. Remote Control Facility distinguishes a bot from a worm distinguishes a bot from a worm worm propagates itself and.

Week 10-11c Attacks and Malware III. Remote Control Facility distinguishes a bot from a worm distinguishes a bot from a worm worm propagates itself and.
Understanding the Human Network Martin Kruger LCDR Jodie Gooby November 2008.

Understanding the Human Network Martin Kruger LCDR Jodie Gooby November 2008.
Geospatial Systems Architecture Todd Bacastow. Views of a System Architecture Enterprise Information Computational Engineering Technology.

Geospatial Systems Architecture Todd Bacastow. Views of a System Architecture Enterprise Information Computational Engineering Technology.
1 HoneyNets. 2 Introduction Definition of a Honeynet Concept of Data Capture and Data Control Generation I vs. Generation II Honeynets Description of.

1 HoneyNets. 2 Introduction Definition of a Honeynet Concept of Data Capture and Data Control Generation I vs. Generation II Honeynets Description of.
Connected Security Your best defense against advanced threats Anne Aarness – Intel Security.

Connected Security Your best defense against advanced threats Anne Aarness – Intel Security.
By, CA K RAGHU, PAST PRESIDENT – INSTITUTE OF CHARTERED ACCOUNTANTS OF INDIA.

By, CA K RAGHU, PAST PRESIDENT – INSTITUTE OF CHARTERED ACCOUNTANTS OF INDIA.
©2016 Check Point Software Technologies Ltd. 1 Latest threats…. Rolando Panez | Security Engineer RANSOMWARE.

©2016 Check Point Software Technologies Ltd. 1 Latest threats…. Rolando Panez | Security Engineer RANSOMWARE.
ECAT 4.1 – Rule Your Endpoints What’s New Customer Overview.

ECAT 4.1 – Rule Your Endpoints What’s New Customer Overview.
Enterprise’ Ever-Evolving Challenge & Constraints Dealing with BYOD Challenges Enable Compliance to Regulations Stay Current with New Consumption Models.

Enterprise’ Ever-Evolving Challenge & Constraints Dealing with BYOD Challenges Enable Compliance to Regulations Stay Current with New Consumption Models.
How to Make Cyber Threat Intelligence Actionable

How to Make Cyber Threat Intelligence Actionable
Welcome Information Security Office Services Available to Counties Security Operations Center Questions.

Welcome Information Security Office Services Available to Counties Security Operations Center Questions.
Financial Sector Cybersecurity R&D Priorities The Members of the FSSCC R&D Committee November 2014.

Financial Sector Cybersecurity R&D Priorities The Members of the FSSCC R&D Committee November 2014.

Similar presentations

Ads by Google