SlideShare una empresa de Scribd logo
1 de 25
Descargar para leer sin conexión
Enhancing Cyber
Operational Decisions
Making Sense of Network Data

Anita D’Amico, Ph.D.
Anita.Damico@SecureDecisions.com
631.759.3909

securedecisions.com
codedx.com
avi.com
About Secure Decisions
Secure Decisions helps you makes sense of data
• Analyze security decision processes
• Build visual analytics to enhance security decision
processes and training
• Transition our R&D into operational use
Our expertise starts where automated security
sensors and scanners stop
Division of Applied Visions, Inc., which does
commercial software development
• 40 people in Northport and Clifton Park, NY
• Secure facilities and security clearances
3

http://securedecisions.com
SecDec Core Competencies
Situational Awareness and Decision Support for cyber operations



Analysis of decision process
Visual analytics for wired / wireless network data
Visualizations of abstract cyber data
Visual systems for CND training
Impact analysis of cyber events



Decision support system design






Software assurance visualization
Technology transition
Cyber testbed support
Classified portfolio

4
Current Products Transitioned From R&D
Visualizations to help cyber analysts make sense
of massive data, and communicate results

Use:

Data:
TRL 9:

In-depth incident
analysis, historical
analysis, watch briefings
NetFlow, alerts

Deployed to USCERT
In evaluation in intel
community
Funding: IARPA, DHS, AFRL

5

Use:
Data:
TRL 9:

Wireless threat and risk
analysis, policy compliance,
audit reporting
Wardriving , WIDS

DoD version downloadable
from NRL site; Commercial
version available
Funding: DARPA, AFRL, NRL, DISA

Use:
Data:
TRL 9:

Triage and analysis of
software source code
vulnerabilities
Results of SwA tools

Info and trial download
available at
www.codedx.com;
Funding: DHS
Sample Customers and Partners
Government
Air Force Research Lab
DARPA
DHS
DISA
IARPA
Naval Research Lab
ONR
OSD

Industry/Academia
Adventium
Alion
ATC
BAE
General Dynamics
George Mason University
Hopkins Applied Physics Lab
Informatica
ITT
Lockheed Martin
Raytheon
SAIC

• Nominated twice by DARPA for SBIR of the Year
• Featured twice as a DARPA Success Story
6
Key Projects
at
Secure Decisions

A sample Asset-to-Mission mapping
generated from
multiple data sources
Software assurance visualization
Code Dx: Software Analysis Integration Platform
• Imports and correlates results
from multiple SAST tools
• Normalizes results; common
severity scale

Workflows tailored to
each type of user

• Visual analytics to rapidly triage
results, remove false positives
• Common UI with custom detail
for security analysts,
developers, and CISOs
• Code Dx Bundle embeds open
source SAST tools for use with
or without commercial tools
• Affordable for small and
medium size businesses
9

Interactive, powerful
filtering

Visualize thousands of
weaknesses in a single view
Quickly and effectively
triage large weakness lists

A CWE-friendly application
Products that visualize
vulnerabilities and suspicious
network activity
MeerCAT: Visualization of Cyber Asset Tracks
Visualizes wireless network security


Physical 2D and 3D geographic location



Logical network topology location



Communication patterns



Security status



Mission of cyber assets

An SBIR Phase 2 funded
by DARPA

Accredited within DoD’s Flying Squirrel
Wireless Suite for vulnerability analysts.
Featured in DARPA’s SBIR Success Report.
11
WildCAT: Wireless Analysis from Patrol Cars
Remote Connectivity
(Satellite, 3G, etc.)
Suspicious
Detections
Instructions
to Patrol

Centralized Monitoring and Analysis
Aggregates and fuses data from multiple facilities.
Provides instruction to field patrols.

