Presentation is loading. Please wait.

Presentation is loading. Please wait.

Pacific Northwest National Laboratory Operated by Battelle for the U.S. Department of Energy Enterprise-wide Threat Characterization Bill Nickless Pacific.

Published byOpal Lawrence Modified over 9 years ago

Similar presentations

Presentation on theme: "Pacific Northwest National Laboratory Operated by Battelle for the U.S. Department of Energy Enterprise-wide Threat Characterization Bill Nickless Pacific."— Presentation transcript:

1 Pacific Northwest National Laboratory Operated by Battelle for the U.S. Department of Energy Enterprise-wide Threat Characterization Bill Nickless Pacific Northwest National Laboratory ESCC / Internet2 Joint Techs Workshop Albuquerque, NM Feb 5-8, 2006

2 The Art of War by Sun-tzu 500 B.C. "The supreme art of war is to subdue the enemy without fighting... “The means by which enlightened rulers and sagacious generals moved and conquered others, that their achievements surpassed the masses, was advanced knowledge. Advanced knowledge cannot be gained from ghosts and spirits, inferred from phenomena, or projected from the measures of heaven, but must be gained from men... for it is the knowledge of the enemy’s true situation.” Pacific Northwest National Laboratory 2

3 System Requirements The System Must Defend: A large, diverse enterprise that engages in cutting edge R&D in multiple sensitive and critical technologies by thousands of scientists from all over the world at multiple sites with diverse cultures and capabilities for defense Against Multiple, dynamic, and increasing threats from outside and inside Pacific Northwest National Laboratory 3

4 Collection: Instrumented Sites Large Enterprises Dozens to hundreds of dispersed sites Each site with multiple ISPs Private connections to suppliers, contractors, etc. Enterprise Data at Risk Foreign adversaries Cyber-terrorists Insider threats Competitors using open source research Pacific Northwest National Laboratory 4

5 5 Collection: Sensor

6 V3 Sensor Flo Daemon l ibpcap API  Portable and standard  Compatible with high performance capture cards  Allows for off-line file playback testing Efficient data structures  Only save what is needed  Fast access to support high performance Runs as a daemon  “Always on” rather than batch mode  Continuous stream of records  Syslog reporting for data quality mgmt libpcap Frame Sanity Check Traffic From Linux Bonding Kernel Module Frame Decode Match Flow (or) Create New Flow Flows In Memory Flow Time-outs And Signals Select and Format Flows Write and Manage Output Files.dat and.sem Files Pacific Northwest National Laboratory 6

7 7 Analytical Systems Accomplishments Cost Effective Scalable - 500M records/day - 150 GB/day - 1 year retention Data Summarization ORG A1 ORG A2 ORG A… ORG B1 ORG B2 ORG B… ORG X1 ORG X2 ORG X… Central Analysis Pacific Northwest National Laboratory

8 Monthly Record Counts Massive record volumes drove requirement to better understand the traffic 8 Pacific Northwest National Laboratory

9 Traffic Characterization: Anomaly Identification Interesting anomalies in SSH and FTP that can now be observed after the OOB traffic has been removed Characterizing each flow as it occurs enables immediate attack detection Pacific Northwest National Laboratory 9

10 Summary Enterprise-wide collection and analysis capability enables correlation of activity across multiple organizational elements The collection, data management, and analysis challenges of building and operating an enterprise-wide centralized analysis capability are significant but solvable Automation can enable analysts to identify both security threats and information exfiltration attempts from within or without Pacific Northwest National Laboratory 10

Download ppt "Pacific Northwest National Laboratory Operated by Battelle for the U.S. Department of Energy Enterprise-wide Threat Characterization Bill Nickless Pacific."

Similar presentations

Data Mining Challenges for Network Management Nick Feamster, Georgia Tech Dave Andersen, CMU (joint with Jay Lepreau and Emulab)

Data Mining Challenges for Network Management Nick Feamster, Georgia Tech Dave Andersen, CMU (joint with Jay Lepreau and Emulab)
Www.cleo.com Steve Jordan Director. Industry Solutions 05/05/14 Managing Chaos: Data Movement in 2014.

Steve Jordan Director. Industry Solutions 05/05/14 Managing Chaos: Data Movement in 2014.
CUBIC DEFENSE APPLICATIONS Security Summit Discussions Jeff Snyder Vice President, Cyber Programs Cubic Defense Applications.

