Presentation is loading. Please wait.

Presentation is loading. Please wait.

 Cyber Ecosystem & Data Security Subhro Kar CSCE 824, Spring 2013 University of South Carolina, Columbia.

Published byCarol Goble Modified over 9 years ago

Similar presentations

Presentation on theme: " Cyber Ecosystem & Data Security Subhro Kar CSCE 824, Spring 2013 University of South Carolina, Columbia."— Presentation transcript:

1  Cyber Ecosystem & Data Security Subhro Kar CSCE 824, Spring 2013 University of South Carolina, Columbia

2 What is an Ecosystem?  Definition  Functional Units  Relationships  Balance  Comparison with Cyber Space

3 Biological Ecosystems  The system is closely related  The balance is always maintained  Relationships are well defined  Monitored by nature Source: http://www.tutorvista.com/content/biology/biology-iv/ecosystem/food-web.php

4  Evolution of the Cyber Ecosystem

5 A typical Network Diagram Source: http://www.broadband.gov/plan/16-public-safety/

6 What is a Cyber Ecosystem?  Entities in network are not merely considered in isolation  Each member has a specific goal  Each member is related to every other member in one way or the other  Processes are important  Anticipate and prevent attacks  Limit the speed of attacks across devices  Recover to a trusted state

7 What is a Cyber Ecosystem?  Devices has a level of built in Security  Automated responses  Immunity

8 Malware Ecosystem  Each member in the ecosystem has a specific purpose  Each of the members respond to the behaviour of other members  Automated upto an extent  Monitoring the whole process

9 Building Blocks  Automated Course of Actions  Pro-active responses  Speed of response matches the speed of attacks  Being able to decide on solutions based on historical data  Sharing of Information at different levels from local to global  Rapid learning procedures  Communications guided by policy rather than constraints  High levels of collaboration and interoperability  Authentication

10 Types of Attacks  Brute force attacks  Malware  Hacking attempts  Social Engineering  Insiders  Physical loss and theft

11 Monitoring  Monitoring forms one of the foundations of the Cyber Ecosystem  Informs about anomalies so that proper countermeasures can be taken  Does not always happen at the system level contrary to standard device monitoring

12 Business Process Monitoring  Holy grail of monitoring systems  Highest level of abstraction  Generally related to long running transactions  Can serve as a ready metric for overall success of the system  Can only detect problems post their occurrences  Uses complex business logic  Goal: To maintain business continuity

13 Functional Monitoring  Lower level than Business Process Monitoring  Granularity limited to a single application or node in a distributed architecture  Goal: To assess the availability as well as performance of a system  Generally done by bots running scripts on individual systems  Incapable of deciding on countermeasures

14 Technical Monitoring  Monitoring as a typical system administrator understands  Lowest level of monitoring and responsible for individual pieces of software  Subsystems are considered in isolation and has nothing to do with their contribution to the system  Ideal place for designing incident response since the monitoring system is aware of how to modify behaviour of individual subsystems.

15 Intelligence and Experience Gathering  Currently lacking in existing systems  Could be based on statistical models and data modeling  Should become more accurate based on experience  Should be able to heuristically identify attacks  Could put up some defence against 0 day attacks

16  Okay!! I got attacked… Now what??!!

17 Incident Response  Targets for restoring the balance of the ecosystem just like its biological brother  Either filter it out or sacrifice parts of the system to facilitate containment  Not an isolated process. There are lots of loopbacks to the monitoring  Dynamically adjusts itself to adjust response based on current monitoring data

18 How does everything fit together?  It is a continuous process  Dynamic  Historical data is important  Business continuity important  The goal of the attacker might not be the epicenter of the attack Source: http://blogs.csoonline.com/business_continuity_event_planning_the_incident_response_team

19 Incident Response - Implementation  Firewalls  Intrusion Detection and Prevention Systems  Log servers  Configuration Management Servers  Offline resources like Debuggers

20 Desired Cyber Ecosystem Capabilities  Automated Defense Identification, Selection, and Assessment Authentication  Interoperability  Machine Learning and Evolution  Security Built in  Business Rules-Based Behavior Monitoring  General Awareness and Education

21 Desired Cyber Ecosystem Capabilities  Moving Target  Privacy  Risk Based Data Management  Situation Awareness  Tailored Trustworthy spaces

22 Where we stand…  The ecosystem is far from automated. We have a long way to go  Triangulating automated decisions are complicated. Most of the processes are manual and will probably remain so in the near future  The weakest link is generally the End Users  Insiders can cause havocs  It is always about the financial incentive of being able to build a proper ecosystem.

