Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cyber Threat Landscape

Published byÊἙρμῆς Γιαννακόπουλος Modified over 6 years ago

Similar presentations

Presentation on theme: "Cyber Threat Landscape"— Presentation transcript:

1 Cyber Threat Landscape
SCIT Concept SCIT Labs A new way to protect computing systems SCIT Technical Case Studies SCIT Status Questions? All Rights Reserved - SCIT Labs Company Confidential and Proprietary

2 Cyber Threat Landscape
Resilience SCIT Concept Continuity of operations Mission Availability driven? Degradation of performance Recovery SCIT Technical Case Studies SCIT Status Questions? All Rights Reserved - SCIT Labs Company Confidential and Proprietary

3 SCIT Labs Fourth generation cyber security products
Cyber Threat Landscape SCIT Concept George Mason University startup Products SCIT IT Early Warning Services Security assessment and security optimization Patents – 6 issued Award winning technology SCIT Technical Case Studies SCIT Status Questions? All Rights Reserved - SCIT Labs Confidential and Proprietary

4 Cyber Threat Landscape
Preliminary Survey SCIT Concept How often are your servers reimaged? {Daily, Weekly, Monthly, Infrequently} What if attacker is in? How long before patches are applied? {Day, Week, Month, 3 Months, 6 Months} How are the servers protected in this period? How do you protect your Data Centers and Clouds: Infrequently used servers, Un-patchable legacy systems, DevOps? Future apps: Internet of Things – transport, ground stations, etc. SCIT Technical Case Studies SCIT Status Questions? All Rights Reserved - SCIT Labs Company Confidential and Proprietary

5 Cyber Threat Landscape
SCIT Concept SCIT Technical Case Studies SCIT Status Questions? Attackers are agile and constantly searching Intrusions can go undetected for 8 months Time for successful attack = 4 to 6 days Time to resolve an attack = 46 days Overreliance on detection of cyber intruders is unwise The cyber threat landscape is multidimensional and subject to evolving threats by a variety of actors and sophisticated hacking tools. There are many technologies and protocols to help mitigate cyber threats, but there is really no panacea. A comprehensive strategy of risk management is still the best cyber defense. attackers are agile and constantly searching. When potential attackers become aware of a vulnerability, an exploit is typically available within days. McAfee reports that it detects more than 100,000 new malwares every day. In widely reported breaches, the intruders installed malware and stayed inside the system for months. In the majority of cases, the initial analysis underestimated the level of damage. It is reasonable to conclude that the longer the compromise lasts, the more time the attacker has to explore the digital footprint of the enterprise and to extract data. Ponemon Institute in its February 2013 report states that a typical data breach takes 80 days to detect and 123+ days to resolve. An estimated financial loss amounts to an average of $40,000 per data breach. This number is very conservative and on the lower side of the estimate. For example, in cases when technical designs are stolen, the value of breaches can be few orders of magnitude higher than this $40,000 estimate. All Rights Reserved - SCIT Labs Company Confidential and Proprietary

6 SCIT – Resilience, Restoration, Recovery, Forensics
Cyber Threat Landscape SCIT Concept SCIT Technical Case Studies SCIT Status Questions? we have to explore new ways to protect our computing systems. Maybe it is time to accept that some failure may be inevitable and criminals will get in. If criminals are likely to breach the systems, perhaps a new solution is building an extra layer of defense that shifts the target by reducing the duration of the failure, thus reducing the amount of data lost. One approach would be to add a proactive defense layer to the overall cyber defense. This proactive layer would not depend on knowledge of the vulnerabilities or the attacker. If you are willing to accept the possibility of failure, the goal is no longer to eliminate the vulnerabilities, but to make it extremely difficult for the attacker to exploit them. We do this by asking, “How long will it take for the attacker to succeed?” In the proactive approach, the focus would be on moving and changing the exposed systems so that the attacker would not be able to stay in the system long enough to cause damage. The proactive approach is different from the current five-stage method mentioned earlier in one major aspect: It entails using time as an important part of a cyber defense strategy. While the current approach focuses on preventing the criminals from getting in, a proactive approach recognizes that this is an almost impossible problem and failure will likely occur. SCIT – Resilience, Restoration, Recovery, Forensics A New Way of Doing Business All Rights Reserved - SCIT Labs Company Confidential and Proprietary

