Enhancing Cyber
Operational Decisions
Making Sense of Network Data

Anita D’Amico, Ph.D.
Anita.Damico@SecureDecisions.com
...
About Secure Decisions
Secure Decisions helps you makes sense of data
• Analyze security decision processes
• Build visual...
SecDec Core Competencies
Situational Awareness and Decision Support for cyber operations



Analysis of decision process
...
Current Products Transitioned From R&D
Visualizations to help cyber analysts make sense
of massive data, and communicate r...
Sample Customers and Partners
Government
Air Force Research Lab
DARPA
DHS
DISA
IARPA
Naval Research Lab
ONR
OSD

Industry/...
Key Projects
at
Secure Decisions

A sample Asset-to-Mission mapping
generated from
multiple data sources
Software assurance visualization
Code Dx: Software Analysis Integration Platform
• Imports and correlates results
from multiple SAST tools
• Normalizes res...
Products that visualize
vulnerabilities and suspicious
network activity
MeerCAT: Visualization of Cyber Asset Tracks
Visualizes wireless network security


Physical 2D and 3D geographic locatio...
WildCAT: Wireless Analysis from Patrol Cars
Remote Connectivity
(Satellite, 3G, etc.)
Suspicious
Detections
Instructions
t...
VIAssist: Visualization for Information Assurance
Integrates visualization of NetFlow and IDS data


Multiple linked visu...
TVA: Topological Vulnerability Assessment
Visualizes attack graphs to understand
vulnerability


Attack paths based on vu...
Cyber Security Education
SimBLEND: Game-Based Learning for Net Defense
Blends computer-based training (CBT) with games,
visualizations, & simulatio...
Safe Computing Training Courses
Safe computing education for non-technical audiences


Principles of safe computing

Work...
Analytical services and
technologies
Deucalion: Cyber Decision Support System
Design and develop next generation
decision support system for Navy cyber
defense...
Camus: Mapping Cyber Assets to Missions & Users
Relates cyber attacks to affected missions and users
Current CND ops have ...
NetDemon: Cyber Defense Decision Modeling
Models “as-is” and “idealized” decision processes used
in cyber defense




...
Test support services and
technologies
National Cyber Range
Reconfigurable test range for testing cyber
technologies in a high-performance simulated classified
n...
Scalable Network Monitoring Testbed
Testbed for evaluating the performance of
new network monitoring algorithms
Developed ...
Thought Leadership
VizSec Sponsor and chair of annual symposium for R&D related to
visualization for cyber security
Congre...
Enhancing Cyber
Operational Decisions
Making Sense of Network Data

Anita D’Amico, Ph.D.
Anita.Damico@SecureDecisions.com
...
Upcoming SlideShare
Loading in …5
×

Secure Decisions - Cyber Security Sensemaking

1,050 views

Published on

Published in: Technology, Education
0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
1,050
On SlideShare
0
From Embeds
0
Number of Embeds
15
Actions
Shares
0
Downloads
34
Comments
0
Likes
2
Embeds 0
No embeds