12

Instrumented Patrol Car
Detects intruder’s wireless
emissions

Intruder
Emits wireless
signals
VIAssist: Visualization for Information Assurance
Integrates visualization of NetFlow and IDS data


Multiple linked visualizations to see different perspectives



Don’t jump to the most logical conclusion: test
hypotheses; see things for various viewpoints



Big picture and detailed incident views



Collaboration and built in reporting

Installed at US-CERT
Being prepared for transition to USAF
Under evaluation in IC
13

Original funding by IARPA and NSA.
Now funded by DHS and AFRL
TVA: Topological Vulnerability Assessment
Visualizes attack graphs to understand
vulnerability


Attack paths based on vulnerabilities &
topology



Aggregation to make graphs readable

A collaboration with GMU, for the
Department of Homeland Security
14

Sold by http://proinfomd.com/
Cyber Security Education
SimBLEND: Game-Based Learning for Net Defense
Blends computer-based training (CBT) with games,
visualizations, & simulation to train network defenders


Harness an existing Learning Management System (LMS) for
student tracking and scoring



Reinforce learning with games

+
CBT + Visuals + Simulations + Games = Better training
16

An SBIR Phase 2 funded by
AFRL (Mesa, AZ)
Safe Computing Training Courses
Safe computing education for non-technical audiences


Principles of safe computing

Work with authorizing institutions for continuing education
credits





17

Demonstrations of vulnerabilities in typical office environments
Interactive graphic novels
Analytical services and
technologies
Deucalion: Cyber Decision Support System
Design and develop next generation
decision support system for Navy cyber
defense

19
Camus: Mapping Cyber Assets to Missions & Users
Relates cyber attacks to affected missions and users
Current CND ops have poor awareness of how compromised
cyber assets affect missions, organizations, and people


Fuses various network and mission data into a common ontology



Maps cyber assets to dependent
people and operations



Integrates with security and sensor
systems to provide operational
information about specific assets

An SBIR Phase 2 funded by OSD
through AFRL
20
NetDemon: Cyber Defense Decision Modeling
Models “as-is” and “idealized” decision processes used
in cyber defense





21

Analyze current Navy decision process
Develop scenarios to illustrate future decisions
Recommend new approach to cyber defense decision-making
Recommend decision support tools and data
Test support services and
technologies
National Cyber Range
Reconfigurable test range for testing cyber
technologies in a high-performance simulated classified
network
Range command and control system to control the
execution and monitor the performance of cyber
experiments
User experience design and
implementation for key systems:
Experiment command and control
Design tool

Repository
Gateway
23
Scalable Network Monitoring Testbed
Testbed for evaluating the performance of
new network monitoring algorithms
Developed software to control entire test network:
Main C2 System for execution and monitoring of tests
Remote Storage Service controls packet capture from remote locations
C2 System Client/Test Station to display and test control mechanism
Traffic Generation Services for
connectivity, control, & status between
test controller and traffic generator
Network Management System Services
for health and utilization monitoring of
the test network
24
Thought Leadership
VizSec Sponsor and chair of annual symposium for R&D related to
visualization for cyber security
Congressional testimony on cyber R&D and education
Mission Impact Workshop Conducted by-invitation workshop on
mission impact of cyber attacks
Publications in refereed journals and proceedings
Patent for temporal visualizations. Patent-pending wireless
security visualization

25
Enhancing Cyber
Operational Decisions
Making Sense of Network Data

Anita D’Amico, Ph.D.
Anita.Damico@SecureDecisions.com
631.759.3909

SecureDecisions.com
Codedx.com
avi.com

Más contenido relacionado

La actualidad más candente

Securing Electric Utility Infrastructure
Securing Electric Utility InfrastructureSecuring Electric Utility Infrastructure
Securing Electric Utility InfrastructureDragos, Inc.
 
Physical/Network Access Control
Physical/Network Access ControlPhysical/Network Access Control
Physical/Network Access Controljwpiccininni
 
Security Advantages of Software-Defined Networking
Security Advantages of Software-Defined NetworkingSecurity Advantages of Software-Defined Networking
Security Advantages of Software-Defined NetworkingPriyanka Aash
 
Webinar - Reducing the Risk of a Cyber Attack on Utilities
Webinar - Reducing the Risk of a Cyber Attack on UtilitiesWebinar - Reducing the Risk of a Cyber Attack on Utilities
Webinar - Reducing the Risk of a Cyber Attack on UtilitiesWPICPE
 