23 References  Developing a healthy cyber ecosystem, http://www.mitre.org/news/digest/homeland_security/10_11/cyber_ecosystem.html http://www.mitre.org/news/digest/homeland_security/10_11/cyber_ecosystem.html  Enabling Distributed Security in Cyberspace, http://www.dhs.gov/xlibrary/assets/nppd-cyber-ecosystem-white-paper-03-23-2011.pdf http://www.dhs.gov/xlibrary/assets/nppd-cyber-ecosystem-white-paper-03-23-2011.pdf  Cybersecurity Ecosystem – The Future? http://www.nextgov.com/cybersecurity/cybersecurity-report/2011/03/cybersecurity- ecosystem-the-future/54390/ http://www.nextgov.com/cybersecurity/cybersecurity-report/2011/03/cybersecurity- ecosystem-the-future/54390/  Enabling Distributed Security in Cyberspace, http://blogs.msstate.edu/ored/Cyber%20Ecosystem%20I3P%20Presentation%2016%2 0April%202012%20MSU%20ras.ppt http://blogs.msstate.edu/ored/Cyber%20Ecosystem%20I3P%20Presentation%2016%2 0April%202012%20MSU%20ras.ppt

24 Questions?? Source: http://what-if.xkcd.com

Download ppt " Cyber Ecosystem & Data Security Subhro Kar CSCE 824, Spring 2013 University of South Carolina, Columbia."

Similar presentations

ETHICAL HACKING A LICENCE TO HACK

ETHICAL HACKING A LICENCE TO HACK
Chapter 19: Computer and Network Security Techniques Business Data Communications, 6e.

Chapter 19: Computer and Network Security Techniques Business Data Communications, 6e.
Management’s Role in Information Security V.T. Raja, Ph.D., Oregon State University.

Management’s Role in Information Security V.T. Raja, Ph.D., Oregon State University.
Enabling Distributed Security in Cyberspace Strengthening the Cyber Ecosystem April 2012.

Enabling Distributed Security in Cyberspace Strengthening the Cyber Ecosystem April 2012.
Detecting Computer Intrusions Using Behavioral Biometrics Ahmed Awad E. A, and Issa Traore University of Victoria PST’05 Oct 13,2005.

Detecting Computer Intrusions Using Behavioral Biometrics Ahmed Awad E. A, and Issa Traore University of Victoria PST’05 Oct 13,2005.
153 Brooks Road, Rome, NY | 315.336.3306 | 153 Brooks Road, Rome, NY | 315.336.3306 |

153 Brooks Road, Rome, NY | | 153 Brooks Road, Rome, NY | |
Fundamentals of Computer Security Geetika Sharma Fall 2008.

Fundamentals of Computer Security Geetika Sharma Fall 2008.
© BT PLC 2005 ‘Risk-based’ Approach to Managing Infrastructure a ‘Commercial Prospective’ Malcolm Page BT UK AFCEA Lisbon 2005.

© BT PLC 2005 ‘Risk-based’ Approach to Managing Infrastructure a ‘Commercial Prospective’ Malcolm Page BT UK AFCEA Lisbon 2005.
Report on Intrusion Detection and Data Fusion By Ganesh Godavari.

Report on Intrusion Detection and Data Fusion By Ganesh Godavari.
Distributed Intrusion Detection Systems (dIDS) 2/10 CIS 610.

Distributed Intrusion Detection Systems (dIDS) 2/10 CIS 610.
Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.

Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.
Stephen S. Yau CSE 465-591, Fall 2006 1 Security Strategies.

Stephen S. Yau CSE , Fall Security Strategies.
Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.

Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.
Presented by INTRUSION DETECTION SYSYTEM. CONTENT Basically this presentation contains, What is TripWire? How does TripWire work? Where is TripWire used?

Presented by INTRUSION DETECTION SYSYTEM. CONTENT Basically this presentation contains, What is TripWire? How does TripWire work? Where is TripWire used?
Introduction to Network Defense

Introduction to Network Defense
Securing Legacy Software SoBeNet User group meeting 25/06/2004.

Securing Legacy Software SoBeNet User group meeting 25/06/2004.
Auditing Logical Access in a Network Environment Presented By, Eric Booker and Mark Ren New York State Comptroller’s Office Network Security Unit.

Auditing Logical Access in a Network Environment Presented By, Eric Booker and Mark Ren New York State Comptroller’s Office Network Security Unit.
Chapter 20 20-1 © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
Cutlip & Center's Effective PUBLIC RELATIONS

Cutlip & Center's Effective PUBLIC RELATIONS
SEC835 Database and Web application security Information Security Architecture.

SEC835 Database and Web application security Information Security Architecture.

Similar presentations

Ads by Google