CUBIC DEFENSE APPLICATIONS Security Summit Discussions Jeff Snyder Vice President, Cyber Programs Cubic Defense Applications.
SAFE Blueprint and the Security Ecosystem. 2 Chapter Topics  SAFE Blueprint Overview  Achieving the Balance  Defining Customer Expectations  Design.

SAFE Blueprint and the Security Ecosystem. 2 Chapter Topics  SAFE Blueprint Overview  Achieving the Balance  Defining Customer Expectations  Design.
Copyright © 2012, SAS Institute Inc. All rights reserved. Cyber Security threats to Open Government Data Vishal Marria April 2014.

Copyright © 2012, SAS Institute Inc. All rights reserved. Cyber Security threats to Open Government Data Vishal Marria April 2014.
U.S. Department of Energy Pacific Northwest National Laboratory July 2004 Presented by Jeffery Mauth Pacific Northwest National Laboratory

U.S. Department of Energy Pacific Northwest National Laboratory July 2004 Presented by Jeffery Mauth Pacific Northwest National Laboratory
The Most Analytical and Comprehensive Defense Network in a Box.

The Most Analytical and Comprehensive Defense Network in a Box.
S5-1 © 2001 Carnegie Mellon University OCTAVE SM Process 5 Identify Key Components Software Engineering Institute Carnegie Mellon University Pittsburgh,

S5-1 © 2001 Carnegie Mellon University OCTAVE SM Process 5 Identify Key Components Software Engineering Institute Carnegie Mellon University Pittsburgh,
Report on Intrusion Detection and Data Fusion By Ganesh Godavari.

Report on Intrusion Detection and Data Fusion By Ganesh Godavari.
Big Data Analytics and Challenge Presented by Saurabh Rastogi Asst. Prof. in Maharaja Agrasen Institute of Technology B.Tech(IT), M.Tech(IT)

Big Data Analytics and Challenge Presented by Saurabh Rastogi Asst. Prof. in Maharaja Agrasen Institute of Technology B.Tech(IT), M.Tech(IT)
Global E-business and Collaboration

Global E-business and Collaboration
Barracuda Networks Confidential1 Barracuda Backup Service Integrated Local & Offsite Data Backup.

Barracuda Networks Confidential1 Barracuda Backup Service Integrated Local & Offsite Data Backup.
Lecture 11 Intrusion Detection (cont)

Lecture 11 Intrusion Detection (cont)
CISCO CONFIDENTIAL – DO NOT DUPLICATE OR COPY Protecting the Business Network and Resources with CiscoWorks VMS Security Management Software Girish Patel,

CISCO CONFIDENTIAL – DO NOT DUPLICATE OR COPY Protecting the Business Network and Resources with CiscoWorks VMS Security Management Software Girish Patel,
AN INTRODUCTION TO LINUX OPERATING SYSTEM Zihui Han.

AN INTRODUCTION TO LINUX OPERATING SYSTEM Zihui Han.
The big Data security Analytics Era Is Here Reporter : Ximeng Liu Supervisor: Rongxing Lu School of EEE, NTU

The big Data security Analytics Era Is Here Reporter : Ximeng Liu Supervisor: Rongxing Lu School of EEE, NTU
Flow Group Smart Wireless. [File Name or Event] Emerson Confidential 27-Jun-01, Slide 2 Flow Group Wireless Offerings.

Flow Group Smart Wireless. [File Name or Event] Emerson Confidential 27-Jun-01, Slide 2 Flow Group Wireless Offerings.
Why Information Governance….instead of Records & Information Management? Angela Fares, RHIA, CRM, CISA, CGEIT, CRISC, CISM 817.352.4929 or

Why Information Governance….instead of Records & Information Management? Angela Fares, RHIA, CRM, CISA, CGEIT, CRISC, CISM or
Thriving in a Hybrid World Dean J. Marsh Vice President, Client Success IBM Analytic Solutions.

Thriving in a Hybrid World Dean J. Marsh Vice President, Client Success IBM Analytic Solutions.
Business Computing 550 Lesson 4. Fundamentals of Information Systems, Fifth Edition Chapter 4 Telecommunications, the Internet, Intranets, and Extranets.

Business Computing 550 Lesson 4. Fundamentals of Information Systems, Fifth Edition Chapter 4 Telecommunications, the Internet, Intranets, and Extranets.

Similar presentations

Ads by Google