7 Integrated Mitigation Framework
Cyber Threat Landscape Integrated Mitigation Framework SCIT Concept Cyber Kill Chain: Get In, Stay In, Act SCIT Technical Case Studies SCIT Status Questions? All Rights Reserved - SCIT Labs Confidential and Proprietary

8 Cyber Threat Landscape
SCIT Concept SCIT Technical Case Studies SCIT Status Questions? The pristine re-launch of the service (PRS), where service refers to an operating system, application, or server or all of them, is the key underlying mechanism that is important in SCIT. Note, the PRS at browser or app level is well developed, and readily deployed at a minimal security scale in Hotels, Libraries and many other publicly accessible Without going into details of technology implementations, one can understand SCIT solution in simple terms. A server farm is deployed using virtualization technology with multiple copies of the pristine uncontaminated server but only a few selected ones are active or hot for receiving connections or servicing the client. The others are not accessible to the users. Every 60 seconds or less, based on the use case these servers are now rotated from cold to hot state and during the cold state, the server is rebuilt with the pristine configuration. What this does is that any malware or intrusion that took place 60 seconds ago is completely wiped out. So, if hacker who had defaced a website hosted on this instance of the server is now back to it original and hacker would need to re-hack a new avatar of that server. It is also possible in that 60 seconds prior hacker did not have enough time to actually completely deface the site. Thus it becomes a moving target. Graphic from pp 3 of white paper. SCIT thus addresses many of the concerns that current mitigation techniques are unable to address. SCIT provides a long range of benefit including the following o Limits the exposure time to a minimal thus makes it difficult to exploit the vulnerabilities within the system. o Auto recovery from intrusion in the shortest time possible o Independence from understanding the threat, intrusion related to any threat will be cleaned. All Rights Reserved - SCIT Labs Company Confidential and Proprietary

9 Cyber Threat Landscape
Performance Test SCIT Concept SCIT Technical Test Environment Rackspace public cloud Drupal web site Concurrency factor: 250 20,000, 30,000, 35,000, 40,000 and 50,000 requests per run Baseline – no rotation Average of 2.5 to 3.0 seconds per request SCIT Exposure times 3 to 4 minutes: Most runs change < 1% Case Studies SCIT Status Questions? All Rights Reserved - SCIT Labs Confidential and Proprietary

10 Independent Evaluation
Cyber Threat Landscape Independent Evaluation SCIT Concept IIT previously part of EWA IIT believes this technology has the potential to have dramatic impact on our ability to defend against current and future APT……IIT believes that SCIT has the potential to become the next high value additional to the body of Government- Industry Best Practice. Telos Test No firewall, IDS, IPS or DLP. Disabled throttling. 90 second exposure time. Challenge steal a 3 GB file Telos engineers used scripts to automate download. Could steal 3.8 megabits per cycle. Must repeat 3 times to ensure quality. SCIT Technical Case Studies SCIT Status Questions? All Rights Reserved - SCIT Labs Confidential and Proprietary

11 Security Domain Separation and Display
Cyber Threat Landscape SCIT Concept Public Internet SCIT Technical NIPRNet SIPRNet JWICS Case Studies SCIT Status Servers separated by security domains Questions? Screen with separated displays All Rights Reserved - SCIT Labs Confidential and Proprietary

12 SCIT Secures Hyperscale Microservers
Cyber Threat Landscape N m-servers SCIT Controller Chassis layout Microservers have small form factor, low weight and low power requirements. SCIT builds in security Suitable for tactical applications Highly scalable: more than cores per rack: VDI in a rack Microservers are suitable for functions such as web, DNS, LDAP or . Specific application cores simplifies implementation and operations Hybrid configurations are possible SCIT Concept SCIT Technical Case Studies SCIT Status Questions? SCIT Labs is developing SCIT appliances using Hyperscale microserver technology. Following the applications discussed in slides 3 and 4 these appliances will have special functions, for example webserver, DNS server, etc. We plan to build these appliances using microservers. The appliance could be in a standalone box performing a single function – for example a SCIT webserver or DNS server or honeypot. The SCIT appliance may have just one function or many functions. For example, the appliance could also be in a rack with 10 multi-core chassis – each chassis specialized to a different function. Hybrid configurations can be designed to meet user requirements. All Rights Reserved - SCIT Labs Confidential and Proprietary

