cyber ecosystem data security n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Cyber Ecosystem & Data Security PowerPoint Presentation
Download Presentation
Cyber Ecosystem & Data Security

Loading in 2 Seconds...

play fullscreen
1 / 24

Cyber Ecosystem & Data Security - PowerPoint PPT Presentation


  • 108 Views
  • Uploaded on

Cyber Ecosystem & Data Security. Subhro Kar CSCE 824, Spring 2013 University of South Carolina, Columbia. What is an Ecosystem?. Definition Functional Units Relationships Balance Comparison with Cyber Space. Biological Ecosystems. The system is closely related

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Cyber Ecosystem & Data Security' - perry


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
cyber ecosystem data security

Cyber Ecosystem & Data Security

Subhro Kar

CSCE 824, Spring 2013

University of South Carolina, Columbia

what is an ecosystem
What is an Ecosystem?
  • Definition
  • Functional Units
  • Relationships
  • Balance
  • Comparison with Cyber Space
biological ecosystems
Biological Ecosystems
  • The system is closely related
  • The balance is always maintained
  • Relationships are well defined
  • Monitored by nature

Source: http://www.tutorvista.com/content/biology/biology-iv/ecosystem/food-web.php

a typical network diagram
A typical Network Diagram

Source: http://www.broadband.gov/plan/16-public-safety/

what is a cyber ecosystem
What is a Cyber Ecosystem?
  • Entities in network are not merely considered in isolation
  • Each member has a specific goal
  • Each member is related to every other member in one way or the other
  • Processes are important
  • Anticipate and prevent attacks
  • Limit the speed of attacks across devices
  • Recover to a trusted state
what is a cyber ecosystem1
What is a Cyber Ecosystem?
  • Devices has a level of built in Security
  • Automated responses
  • Immunity
malware ecosystem
Malware Ecosystem
  • Each member in the ecosystem has a specific purpose
  • Each of the members respond to the behaviour of other members
  • Automated upto an extent
  • Monitoring the whole process
building blocks
Building Blocks
  • Automated Course of Actions
    • Pro-active responses
    • Speed of response matches the speed of attacks
    • Being able to decide on solutions based on historical data
  • Sharing of Information at different levels from local to global
  • Rapid learning procedures
  • Communications guided by policy rather than constraints
  • High levels of collaboration and interoperability
  • Authentication
types of attacks
Types of Attacks
  • Brute force attacks
  • Malware
  • Hacking attempts
  • Social Engineering
  • Insiders
  • Physical loss and theft
monitoring
Monitoring
  • Monitoring forms one of the foundations of the Cyber Ecosystem
  • Informs about anomalies so that proper countermeasures can be taken
  • Does not always happen at the system level contrary to standard device monitoring
business process monitoring
Business Process Monitoring
  • Holy grail of monitoring systems
  • Highest level of abstraction
  • Generally related to long running transactions
  • Can serve as a ready metric for overall success of the system
  • Can only detect problems post their occurrences
  • Uses complex business logic
  • Goal: To maintain business continuity
functional monitoring
Functional Monitoring
  • Lower level than Business Process Monitoring
  • Granularity limited to a single application or node in a distributed architecture
  • Goal: To assess the availability as well as performance of a system
  • Generally done by bots running scripts on individual systems
  • Incapable of deciding on countermeasures
technical monitoring
Technical Monitoring
  • Monitoring as a typical system administrator understands
  • Lowest level of monitoring and responsible for individual pieces of software
  • Subsystems are considered in isolation and has nothing to do with their contribution to the system
  • Ideal place for designing incident response since the monitoring system is aware of how to modify behaviour of individual subsystems.
intelligence and experience gathering
Intelligence and Experience Gathering
  • Currently lacking in existing systems
  • Could be based on statistical models and data modeling
  • Should become more accurate based on experience
  • Should be able to heuristically identify attacks
  • Could put up some defence against 0 day attacks
incident response
Incident Response
  • Targets for restoring the balance of the ecosystem just like its biological brother
  • Either filter it out or sacrifice parts of the system to facilitate containment
  • Not an isolated process. There are lots of loopbacks to the monitoring
  • Dynamically adjusts itself to adjust response based on current monitoring data
how does everything fit together
How does everything fit together?
  • It is a continuous process
  • Dynamic
  • Historical data is important
  • Business continuity important
  • The goal of the attacker might not be the epicenter of the attack

Source: http://blogs.csoonline.com/business_continuity_event_planning_the_incident_response_team

incident response implementation
Incident Response - Implementation
  • Firewalls
  • Intrusion Detection and Prevention Systems
  • Log servers
  • Configuration Management Servers
  • Offline resources like Debuggers
desired cyber ecosystem capabilities
Desired Cyber Ecosystem Capabilities
  • Automated Defense Identification, Selection, and Assessment Authentication
  • Interoperability
  • Machine Learning and Evolution
  • Security Built in
  • Business Rules-Based Behavior Monitoring
  • General Awareness and Education
desired cyber ecosystem capabilities1
Desired Cyber Ecosystem Capabilities
  • Moving Target
  • Privacy
  • Risk Based Data Management
  • Situation Awareness
  • Tailored Trustworthy spaces
where we stand
Where we stand…
  • The ecosystem is far from automated. We have a long way to go
  • Triangulating automated decisions are complicated. Most of the processes are manual and will probably remain so in the near future
  • The weakest link is generally the End Users
  • Insiders can cause havocs
  • It is always about the financial incentive of being able to build a proper ecosystem.
references
References
  • Developing a healthy cyber ecosystem, http://www.mitre.org/news/digest/homeland_security/10_11/cyber_ecosystem.html
  • Enabling Distributed Security in Cyberspace, http://www.dhs.gov/xlibrary/assets/nppd-cyber-ecosystem-white-paper-03-23-2011.pdf
  • Cybersecurity Ecosystem – The Future? http://www.nextgov.com/cybersecurity/cybersecurity-report/2011/03/cybersecurity-ecosystem-the-future/54390/
  • Enabling Distributed Security in Cyberspace, http://blogs.msstate.edu/ored/Cyber%20Ecosystem%20I3P%20Presentation%2016%20April%202012%20MSU%20ras.ppt
questions
Questions??

Source: http://what-if.xkcd.com