Invited talk presented at the Alan Turing Institute Scoping Workshop: Data Protection and Security at Scale, British Library, London, UK, 3 December 2015
Blackhat USA 2016 - What's the DFIRence for ICS?Chris Sistrunk
Digital Forensics and Incident Response (DFIR) for IT systems has been around quite a while, but what about Industrial Control Systems (ICS)? This talk will explore the basics of DFIR for embedded devices used in critical infrastructure such as Programmable Logic Controllers (PLCs), Remote Terminal Units (RTUs), and controllers. If these are compromised or even have a misoperation, we will show what files, firmware, memory dumps, physical conditions, and other data can be analyzed in embedded systems to determine the root cause.
This talk will show examples of what and how to collect forensics data from two popular RTUs that are used in Electric Substations: the General Electric D20MX and the Schweitzer Engineering Labs SEL-3530 RTAC.
This talk will not cover Windows or *nixbased devices such as Human Machine Interfaces (HMIs) or gateways.
TechEd NZ 2014: Intelligent Systems Service - Concept, Code and DemoIntergen
TechEd New Zealand 2014 - WIN311 - Jonny Lin
'Internet of Things' is the next big thing, by 2020 there is expected to be billions devices connected to the internet, evolving IoT into a trillion dollar industry. Recognizing the upcoming opportunity and challenges IoT will bring, Microsoft released the Intelligent Systems Service (ISS), a service built on top of Azure designed to help developers connect, manage and capture data from IoT devices. This sessions aims to give a high level overview of ISS, walk through a sample project encompassing all the moving parts, dive into the code of a demo application sending data and alarms up into ISS, then create a web portal to call actions and do firmware updates on the device.
Blackhat USA 2016 - What's the DFIRence for ICS?Chris Sistrunk
Digital Forensics and Incident Response (DFIR) for IT systems has been around quite a while, but what about Industrial Control Systems (ICS)? This talk will explore the basics of DFIR for embedded devices used in critical infrastructure such as Programmable Logic Controllers (PLCs), Remote Terminal Units (RTUs), and controllers. If these are compromised or even have a misoperation, we will show what files, firmware, memory dumps, physical conditions, and other data can be analyzed in embedded systems to determine the root cause.
This talk will show examples of what and how to collect forensics data from two popular RTUs that are used in Electric Substations: the General Electric D20MX and the Schweitzer Engineering Labs SEL-3530 RTAC.
This talk will not cover Windows or *nixbased devices such as Human Machine Interfaces (HMIs) or gateways.
TechEd NZ 2014: Intelligent Systems Service - Concept, Code and DemoIntergen
TechEd New Zealand 2014 - WIN311 - Jonny Lin
'Internet of Things' is the next big thing, by 2020 there is expected to be billions devices connected to the internet, evolving IoT into a trillion dollar industry. Recognizing the upcoming opportunity and challenges IoT will bring, Microsoft released the Intelligent Systems Service (ISS), a service built on top of Azure designed to help developers connect, manage and capture data from IoT devices. This sessions aims to give a high level overview of ISS, walk through a sample project encompassing all the moving parts, dive into the code of a demo application sending data and alarms up into ISS, then create a web portal to call actions and do firmware updates on the device.
Software Defined Substation Intelligence, Automation and ControlBastian Fischer
The Intelligent Digital Substation - Future Proof by Design
A combination of societal, technological, and environmental factors are transforming the energy industry in-depth. The continuous increase of renewable and intermittent energy sources; the necessity to improve grid reliability and power quality; and regulatory pressure to reduce operating expenditures on grid assets require investments today while being future proof for decades to come.
Electrical grids are evolving in complexity, in structure and in function to enable the bi-directional flow of energy, of information and transactions. The integration of distributed, intermittent energy resources require constant network balancing, real-time adjustments of supply and demand, dynamic asset rating, dynamic protection schemes, advanced automation and is only possible with a new substation platform.
Electrical substations are the critical nodes of this grid evolution and hence in order to make the grid digital and intelligent we need first to make substations digital and intelligent. SASensor is architected along the Centralized Protection and Control principles and provides already today the benefits of a data driven and software defined implementation. This is making your investments future proof as functions can merely be applied by software upgrades during the entire life cycle of the substation.
SASensor is a substation platform transforming your substations into intelligent hubs providing a new level of functionalities, applications and performance, a new level of situational awareness and high resolution real-time data providing insight into operation, diagnostics and asset conditions.
SASensor is providing a large set of protection, automation, communication and measurement functionalities based on a high availability redundant computing platform with efficient remote software-, data-, user- and configuration management along with resilient cyber-security features.
Your SCADA system has a vulnerability, now what? I shortly summarize the DNP3 vulnerabilities (and other ICS protocols too). Then I focus on the different mitigations that an ICS owner can do to mitigate these types of protocol implementation vulnerabilities even if there is no patch or patches can't be installed. I also show the importance of doing Network Security Monitoring to help detect and respond to anomalies in ICS/SCADA networks.
