It’s already the summer of 2015 and I have been remiss not mentioning several events in 2015 that highlight active cyber defenses.
But first, I would like to announce the publication of my ACD guide: Protecting the Future Enterprise: Active Cyber Defense, The Definitive Guide To Next-Gen Cyber Protections. This free ebook is available =here for download.
This 50 page comprehensive guide provides detailed descriptions of all facets of active cyber defenses and will get you up to speed quickly on options you may want to consider to make your enterprise proactive and adaptive to the ever-changing cyber threats.
I noticed that the RSA Conference 2015 back in April hosted several sessions focused on ACD approaches and technologies. I counted no less than 10 and will give you my top 3:
- Erik Peterson’s presentation – Defending the Cloud from the Full Stack Hack. Erik showed that the cloud is not as secure as everyone hopes.
- Jay McAllister’s presentation – Be Like Water: Applying Analytical Adaptability to Cyber Intelligence. I liked Jay’s views that adaptive humans are as important to Active Cyber Defense as adaptive technology.
- Deb Bannerjee’s presentation – Orchestrating Software Defined Networks (SDN) to Disrupt the APT Kill Chain. This presentation provides excellent insight into how micro-segmentation and service chaining enabled through SDN can provide adaptive measures for disrupting the APT kill chain.
Early in June, the Department of Homeland Security Science and Technology’s Cyber Security Division held its Transition to Practice (TTP) – Technology Demonstration for Investors, Integrators, and IT Companies (I3) – West in Santa Clara, CA. The TTP program works to identify emerging cybersecurity technologies that were developed with Federal funding and help them transition into products capable of broad utilization. This demonstration and workshop highlighted nine innovative research prototype efforts entailing active cyber defenses that should garner the attention of Silicon Valley VC and companies.
Coming next is the National Security Agency’s Information Assurance Directorate (IAD)’s Information Assurance Symposium (IAS). This biannual forum runs from the 29th of June through the 1st of July at the Convention Center in Washington, DC and is loaded with active cyber defense sessions. Craig Harber of NSA I2 provides an overview of the NSA/IAD Active Cyber Defense (ACD) Initiative and lAD’s phased efforts to develop integrated, synchronized, and automated cyber defense capabilities. Wendie Peters provides a presentation on Integrated Adaptive Cyber Defense: Changing The Game. This presentation provides a description of research, development, prototyping, and piloting efforts by NSA/IAD and the Department of Homeland Security. It includes information about the design and results of piloting activities and progress toward the development of an ACD reference implementation. A panel of esteemed NSA, DHS, and DoD seniors also provide insight into ACD. The panel includes: Neal Ziring (NSA), Michael Herring (NSA), Dr. Peter Fonash (DHS CTO), Dr. Brian Done (DHS) & Bob Lentz (former DASD and CISO of DoD).
One ACD highlighted technology is Assured File Transfer – a cross-domain engine built by NSA that passes only good content. It seems that leveraging such an engine with full packet capture and data streaming analytics tools such as RSA NetWitness (rebranded as RSA Security Analytics),SAP HANA, or Ryft ONE could be a path to a superior active cyber defense platform.
Next up is Black Hat USA 2015 in Las Vegas, of course, from August 1-6. The conference agenda is full of descriptions of new attack vectors that must be addressed by active cyber defenses.
For those of you who like to learn about ongoing academic research related to Active Cyber Defense, try the Ninth IEEE International Conference on Self-Adaptive and Self-Organizing Systems in Cambridge, MA from September 21 – 25, 2015. The aim of the Self-Adaptive and Self-Organizing systems conference series (SASO) is to provide a forum for the foundations of a principled approach to autonomic systems, networks and services. This conference promises a track on autonomic cyber systems.
This October in Denver CO is SafeConfig 2015. This ACM Workshop on Automated Decision Making for Active Cyber Defense (Co-located with ACM CCS) provides in depth looks at new capabilities based on active cyber defense (ACD). The conference announcement states:
“Both accurate ‘sense-making’ based security analytics of the system artifacts (e.g., traces, configurations, logs, incident reports, alarms and network traffic), and provably-effective ‘decision-making’ based on robust reasoning are required to enable ACD for cyber security and resiliency. Cyber security requires automated and scalable analytics in order to normalize, model, integrate, and analyze large and complex data to make correct decisions on time about security measures against threats. The automated decision making goals is to determine and improve the security and resiliency of cyber systems and services. As the current technology moves toward ‘smart’ cyber-physical infrastructures as well as open networking platforms (e.g., software defined networking and virtual/cloud computing), the need for large-scale security analytics and automation for decision making significantly increases.”
As you can tell, 2015 is a break-out year for active cyber defenses. Stay tuned to activecyber.net as we monitor the pulse of this exciting new area of cybersecurity.