2018 Technology Exchange

close
Use Internet2 SiteID

Already have an Internet2 SiteID?
Sign in here.

Internet2 SiteID

Information Security: Lightning Talks

Time 10/18/18 11:50AM-12:10PM

Room Pacifica Ballroom 8/9

Session Abstract

This session will highlight (2) lightning talks:


  • Baselining Security with DNS (Cesar Teran, Verizon): With the continued increase in the threat landscape and growing
    complexity of environments, gaps can occur in your security.
    Given the ubiquitous nature and importance of Recursive DNS in
    enabling internet connectivity, it is an ideal space to leverage
    for security. Not only as an additional layer of security, it
    can create a single objective view and protection layer across
    one’s entire infrastructure with minimal cost.

  • Emerging Cyber (Calvin Hayes Smith, Northrop Grumman): Advanced Cyber Automation Platform (ACAP) Abstract
    Next Generation Defensive Cyber Operations

    Global Cyber Security Challenges
    THE PROBLEM
    • DCO can’t keep pace with escalating cyber threats
    • Traditional data management not workable
    • A need to give systems the ability to learn with unrivaled
    speed and accuracy for critical cyber first response defense
    actions
    THE SOLUTION
    • Deliver data-driven DCO actions at machine speed
    • Create automation fabric for cyber playbook execution
    • Trigger automated IR actions with precision
    • Implement end-to-end Active Cyber Defense Ecosystem
    CURRENT STATUS
    • Implementing Active Cyber Defense Ecosystem now
    • Developing AI/ML Algorithms for ACD
    • Working with engineers, data scientists, and IR teams
    • Enhancing cognitive AI/ML for data driven automation
    • Using AI to build nextgen smart cognitive machines, using ML
    to create algorithms that allow machines to learn from
    experience
    Active Cyber Defense Ecosystem
    • An ACD platform to disrupt and neutralize cyber-attacks in
    real-time
    • Automation for Streamlined Next-Gen Defensive Cyber Operations
    • Cognitive Analytics to trigger targeted, informed advanced DCO
    actions
    • Implementation based on Open Source, Open Architecture, and
    Open APIs where available, use COTS as needed.
    • Portable for deployment at scale On-Premise or in Cloud
    • Cost effective, Affordable
    Architecture and Components
    • Data Lake
    o Fast cyber data collection, transformation, and enrichment
    (schema less)
    o Easily scalable with high throughput to support large mission
    operations
    o Quick view of operation status on mission dashboards
    • Security Orchestration Automation & Response (SOAR)
    o Well defined processes and procedures in the form of playbooks
    o Automated execution of cyber playbooks via CA (AI/ML) triggers
    o Built-in Case Management with audit trial & artifacts
    • Cognitive Analytics (AI/ML) for unknown threats
    o Deep learning in cyber threats using anomaly, clustering, and
    classification
    o AI/ML based knowledge management
    o Interactive Decision Making Support and Courses of Action
    Impact to Defensive Cyber Operations
    • Improves the performance of Cyber Incident Responders, Malware
    Researchers and Cyber Analysts
    • Active Cyber Defense (ACD) at machine speed to reduce attacker
    free time in the network
    • Success is determined by simulation of current cyber threats
    in a Cyber Range
    • Validation of the effectiveness of our approach in a Devops
    Cloud Environment
    OVERVIEW OF Current Research
    • Anomaly Detection with Machine Learning, Multi-factor Endpoint
    Profiling
    • Data Lake centric ACD Ecosystem established in Cloud
    • Threat data enrichment and correlation performed on the Data
    Lake on the fly
    • Cognitive analytics integrated to detect anomalies, unknown
    threats and attack prediction
    • Automated cyber playbooks developed to trigger response
    actions at machine speed
    • Collaborating with Federal Agencies to apply mechanisms for
    threat and technical analysis

Speakers

Speaker Vincent Lee Verizon Business

Speaker Calvin Smith Northrop Grumman Corporation

Presentation Media

Primary track Information Security

gold Sponsors

silver Sponsors

bronze Sponsors