Presentation is loading. Please wait.

Presentation is loading. Please wait.

 Cyber Ecosystem & Data Security Subhro Kar CSCE 824, Spring 2013 University of South Carolina, Columbia.

Similar presentations

Presentation on theme: " Cyber Ecosystem & Data Security Subhro Kar CSCE 824, Spring 2013 University of South Carolina, Columbia."— Presentation transcript:

1  Cyber Ecosystem & Data Security Subhro Kar CSCE 824, Spring 2013 University of South Carolina, Columbia

2 What is an Ecosystem?  Definition  Functional Units  Relationships  Balance  Comparison with Cyber Space

3 Biological Ecosystems  The system is closely related  The balance is always maintained  Relationships are well defined  Monitored by nature Source:

4  Evolution of the Cyber Ecosystem

5 A typical Network Diagram Source:

6 What is a Cyber Ecosystem?  Entities in network are not merely considered in isolation  Each member has a specific goal  Each member is related to every other member in one way or the other  Processes are important  Anticipate and prevent attacks  Limit the speed of attacks across devices  Recover to a trusted state

7 What is a Cyber Ecosystem?  Devices has a level of built in Security  Automated responses  Immunity

8 Malware Ecosystem  Each member in the ecosystem has a specific purpose  Each of the members respond to the behaviour of other members  Automated upto an extent  Monitoring the whole process

9 Building Blocks  Automated Course of Actions  Pro-active responses  Speed of response matches the speed of attacks  Being able to decide on solutions based on historical data  Sharing of Information at different levels from local to global  Rapid learning procedures  Communications guided by policy rather than constraints  High levels of collaboration and interoperability  Authentication

10 Types of Attacks  Brute force attacks  Malware  Hacking attempts  Social Engineering  Insiders  Physical loss and theft

11 Monitoring  Monitoring forms one of the foundations of the Cyber Ecosystem  Informs about anomalies so that proper countermeasures can be taken  Does not always happen at the system level contrary to standard device monitoring

12 Business Process Monitoring  Holy grail of monitoring systems  Highest level of abstraction  Generally related to long running transactions  Can serve as a ready metric for overall success of the system  Can only detect problems post their occurrences  Uses complex business logic  Goal: To maintain business continuity

13 Functional Monitoring  Lower level than Business Process Monitoring  Granularity limited to a single application or node in a distributed architecture  Goal: To assess the availability as well as performance of a system  Generally done by bots running scripts on individual systems  Incapable of deciding on countermeasures

14 Technical Monitoring  Monitoring as a typical system administrator understands  Lowest level of monitoring and responsible for individual pieces of software  Subsystems are considered in isolation and has nothing to do with their contribution to the system  Ideal place for designing incident response since the monitoring system is aware of how to modify behaviour of individual subsystems.

15 Intelligence and Experience Gathering  Currently lacking in existing systems  Could be based on statistical models and data modeling  Should become more accurate based on experience  Should be able to heuristically identify attacks  Could put up some defence against 0 day attacks

16  Okay!! I got attacked… Now what??!!

17 Incident Response  Targets for restoring the balance of the ecosystem just like its biological brother  Either filter it out or sacrifice parts of the system to facilitate containment  Not an isolated process. There are lots of loopbacks to the monitoring  Dynamically adjusts itself to adjust response based on current monitoring data

18 How does everything fit together?  It is a continuous process  Dynamic  Historical data is important  Business continuity important  The goal of the attacker might not be the epicenter of the attack Source:

19 Incident Response - Implementation  Firewalls  Intrusion Detection and Prevention Systems  Log servers  Configuration Management Servers  Offline resources like Debuggers

20 Desired Cyber Ecosystem Capabilities  Automated Defense Identification, Selection, and Assessment Authentication  Interoperability  Machine Learning and Evolution  Security Built in  Business Rules-Based Behavior Monitoring  General Awareness and Education

21 Desired Cyber Ecosystem Capabilities  Moving Target  Privacy  Risk Based Data Management  Situation Awareness  Tailored Trustworthy spaces

22 Where we stand…  The ecosystem is far from automated. We have a long way to go  Triangulating automated decisions are complicated. Most of the processes are manual and will probably remain so in the near future  The weakest link is generally the End Users  Insiders can cause havocs  It is always about the financial incentive of being able to build a proper ecosystem.

23 References  Developing a healthy cyber ecosystem,  Enabling Distributed Security in Cyberspace,  Cybersecurity Ecosystem – The Future? ecosystem-the-future/54390/ ecosystem-the-future/54390/  Enabling Distributed Security in Cyberspace, 0April%202012%20MSU%20ras.ppt 0April%202012%20MSU%20ras.ppt

24 Questions?? Source:

Download ppt " Cyber Ecosystem & Data Security Subhro Kar CSCE 824, Spring 2013 University of South Carolina, Columbia."

Similar presentations

Ads by Google