Presentation is loading. Please wait.

Presentation is loading. Please wait.

Active Security Ryan Hand, Michael Ton, Eric Keller.

Published byJerome Chandler Modified over 8 years ago

Similar presentations

Presentation on theme: "Active Security Ryan Hand, Michael Ton, Eric Keller."— Presentation transcript:

1 Active Security Ryan Hand, Michael Ton, Eric Keller

2 Defending Cyberspace? 50 percent of APT attacks targeted aerospace & defense, ICS, financial, computer hw/sw 63 percent of victim organizations were notified by an outside entity 243 median # of days attackers went undetected inside organizations 77 percent of attacks in 2011 used publicly available malware 2

3 Making the News 3

4 4 Policy, procedures, awareness Physical Perimeter Network Internal End-Point Apps Data “Working in Nested Isolation” Problem 1 Giving managers a false sense of security “Stove-piped” functionality in implementation Can be especially disjoint in multi-vendor environments Limited “context- aware” programmability Digital Forensics / Incident Response Lost information and very limited disclosure

5 OODA Decision Feedback Loop 5 OrientDecide ActObserve "Time is the dominant parameter…” We’re working at human reaction speed Problem 2

6 Active Security 6 A defense framework that seeks to: Intelligent context awareness Programmatic automation Consistent security posture across the infrastructure Achieve real-time reaction speed from detection to remediation

7 Active Security OODA Loop Forensic Analysis Orient and Decide ActObserve Network Artifacts Parsed Intel Security Devices End systems Network Devices Alter Network Config / Gather Information Sensor/Device Information Programmatic Control 7

8 Simple Attack Scenario 8 1. The attacker uses a spoofed email from a “trusted party” as an attack vector. “Oh look, an email from Alice!” 2. Malicious file is opened by user and attempts to “call home” 3. Firewall blocks egress traffic violation 4. What we didn’t see… and won’t until forensics / IR Remember!! In 2012, median # of days attackers went undetected inside organizations = 243…

9 Active Security Architecture 9 Operator Interface Security Applications Sense (detection) Control Platform Controller to infrastructure communication channel Security devices ----------- e.g. IDS firewall End-hosts --------------- e.g. server, smart phone Network devices ----------------------- e.g. routers, switches, WAP Active security controller Cyber Infrastructure Collect (forensics) Adjust (configure) Counter (attack, recon) Plug-ins

10 Attack Scenario Revisited *Sense* *COLLECT* 10

11 Prototype Floodlight Software Defined Network Controller Snort IDS Linux Memory Extractor Volatility Future: use lightweight and stealth forensic methods 11

12 Securing the Controller 12 Leverage existing technologies Trusted boot (hardware based) Verified and hardened Operating Systems Modules written in safe languages Network based enforcement and monitoring Active Security Controller Network HardwareTrusted Boot Software Hardened OS Plug-in Modules (Safe Languages) Systems SDN Controller

13 Conclusion and Future Work 13 System of security inspired by OODA feedback loop Illustrated prototype of in-attack forensic collection Explore expanded sensor diversity Further examine controller security Dynamically adjusting the network Stealthy and efficient automated forensic analysis

14 Questions? Thank you! 14

Download ppt "Active Security Ryan Hand, Michael Ton, Eric Keller."

Similar presentations

The Threat Within September 2004. Copyright © 2004 Q1 Labs. All Rights Reserved Agenda Customer Pain Industry Solutions Network Behavior Enforcement Example.

The Threat Within September Copyright © 2004 Q1 Labs. All Rights Reserved Agenda Customer Pain Industry Solutions Network Behavior Enforcement Example.
 Cyber Ecosystem & Data Security Subhro Kar CSCE 824, Spring 2013 University of South Carolina, Columbia.

 Cyber Ecosystem & Data Security Subhro Kar CSCE 824, Spring 2013 University of South Carolina, Columbia.
1 Chapter 7 Intrusion Detection. 2 Objectives In this chapter, you will: Understand intrusion detection benefits and problems Learn about network intrusion.

1 Chapter 7 Intrusion Detection. 2 Objectives In this chapter, you will: Understand intrusion detection benefits and problems Learn about network intrusion.
Defending against Sniffing Attacks on Mobile Phones Liang Cai (University of California, Davis), Sridhar Machiraju (Sprint Applied Research), Hao Chen.

Defending against Sniffing Attacks on Mobile Phones Liang Cai (University of California, Davis), Sridhar Machiraju (Sprint Applied Research), Hao Chen.
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Software Defined Networking.

© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Software Defined Networking.
© 2015 Cisco and/or its affiliates. All rights reserved. 1 The Importance of Threat-Centric Security William Young Security Solutions Architect It’s Our.

© 2015 Cisco and/or its affiliates. All rights reserved. 1 The Importance of Threat-Centric Security William Young Security Solutions Architect It’s Our.
Fundamentals of Computer Security Geetika Sharma Fall 2008.

Fundamentals of Computer Security Geetika Sharma Fall 2008.
—On War, Carl Von Clausewitz

—On War, Carl Von Clausewitz
Chapter 11 Firewalls.

Chapter 11 Firewalls.
System and Network Security Practices COEN 351 E-Commerce Security.

System and Network Security Practices COEN 351 E-Commerce Security.
6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.

6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.
Windows Defender Next Generation Anti-malware

Windows Defender Next Generation Anti-malware
Security Awareness: Applying Practical Security in Your World

Security Awareness: Applying Practical Security in Your World
WIRELESS SECURITY DEFENSE T-BONE & TONIC: ALY BOGHANI JOAN OLIVER MIKE PATRICK AMOL POTDAR May 30, 2009 05/30/2009.

WIRELESS SECURITY DEFENSE T-BONE & TONIC: ALY BOGHANI JOAN OLIVER MIKE PATRICK AMOL POTDAR May 30, /30/2009.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.
Secure Network Design: Designing a Secure Local Area Network IT352 | Network Security |Najwa AlGhamdi1 Case Study

Secure Network Design: Designing a Secure Local Area Network IT352 | Network Security |Najwa AlGhamdi1 Case Study
Citadel Security Software Presents Are you Vulnerable? Bill Diamond Senior Security Engineer

Citadel Security Software Presents Are you Vulnerable? Bill Diamond Senior Security Engineer
CISCO CONFIDENTIAL – DO NOT DUPLICATE OR COPY Protecting the Business Network and Resources with CiscoWorks VMS Security Management Software Girish Patel,

CISCO CONFIDENTIAL – DO NOT DUPLICATE OR COPY Protecting the Business Network and Resources with CiscoWorks VMS Security Management Software Girish Patel,
Securing Legacy Software SoBeNet User group meeting 25/06/2004.

Securing Legacy Software SoBeNet User group meeting 25/06/2004.
CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.

CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.

Similar presentations

Ads by Google