Third Party Security Testing for Advanced Metering Infrastructure Program
Third Party Security Testing for Advanced Metering Infrastructure ProgramThird Party Security Testing for Advanced Metering Infrastructure Program
Third Party Security Testing for Advanced Metering Infrastructure ProgramEnergySec
 
Analytics for Smart Grid Cyber security
Analytics for Smart Grid Cyber securityAnalytics for Smart Grid Cyber security
Analytics for Smart Grid Cyber securityBoston Global Forum
 
Solving ICS Cybersecurity Challenges in the Electric Industry
Solving ICS Cybersecurity Challenges in the Electric IndustrySolving ICS Cybersecurity Challenges in the Electric Industry
Solving ICS Cybersecurity Challenges in the Electric IndustryDragos, Inc.
 
Intrusion detection 2001
Intrusion detection 2001Intrusion detection 2001
Intrusion detection 2001eaiti
 
Scada security webinar 2012
Scada security webinar 2012Scada security webinar 2012
Scada security webinar 2012AVEVA
 
Smart Grid Security by Falgun Rathod
Smart Grid Security by Falgun RathodSmart Grid Security by Falgun Rathod
Smart Grid Security by Falgun RathodClubHack
 
Cisco Cyber Threat Defense for the Data Center Solution: Cisco Validated Design
Cisco Cyber Threat Defense for the Data Center Solution: Cisco Validated DesignCisco Cyber Threat Defense for the Data Center Solution: Cisco Validated Design
Cisco Cyber Threat Defense for the Data Center Solution: Cisco Validated DesignCisco Russia
 
2 20613 qualys_top_10_reports_vm
2 20613 qualys_top_10_reports_vm2 20613 qualys_top_10_reports_vm
2 20613 qualys_top_10_reports_vmazfayel
 
Dragos and CyberWire: ICS Ransomware
Dragos and CyberWire: ICS Ransomware Dragos and CyberWire: ICS Ransomware
Dragos and CyberWire: ICS Ransomware Dragos, Inc.
 
Darktrace white paper_ics_final
Darktrace white paper_ics_finalDarktrace white paper_ics_final
Darktrace white paper_ics_finalCMR WORLD TECH
 
How to Respond to Industrial Intrusions
How to Respond to Industrial Intrusions  How to Respond to Industrial Intrusions
How to Respond to Industrial Intrusions Dragos, Inc.
 
Using Assessment Tools on ICS (English)
Using Assessment Tools on ICS (English)Using Assessment Tools on ICS (English)
Using Assessment Tools on ICS (English)Digital Bond
 
An Approach to Closing the Gaps between Physical, Process Control, and Cybers...
An Approach to Closing the Gaps between Physical, Process Control, and Cybers...An Approach to Closing the Gaps between Physical, Process Control, and Cybers...
An Approach to Closing the Gaps between Physical, Process Control, and Cybers...EnergySec
 

La actualidad más candente (19)

Securing Electric Utility Infrastructure
Securing Electric Utility InfrastructureSecuring Electric Utility Infrastructure
Securing Electric Utility Infrastructure
 
Physical/Network Access Control
Physical/Network Access ControlPhysical/Network Access Control
Physical/Network Access Control
 
Security Advantages of Software-Defined Networking
Security Advantages of Software-Defined NetworkingSecurity Advantages of Software-Defined Networking
Security Advantages of Software-Defined Networking
 
Webinar - Reducing the Risk of a Cyber Attack on Utilities
Webinar - Reducing the Risk of a Cyber Attack on UtilitiesWebinar - Reducing the Risk of a Cyber Attack on Utilities
Webinar - Reducing the Risk of a Cyber Attack on Utilities
 
Third Party Security Testing for Advanced Metering Infrastructure Program
Third Party Security Testing for Advanced Metering Infrastructure ProgramThird Party Security Testing for Advanced Metering Infrastructure Program
Third Party Security Testing for Advanced Metering Infrastructure Program
 
Analytics for Smart Grid Cyber security
Analytics for Smart Grid Cyber securityAnalytics for Smart Grid Cyber security
Analytics for Smart Grid Cyber security
 
Solving ICS Cybersecurity Challenges in the Electric Industry
Solving ICS Cybersecurity Challenges in the Electric IndustrySolving ICS Cybersecurity Challenges in the Electric Industry
Solving ICS Cybersecurity Challenges in the Electric Industry
 