No notes for slide

Secure Decisions - Cyber Security Sensemaking

  1. 1. Enhancing Cyber Operational Decisions Making Sense of Network Data Anita D’Amico, Ph.D. Anita.Damico@SecureDecisions.com 631.759.3909 securedecisions.com codedx.com avi.com
  2. 2. About Secure Decisions Secure Decisions helps you makes sense of data • Analyze security decision processes • Build visual analytics to enhance security decision processes and training • Transition our R&D into operational use Our expertise starts where automated security sensors and scanners stop Division of Applied Visions, Inc., which does commercial software development • 40 people in Northport and Clifton Park, NY • Secure facilities and security clearances 3 http://securedecisions.com
  3. 3. SecDec Core Competencies Situational Awareness and Decision Support for cyber operations  Analysis of decision process Visual analytics for wired / wireless network data Visualizations of abstract cyber data Visual systems for CND training Impact analysis of cyber events  Decision support system design     Software assurance visualization Technology transition Cyber testbed support Classified portfolio 4
  4. 4. Current Products Transitioned From R&D Visualizations to help cyber analysts make sense of massive data, and communicate results Use: Data: TRL 9: In-depth incident analysis, historical analysis, watch briefings NetFlow, alerts Deployed to USCERT In evaluation in intel community Funding: IARPA, DHS, AFRL 5 Use: Data: TRL 9: Wireless threat and risk analysis, policy compliance, audit reporting Wardriving , WIDS DoD version downloadable from NRL site; Commercial version available Funding: DARPA, AFRL, NRL, DISA Use: Data: TRL 9: Triage and analysis of software source code vulnerabilities Results of SwA tools Info and trial download available at www.codedx.com; Funding: DHS
  5. 5. Sample Customers and Partners Government Air Force Research Lab DARPA DHS DISA IARPA Naval Research Lab ONR OSD Industry/Academia Adventium Alion ATC BAE General Dynamics George Mason University Hopkins Applied Physics Lab Informatica ITT Lockheed Martin Raytheon SAIC • Nominated twice by DARPA for SBIR of the Year • Featured twice as a DARPA Success Story 6
  6. 6. Key Projects at Secure Decisions A sample Asset-to-Mission mapping generated from multiple data sources
  7. 7. Software assurance visualization
  8. 8. Code Dx: Software Analysis Integration Platform • Imports and correlates results from multiple SAST tools • Normalizes results; common severity scale Workflows tailored to each type of user • Visual analytics to rapidly triage results, remove false positives • Common UI with custom detail for security analysts, developers, and CISOs • Code Dx Bundle embeds open source SAST tools for use with or without commercial tools • Affordable for small and medium size businesses 9 Interactive, powerful filtering Visualize thousands of weaknesses in a single view Quickly and effectively triage large weakness lists A CWE-friendly application
  9. 9. Products that visualize vulnerabilities and suspicious network activity
  10. 10. MeerCAT: Visualization of Cyber Asset Tracks Visualizes wireless network security  Physical 2D and 3D geographic location  Logical network topology location  Communication patterns  Security status  Mission of cyber assets An SBIR Phase 2 funded by DARPA Accredited within DoD’s Flying Squirrel Wireless Suite for vulnerability analysts. Featured in DARPA’s SBIR Success Report. 11
  11. 11. WildCAT: Wireless Analysis from Patrol Cars Remote Connectivity (Satellite, 3G, etc.) Suspicious Detections Instructions to Patrol Centralized Monitoring and Analysis Aggregates and fuses data from multiple facilities. Provides instruction to field patrols. 12 Instrumented Patrol Car Detects intruder’s wireless emissions Intruder Emits wireless signals
  12. 12. VIAssist: Visualization for Information Assurance Integrates visualization of NetFlow and IDS data  Multiple linked visualizations to see different perspectives  Don’t jump to the most logical conclusion: test hypotheses; see things for various viewpoints  Big picture and detailed incident views  Collaboration and built in reporting Installed at US-CERT Being prepared for transition to USAF Under evaluation in IC 13 Original funding by IARPA and NSA. Now funded by DHS and AFRL
  13. 13. TVA: Topological Vulnerability Assessment Visualizes attack graphs to understand vulnerability  Attack paths based on vulnerabilities & topology  Aggregation to make graphs readable A collaboration with GMU, for the Department of Homeland Security 14 Sold by http://proinfomd.com/
  14. 14. Cyber Security Education
  15. 15. SimBLEND: Game-Based Learning for Net Defense Blends computer-based training (CBT) with games, visualizations, & simulation to train network defenders  Harness an existing Learning Management System (LMS) for student tracking and scoring  Reinforce learning with games + CBT + Visuals + Simulations + Games = Better training 16 An SBIR Phase 2 funded by AFRL (Mesa, AZ)
  16. 16. Safe Computing Training Courses Safe computing education for non-technical audiences  Principles of safe computing Work with authorizing institutions for continuing education credits    17 Demonstrations of vulnerabilities in typical office environments Interactive graphic novels
  17. 17. Analytical services and technologies
  18. 18. Deucalion: Cyber Decision Support System Design and develop next generation decision support system for Navy cyber defense 19
  19. 19. Camus: Mapping Cyber Assets to Missions & Users Relates cyber attacks to affected missions and users Current CND ops have poor awareness of how compromised cyber assets affect missions, organizations, and people  Fuses various network and mission data into a common ontology  Maps cyber assets to dependent people and operations  Integrates with security and sensor systems to provide operational information about specific assets An SBIR Phase 2 funded by OSD through AFRL 20
  20. 20. NetDemon: Cyber Defense Decision Modeling Models “as-is” and “idealized” decision processes used in cyber defense     21 Analyze current Navy decision process Develop scenarios to illustrate future decisions Recommend new approach to cyber defense decision-making Recommend decision support tools and data
  21. 21. Test support services and technologies
  22. 22. National Cyber Range Reconfigurable test range for testing cyber technologies in a high-performance simulated classified network Range command and control system to control the execution and monitor the performance of cyber experiments User experience design and implementation for key systems: Experiment command and control Design tool Repository Gateway 23
  23. 23. Scalable Network Monitoring Testbed Testbed for evaluating the performance of new network monitoring algorithms Developed software to control entire test network: Main C2 System for execution and monitoring of tests Remote Storage Service controls packet capture from remote locations C2 System Client/Test Station to display and test control mechanism Traffic Generation Services for connectivity, control, & status between test controller and traffic generator Network Management System Services for health and utilization monitoring of the test network 24
  24. 24. Thought Leadership VizSec Sponsor and chair of annual symposium for R&D related to visualization for cyber security Congressional testimony on cyber R&D and education Mission Impact Workshop Conducted by-invitation workshop on mission impact of cyber attacks Publications in refereed journals and proceedings Patent for temporal visualizations. Patent-pending wireless security visualization 25
  25. 25. Enhancing Cyber Operational Decisions Making Sense of Network Data Anita D’Amico, Ph.D. Anita.Damico@SecureDecisions.com 631.759.3909 SecureDecisions.com Codedx.com avi.com

×