13 SCIT Disrupts Attacks Restores servers to pristine state in minutes
Cyber Threat Landscape SCIT Disrupts Attacks SCIT Concept Restores servers to pristine state in minutes Reduces malware persistence Disrupts “stay in” and “act” stages Eliminates detected and undetected attacks SCIT Technical Case Studies SCIT Status Questions? Breaches are inevitable. Relying on detection is yesterdays war All Rights Reserved - SCIT Labs Company Confidential and Proprietary

14 Case Study: Tactical Cyber Attack Deterrence (TCAD)
Cyber Threat Landscape Case Study: Tactical Cyber Attack Deterrence (TCAD) SCIT Concept SCIT Technical One of the most vulnerable aspects in tactical cyber security arises from the need to fuse data from secure and unsecure (usually local or regional) data. The field commander needs to rely on reliable data fusion strategies to guide and inform the daily decision making. While many of the data sources have been vetted, the typical tactical command and control center accepts information from sources that have not been vetted. Case Studies SCIT Status Restored the data collection servers to a pristine state every minute, thus removing any malicious codes installed on the computer Increased Cyber Resiliency Used Redundancy to provide uninterrupted service Solutions Provided Made it significantly harder to steal critical tactical data Reduced the opportunity to spread infection to other systems Business Results Questions? Next Project: Tactical Cloud Server Protection (TCSP) Space and Naval Warfare Systems Center, Pacific (SSC Pacific), San Diego All Rights Reserved - SCIT Labs Company Confidential and Proprietary

15 SCIT App to Test Developer Users App Testing Platform Trusted
Cyber Threat Landscape Developer Users App Testing Platform Attack Profiles Vulnerabilities Trusted App Platform Commercial Customer dB On-Premise OR Cloud One-Time OR Software as a Service SCIT App to Test SCIT Concept SCIT Technical Case Studies SCIT Status Questions? All Rights Reserved - SCIT Labs Company Confidential and Proprietary

16 Cyber Threat Landscape
SCIT Advantage SCIT Concept Security : Resilience Mitigate APT attacks: Reduce data ex-filtration losses IT early warning alerts: Discover zero days Respond to high threat intensity Recovery Forensic System and Network Management Operational Resilience. No memory leaks Apply hot patches Configuration Management Automatically replace compromised VMs Disaster Recovery SCIT Technical Case Studies SCIT Status Questions? All Rights Reserved - SCIT Labs Company Confidential and Proprietary

17 Not dependent on detection!
Cyber Threat Landscape SCIT Advantage SCIT Concept Security Mitigate APT attacks: Reduce data ex-filtration losses IT early warning alerts: Discover zero days Respond to high threat intensity Recovery Forensic System and Network Management Operational Resilience--No memory leaks Apply hot patches Configuration Management Automatically replace compromised VMs Disaster Recovery SCIT Technical Case Studies Not dependent on detection! SCIT Status Questions? All Rights Reserved - SCIT Labs Company Confidential and Proprietary

18 Cyber Threat Landscape
Status of SCIT SCIT Concept Implemented on VMware, AWS Cloud, Rackspace Cloud Awarded 6 US Patents Interfaced with other security tools: HP Fortify, CA APIM Gateway Demonstrated to SPAWAR SCP and DOD JCTD Office. App protection proposal reviewed by DHS S&T (2/2017) – rated selectable SCIT Technical Case Studies SCIT Status Questions? “SCIT technology shifts the cyber security focus from vulnerability elimination to consequence management.” Gen. Michael Hayden, (Ret) former Director of the Central Intelligence Agency and National Security Agency. All Rights Reserved - SCIT Labs Company Confidential and Proprietary

19 Questions ? Arun Sood asood@gmu.edu asood@scitlabs.com 703.347.4494
Cyber Threat Landscape Questions ? SCIT Concept Arun Sood SCIT Technical Case Studies SCIT Status Questions? All Rights Reserved - SCIT Labs Company Confidential and Proprietary

Download ppt "Cyber Threat Landscape"

Similar presentations

ETHICAL HACKING A LICENCE TO HACK

ETHICAL HACKING A LICENCE TO HACK
Security Life Cycle for Advanced Threats

Security Life Cycle for Advanced Threats
The Way to Protect The Smartest Way to Protect Websites and Web Apps from Attacks.