Security sdn
Security sdnSecurity sdn
Security sdn
 
Intrusion detection 2001
Intrusion detection 2001Intrusion detection 2001
Intrusion detection 2001
 
Scada security webinar 2012
Scada security webinar 2012Scada security webinar 2012
Scada security webinar 2012
 
Smart Grid Security by Falgun Rathod
Smart Grid Security by Falgun RathodSmart Grid Security by Falgun Rathod
Smart Grid Security by Falgun Rathod
 
Cisco Cyber Threat Defense for the Data Center Solution: Cisco Validated Design
Cisco Cyber Threat Defense for the Data Center Solution: Cisco Validated DesignCisco Cyber Threat Defense for the Data Center Solution: Cisco Validated Design
Cisco Cyber Threat Defense for the Data Center Solution: Cisco Validated Design
 
2 20613 qualys_top_10_reports_vm
2 20613 qualys_top_10_reports_vm2 20613 qualys_top_10_reports_vm
2 20613 qualys_top_10_reports_vm
 
Dragos and CyberWire: ICS Ransomware
Dragos and CyberWire: ICS Ransomware Dragos and CyberWire: ICS Ransomware
Dragos and CyberWire: ICS Ransomware
 
Darktrace white paper_ics_final
Darktrace white paper_ics_finalDarktrace white paper_ics_final
Darktrace white paper_ics_final
 
How to Respond to Industrial Intrusions
How to Respond to Industrial Intrusions  How to Respond to Industrial Intrusions
How to Respond to Industrial Intrusions
 
Using Assessment Tools on ICS (English)
Using Assessment Tools on ICS (English)Using Assessment Tools on ICS (English)
Using Assessment Tools on ICS (English)
 
Endpoint Security
Endpoint SecurityEndpoint Security
Endpoint Security
 
An Approach to Closing the Gaps between Physical, Process Control, and Cybers...
An Approach to Closing the Gaps between Physical, Process Control, and Cybers...An Approach to Closing the Gaps between Physical, Process Control, and Cybers...
An Approach to Closing the Gaps between Physical, Process Control, and Cybers...
 

Similar a Secure Decisions - Cyber Security Sensemaking

8 Top Cybersecurity Tools.pdf
8 Top Cybersecurity Tools.pdf8 Top Cybersecurity Tools.pdf
8 Top Cybersecurity Tools.pdfMetaorange
 
8 Top Cybersecurity Tools.pptx
8 Top Cybersecurity Tools.pptx8 Top Cybersecurity Tools.pptx
8 Top Cybersecurity Tools.pptxMetaorange
 
ICCES_2016_Security Analysis of Software Defined Wireless Network Monitoring ...
ICCES_2016_Security Analysis of Software Defined Wireless Network Monitoring ...ICCES_2016_Security Analysis of Software Defined Wireless Network Monitoring ...
ICCES_2016_Security Analysis of Software Defined Wireless Network Monitoring ...Asma Swapna
 
Critical Infrastructure Assessment Techniques to Prevent Threats and Vulnerab...
Critical Infrastructure Assessment Techniques to Prevent Threats and Vulnerab...Critical Infrastructure Assessment Techniques to Prevent Threats and Vulnerab...
Critical Infrastructure Assessment Techniques to Prevent Threats and Vulnerab...Shakeel Ali
 
Intrusion Detection System For A Network And Deal With...
Intrusion Detection System For A Network And Deal With...Intrusion Detection System For A Network And Deal With...
Intrusion Detection System For A Network And Deal With...Misty Harris
 
SCADA Cyber Sec | ISACA 2013 | Patricia Watson
SCADA Cyber Sec | ISACA 2013 | Patricia WatsonSCADA Cyber Sec | ISACA 2013 | Patricia Watson
SCADA Cyber Sec | ISACA 2013 | Patricia WatsonPatricia M Watson
 
David Patterson IT Security Resumes 2016
David Patterson IT Security Resumes 2016David Patterson IT Security Resumes 2016
David Patterson IT Security Resumes 2016David Patterson
 
Investigation, Design and Implementation of a Secure
Investigation, Design and Implementation of a SecureInvestigation, Design and Implementation of a Secure
Investigation, Design and Implementation of a SecureFiras Alsayied
 
IRJET- Network Monitoring & Network Security
IRJET-  	  Network Monitoring & Network SecurityIRJET-  	  Network Monitoring & Network Security
IRJET- Network Monitoring & Network SecurityIRJET Journal
 
Practical Enterprise Security Architecture
Practical Enterprise Security Architecture  Practical Enterprise Security Architecture
Practical Enterprise Security Architecture Priyanka Aash
 
IRJET - IDS for Wifi Security
IRJET -  	  IDS for Wifi SecurityIRJET -  	  IDS for Wifi Security
IRJET - IDS for Wifi SecurityIRJET Journal
 
Access Control For Local Area Network Performance Essay
Access Control For Local Area Network Performance EssayAccess Control For Local Area Network Performance Essay
Access Control For Local Area Network Performance EssayDotha Keller
 
[GITSN] wireless data security system
[GITSN] wireless data security system[GITSN] wireless data security system
[GITSN] wireless data security system운상 조
 
Securing Your Public Cloud Infrastructure
Securing Your Public Cloud InfrastructureSecuring Your Public Cloud Infrastructure
Securing Your Public Cloud InfrastructureQualys
 

Similar a Secure Decisions - Cyber Security Sensemaking (20)

resume IT security
resume IT securityresume IT security
resume IT security
 
Cisco DNA
Cisco DNACisco DNA
Cisco DNA
 
nsx overview with use cases 1.0
nsx overview with use cases 1.0nsx overview with use cases 1.0
nsx overview with use cases 1.0
 
8 Top Cybersecurity Tools.pdf
8 Top Cybersecurity Tools.pdf8 Top Cybersecurity Tools.pdf
8 Top Cybersecurity Tools.pdf
 
8 Top Cybersecurity Tools.pptx
8 Top Cybersecurity Tools.pptx8 Top Cybersecurity Tools.pptx
8 Top Cybersecurity Tools.pptx
 
ICCES_2016_Security Analysis of Software Defined Wireless Network Monitoring ...
ICCES_2016_Security Analysis of Software Defined Wireless Network Monitoring ...ICCES_2016_Security Analysis of Software Defined Wireless Network Monitoring ...
ICCES_2016_Security Analysis of Software Defined Wireless Network Monitoring ...
 
Security and-visibility
Security and-visibilitySecurity and-visibility
Security and-visibility
 
Critical Infrastructure Assessment Techniques to Prevent Threats and Vulnerab...
Critical Infrastructure Assessment Techniques to Prevent Threats and Vulnerab...Critical Infrastructure Assessment Techniques to Prevent Threats and Vulnerab...
Critical Infrastructure Assessment Techniques to Prevent Threats and Vulnerab...
 
Intrusion Detection System For A Network And Deal With...
Intrusion Detection System For A Network And Deal With...Intrusion Detection System For A Network And Deal With...
Intrusion Detection System For A Network And Deal With...
 
SCADA Cyber Sec | ISACA 2013 | Patricia Watson
SCADA Cyber Sec | ISACA 2013 | Patricia WatsonSCADA Cyber Sec | ISACA 2013 | Patricia Watson
SCADA Cyber Sec | ISACA 2013 | Patricia Watson
 
David Patterson IT Security Resumes 2016
David Patterson IT Security Resumes 2016David Patterson IT Security Resumes 2016
David Patterson IT Security Resumes 2016
 
Investigation, Design and Implementation of a Secure
Investigation, Design and Implementation of a SecureInvestigation, Design and Implementation of a Secure
Investigation, Design and Implementation of a Secure
 
IRJET- Network Monitoring & Network Security
IRJET-  	  Network Monitoring & Network SecurityIRJET-  	  Network Monitoring & Network Security
IRJET- Network Monitoring & Network Security
 
Practical Enterprise Security Architecture
Practical Enterprise Security Architecture  Practical Enterprise Security Architecture
Practical Enterprise Security Architecture
 