The Way to Protect The Smartest Way to Protect Websites and Web Apps from Attacks.
1 An Overview of Computer Security computer security.

1 An Overview of Computer Security computer security.
Know the Client Own the Problem Share the Solution The 2005 Case for Information Technology Security October 14, 2004.

Know the Client Own the Problem Share the Solution The 2005 Case for Information Technology Security October 14, 2004.
Security Awareness Challenges of Security No single simple solution to protecting computers and securing information Different types of attacks Difficulties.

Security Awareness Challenges of Security No single simple solution to protecting computers and securing information Different types of attacks Difficulties.
A project under the 7th Framework Programme CPS Workshop Stockholm 12/04/2010 Gunnar Björkman Project Coordinator A Security Project for the Protection.

A project under the 7th Framework Programme CPS Workshop Stockholm 12/04/2010 Gunnar Björkman Project Coordinator A Security Project for the Protection.
1Cisco Security NOW © 2003, Cisco Systems, Inc. All rights reserved. THIS IS THE POWER OF CISCO SECURITY. now.

1Cisco Security NOW © 2003, Cisco Systems, Inc. All rights reserved. THIS IS THE POWER OF CISCO SECURITY. now.
Real Security for Server Virtualization Rajiv Motwani 2 nd October 2010.

Real Security for Server Virtualization Rajiv Motwani 2 nd October 2010.
1 Managed Security. 2 Managed Security provides a comprehensive suite of security services to manage and protect your network assets –Managed Firewall.

1 Managed Security. 2 Managed Security provides a comprehensive suite of security services to manage and protect your network assets –Managed Firewall.
Staying Ahead of the Curve in Cyber Security Bill Chang CEO, SingTel Group Enterprise.

Staying Ahead of the Curve in Cyber Security Bill Chang CEO, SingTel Group Enterprise.
PATCH MANAGEMENT: Issues and Practical Solutions Presented by: ISSA Vancouver Chapter March 4, 2004.

PATCH MANAGEMENT: Issues and Practical Solutions Presented by: ISSA Vancouver Chapter March 4, 2004.
Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.

Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.
Security Awareness Challenges of Securing Information No single simple solution to protecting computers and securing information Different types of attacks.

Security Awareness Challenges of Securing Information No single simple solution to protecting computers and securing information Different types of attacks.
Introduction: Information security services. We adhere to the strictest and most respected standards in the industry, including: -The National Institute.

Introduction: Information security services. We adhere to the strictest and most respected standards in the industry, including: -The National Institute.
©2015 HEAT Software. All rights reserved. Proprietary & Confidential. Ransomware: How to Avoid Extortion Matthew Walker – VP Northern Europe.

©2015 HEAT Software. All rights reserved. Proprietary & Confidential. Ransomware: How to Avoid Extortion Matthew Walker – VP Northern Europe.
©2015 Check Point Software Technologies Ltd. 1 Website Watering Holes Endpoints are at risk in numerous ways, especially when social engineering is applied.

©2015 Check Point Software Technologies Ltd. 1 Website Watering Holes Endpoints are at risk in numerous ways, especially when social engineering is applied.
Lecturer: Eng. Mohamed Adam Isak PH.D Researcher in CS M.Sc. and B.Sc. of Information Technology Engineering, Lecturer in University of Somalia and Mogadishu.

Lecturer: Eng. Mohamed Adam Isak PH.D Researcher in CS M.Sc. and B.Sc. of Information Technology Engineering, Lecturer in University of Somalia and Mogadishu.
Despite of spending high on digital information security, organizations still remain exposed to external threats. However, data center providers are helping.

Despite of spending high on digital information security, organizations still remain exposed to external threats. However, data center providers are helping.
Proactive Incident Response

Proactive Incident Response

Similar presentations

Ads by Google