Sideband_SB_020316
Sideband_SB_020316Sideband_SB_020316
Sideband_SB_020316
 
IRJET - IDS for Wifi Security
IRJET -  	  IDS for Wifi SecurityIRJET -  	  IDS for Wifi Security
IRJET - IDS for Wifi Security
 
cb-EDR-V7_a4_Digital
cb-EDR-V7_a4_Digitalcb-EDR-V7_a4_Digital
cb-EDR-V7_a4_Digital
 
Access Control For Local Area Network Performance Essay
Access Control For Local Area Network Performance EssayAccess Control For Local Area Network Performance Essay
Access Control For Local Area Network Performance Essay
 
[GITSN] wireless data security system
[GITSN] wireless data security system[GITSN] wireless data security system
[GITSN] wireless data security system
 
Securing Your Public Cloud Infrastructure
Securing Your Public Cloud InfrastructureSecuring Your Public Cloud Infrastructure
Securing Your Public Cloud Infrastructure
 

Último

Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Commit University
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024D Cloud Solutions
 
Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024SkyPlanner
 
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online CollaborationCOMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online Collaborationbruanjhuli
 
All in AI: LLM Landscape & RAG in 2024 with Mark Ryan (Google) & Jerry Liu (L...
All in AI: LLM Landscape & RAG in 2024 with Mark Ryan (Google) & Jerry Liu (L...All in AI: LLM Landscape & RAG in 2024 with Mark Ryan (Google) & Jerry Liu (L...
All in AI: LLM Landscape & RAG in 2024 with Mark Ryan (Google) & Jerry Liu (L...Daniel Zivkovic
 
Nanopower In Semiconductor Industry.pdf
Nanopower  In Semiconductor Industry.pdfNanopower  In Semiconductor Industry.pdf
Nanopower In Semiconductor Industry.pdfPedro Manuel
 
UiPath Studio Web workshop series - Day 5
UiPath Studio Web workshop series - Day 5UiPath Studio Web workshop series - Day 5
UiPath Studio Web workshop series - Day 5DianaGray10
 
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...Aggregage
 
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsIgniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsSafe Software
 
99.99% of Your Traces Are (Probably) Trash (SRECon NA 2024).pdf
99.99% of Your Traces  Are (Probably) Trash (SRECon NA 2024).pdf99.99% of Your Traces  Are (Probably) Trash (SRECon NA 2024).pdf
99.99% of Your Traces Are (Probably) Trash (SRECon NA 2024).pdfPaige Cruz
 
UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6DianaGray10
 
Empowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintEmpowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintMahmoud Rabie
 
IEEE Computer Society’s Strategic Activities and Products including SWEBOK Guide
IEEE Computer Society’s Strategic Activities and Products including SWEBOK GuideIEEE Computer Society’s Strategic Activities and Products including SWEBOK Guide
IEEE Computer Society’s Strategic Activities and Products including SWEBOK GuideHironori Washizaki
 
OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureEric D. Schabell
 
Bird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemBird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemAsko Soukka
 
9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding TeamAdam Moalla
 
Videogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfVideogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfinfogdgmi
 
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAAnypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAshyamraj55
 
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfUiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfDianaGray10
 
Valere | Digital Solutions & AI Transformation Portfolio | 2024
Valere | Digital Solutions & AI Transformation Portfolio | 2024Valere | Digital Solutions & AI Transformation Portfolio | 2024
Valere | Digital Solutions & AI Transformation Portfolio | 2024Alexander Turgeon
 

Último (20)

Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024
 
Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024
 
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online CollaborationCOMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
 
All in AI: LLM Landscape & RAG in 2024 with Mark Ryan (Google) & Jerry Liu (L...
All in AI: LLM Landscape & RAG in 2024 with Mark Ryan (Google) & Jerry Liu (L...All in AI: LLM Landscape & RAG in 2024 with Mark Ryan (Google) & Jerry Liu (L...
All in AI: LLM Landscape & RAG in 2024 with Mark Ryan (Google) & Jerry Liu (L...
 
Nanopower In Semiconductor Industry.pdf
Nanopower  In Semiconductor Industry.pdfNanopower  In Semiconductor Industry.pdf
Nanopower In Semiconductor Industry.pdf
 
UiPath Studio Web workshop series - Day 5
UiPath Studio Web workshop series - Day 5UiPath Studio Web workshop series - Day 5
UiPath Studio Web workshop series - Day 5
 
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
 
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsIgniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
 
99.99% of Your Traces Are (Probably) Trash (SRECon NA 2024).pdf
99.99% of Your Traces  Are (Probably) Trash (SRECon NA 2024).pdf99.99% of Your Traces  Are (Probably) Trash (SRECon NA 2024).pdf
99.99% of Your Traces Are (Probably) Trash (SRECon NA 2024).pdf
 
UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6
 
Empowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintEmpowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership Blueprint
 
IEEE Computer Society’s Strategic Activities and Products including SWEBOK Guide
IEEE Computer Society’s Strategic Activities and Products including SWEBOK GuideIEEE Computer Society’s Strategic Activities and Products including SWEBOK Guide
IEEE Computer Society’s Strategic Activities and Products including SWEBOK Guide
 
OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability Adventure
 
Bird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemBird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystem
 
9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team
 
Videogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfVideogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdf
 
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAAnypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
 
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfUiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
 
Valere | Digital Solutions & AI Transformation Portfolio | 2024
Valere | Digital Solutions & AI Transformation Portfolio | 2024Valere | Digital Solutions & AI Transformation Portfolio | 2024
Valere | Digital Solutions & AI Transformation Portfolio | 2024
 

Secure Decisions - Cyber Security Sensemaking

  • 1. Enhancing Cyber Operational Decisions Making Sense of Network Data Anita D’Amico, Ph.D. Anita.Damico@SecureDecisions.com 631.759.3909 securedecisions.com codedx.com avi.com
  • 2. About Secure Decisions Secure Decisions helps you makes sense of data • Analyze security decision processes • Build visual analytics to enhance security decision processes and training • Transition our R&D into operational use Our expertise starts where automated security sensors and scanners stop Division of Applied Visions, Inc., which does commercial software development • 40 people in Northport and Clifton Park, NY • Secure facilities and security clearances 3 http://securedecisions.com
  • 3. SecDec Core Competencies Situational Awareness and Decision Support for cyber operations  Analysis of decision process Visual analytics for wired / wireless network data Visualizations of abstract cyber data Visual systems for CND training Impact analysis of cyber events  Decision support system design     Software assurance visualization Technology transition Cyber testbed support Classified portfolio 4
  • 4. Current Products Transitioned From R&D Visualizations to help cyber analysts make sense of massive data, and communicate results Use: Data: TRL 9: In-depth incident analysis, historical analysis, watch briefings NetFlow, alerts Deployed to USCERT In evaluation in intel community Funding: IARPA, DHS, AFRL 5 Use: Data: TRL 9: Wireless threat and risk analysis, policy compliance, audit reporting Wardriving , WIDS DoD version downloadable from NRL site; Commercial version available Funding: DARPA, AFRL, NRL, DISA Use: Data: TRL 9: Triage and analysis of software source code vulnerabilities Results of SwA tools Info and trial download available at www.codedx.com; Funding: DHS
  • 5. Sample Customers and Partners Government Air Force Research Lab DARPA DHS DISA IARPA Naval Research Lab ONR OSD Industry/Academia Adventium Alion ATC BAE General Dynamics George Mason University Hopkins Applied Physics Lab Informatica ITT Lockheed Martin Raytheon SAIC • Nominated twice by DARPA for SBIR of the Year • Featured twice as a DARPA Success Story 6
  • 6. Key Projects at Secure Decisions A sample Asset-to-Mission mapping generated from multiple data sources
  • 8. Code Dx: Software Analysis Integration Platform • Imports and correlates results from multiple SAST tools • Normalizes results; common severity scale Workflows tailored to each type of user • Visual analytics to rapidly triage results, remove false positives • Common UI with custom detail for security analysts, developers, and CISOs • Code Dx Bundle embeds open source SAST tools for use with or without commercial tools • Affordable for small and medium size businesses 9 Interactive, powerful filtering Visualize thousands of weaknesses in a single view Quickly and effectively triage large weakness lists A CWE-friendly application
  • 9. Products that visualize vulnerabilities and suspicious network activity
  • 10. MeerCAT: Visualization of Cyber Asset Tracks Visualizes wireless network security  Physical 2D and 3D geographic location  Logical network topology location  Communication patterns  Security status  Mission of cyber assets An SBIR Phase 2 funded by DARPA Accredited within DoD’s Flying Squirrel Wireless Suite for vulnerability analysts. Featured in DARPA’s SBIR Success Report. 11
  • 11. WildCAT: Wireless Analysis from Patrol Cars Remote Connectivity (Satellite, 3G, etc.) Suspicious Detections Instructions to Patrol Centralized Monitoring and Analysis Aggregates and fuses data from multiple facilities. Provides instruction to field patrols. 12 Instrumented Patrol Car Detects intruder’s wireless emissions Intruder Emits wireless signals
  • 12. VIAssist: Visualization for Information Assurance Integrates visualization of NetFlow and IDS data  Multiple linked visualizations to see different perspectives  Don’t jump to the most logical conclusion: test hypotheses; see things for various viewpoints  Big picture and detailed incident views  Collaboration and built in reporting Installed at US-CERT Being prepared for transition to USAF Under evaluation in IC 13 Original funding by IARPA and NSA. Now funded by DHS and AFRL
  • 13. TVA: Topological Vulnerability Assessment Visualizes attack graphs to understand vulnerability  Attack paths based on vulnerabilities & topology  Aggregation to make graphs readable A collaboration with GMU, for the Department of Homeland Security 14 Sold by http://proinfomd.com/
  • 15. SimBLEND: Game-Based Learning for Net Defense Blends computer-based training (CBT) with games, visualizations, & simulation to train network defenders  Harness an existing Learning Management System (LMS) for student tracking and scoring  Reinforce learning with games + CBT + Visuals + Simulations + Games = Better training 16 An SBIR Phase 2 funded by AFRL (Mesa, AZ)
  • 16. Safe Computing Training Courses Safe computing education for non-technical audiences  Principles of safe computing Work with authorizing institutions for continuing education credits    17 Demonstrations of vulnerabilities in typical office environments Interactive graphic novels
  • 18. Deucalion: Cyber Decision Support System Design and develop next generation decision support system for Navy cyber defense 19
  • 19. Camus: Mapping Cyber Assets to Missions & Users Relates cyber attacks to affected missions and users Current CND ops have poor awareness of how compromised cyber assets affect missions, organizations, and people  Fuses various network and mission data into a common ontology  Maps cyber assets to dependent people and operations  Integrates with security and sensor systems to provide operational information about specific assets An SBIR Phase 2 funded by OSD through AFRL 20
  • 20. NetDemon: Cyber Defense Decision Modeling Models “as-is” and “idealized” decision processes used in cyber defense     21 Analyze current Navy decision process Develop scenarios to illustrate future decisions Recommend new approach to cyber defense decision-making Recommend decision support tools and data
  • 21. Test support services and technologies
  • 22. National Cyber Range Reconfigurable test range for testing cyber technologies in a high-performance simulated classified network Range command and control system to control the execution and monitor the performance of cyber experiments User experience design and implementation for key systems: Experiment command and control Design tool Repository Gateway 23
  • 23. Scalable Network Monitoring Testbed Testbed for evaluating the performance of new network monitoring algorithms Developed software to control entire test network: Main C2 System for execution and monitoring of tests Remote Storage Service controls packet capture from remote locations C2 System Client/Test Station to display and test control mechanism Traffic Generation Services for connectivity, control, & status between test controller and traffic generator Network Management System Services for health and utilization monitoring of the test network 24
  • 24. Thought Leadership VizSec Sponsor and chair of annual symposium for R&D related to visualization for cyber security Congressional testimony on cyber R&D and education Mission Impact Workshop Conducted by-invitation workshop on mission impact of cyber attacks Publications in refereed journals and proceedings Patent for temporal visualizations. Patent-pending wireless security visualization 25
  • 25. Enhancing Cyber Operational Decisions Making Sense of Network Data Anita D’Amico, Ph.D. Anita.Damico@SecureDecisions.com 631.759.3909 SecureDecisions.com Codedx.com avi.com