Presented at ISACA's EuroCACS 2015 (Copenhaguen).
Understand the impact of Industrial Control Systems (ICS) on the security ecosystem.
Expand the knowledge on SCADA systems and how cyberattacks can have physical consequences, bridging the cyber and physical worlds.
Is your ICS breached? Are you sure? How do you know?
The current state of security in Industrial Control Systems is a widely publicized issue, but fixes to ICS security issues are long cycle, with some systems and devices that will unfortunately never have patches available. In this environment, visibility into security threats to ICS is critical, and almost all of ICS monitoring has been focused on compliance, rather than looking for indicators/evidence of compromise. The non-intrusive nature of Network Security Monitoring (NSM) is a perfect fit for ICS. This presentation will show how NSM should be part of ICS defense and response strategy, various options for implementing NSM, and some of the capabilities that NSM can bring to an ICS security program. Free tools such as Security Onion, Snort IDS, Bro IDS, NetworkMiner, and Wireshark will be used to look at the ICS environment for anomalies. It will be helpful if attendees have read these books (but they aren't required): The Cuckoo's Egg by Cliff Stoll, The Practice of Network Security Monitoring by Richard Bejtlich, and Applied Network Security Monitoring by Chris Sanders and Jason Smith.
This presentation was given at BSides Las Vegas 2015.
The modern times that we live in, the gentle shift that we are making towards the Internet of Things (IoT) is slowly but surely getting a grip on our day to day lives. The same goes for securing our Industrial Control Systems (ICS). We see that the demand for ICS security is raising and governmental regulations are being established and implement. However, this also means that the need for ICS security professionals is raising as well. More and more security professionals/firms are starting to perform security assessments such as penetration testing on an ICS level. Two years ago I got the question if I was up for the challenge, converting myself from a ‘normal’ security professional to a ICS specific security professional.
The purpose of this talk would be to provide a starting point for security professionals that want to make the shift towards ICS Security, just like I did two years ago. While the term starting point might be a bit misleading, the goal would be to provide an ICS 001 talk instead in contrast to an ICS 101 talk.
Lessons Learned for a Behavior-Based IDS in the Energy SectorEnergySec
This presentation will review lessons learned from a deployment of behavior-based intrusion detection system (IDS) on a SCADA network that was part of a large-scale energy management system. The IDS architecture, sensor features, and sensor placement within the target SCADA environment proved to be key for successful detection of malicious activity. Challenges included simultaneous monitoring of multiple SCADA protocols (DNP3 and ICCP) across multiple network segments; monitoring of both encrypted and unencrypted network traffic; adapting to slow environment changes to minimize false positive output; and integration of the behavior-based IDS output into an existing monitoring system/SIEM
Keynote: Elastic Observability evolution and visionElasticsearch
Elastic Observability is helping organisations drive their mean time to resolution toward zero with end-to-end visibility in a single platform. Hear about the latest features and capabilities at all layers — from ingest to insight — and get a glimpse into the future straight from the product leaders who are building it.
Software Defined Substation Intelligence, Automation and ControlBastian Fischer
The Intelligent Digital Substation - Future Proof by Design
A combination of societal, technological, and environmental factors are transforming the energy industry in-depth. The continuous increase of renewable and intermittent energy sources; the necessity to improve grid reliability and power quality; and regulatory pressure to reduce operating expenditures on grid assets require investments today while being future proof for decades to come.
Electrical grids are evolving in complexity, in structure and in function to enable the bi-directional flow of energy, of information and transactions. The integration of distributed, intermittent energy resources require constant network balancing, real-time adjustments of supply and demand, dynamic asset rating, dynamic protection schemes, advanced automation and is only possible with a new substation platform.
Electrical substations are the critical nodes of this grid evolution and hence in order to make the grid digital and intelligent we need first to make substations digital and intelligent. SASensor is architected along the Centralized Protection and Control principles and provides already today the benefits of a data driven and software defined implementation. This is making your investments future proof as functions can merely be applied by software upgrades during the entire life cycle of the substation.
SASensor is a substation platform transforming your substations into intelligent hubs providing a new level of functionalities, applications and performance, a new level of situational awareness and high resolution real-time data providing insight into operation, diagnostics and asset conditions.
SASensor is providing a large set of protection, automation, communication and measurement functionalities based on a high availability redundant computing platform with efficient remote software-, data-, user- and configuration management along with resilient cyber-security features.
Your SCADA system has a vulnerability, now what? I shortly summarize the DNP3 vulnerabilities (and other ICS protocols too). Then I focus on the different mitigations that an ICS owner can do to mitigate these types of protocol implementation vulnerabilities even if there is no patch or patches can't be installed. I also show the importance of doing Network Security Monitoring to help detect and respond to anomalies in ICS/SCADA networks.
Presented at ISACA's EuroCACS 2015 (Copenhaguen).
Understand the impact of Industrial Control Systems (ICS) on the security ecosystem.
Expand the knowledge on SCADA systems and how cyberattacks can have physical consequences, bridging the cyber and physical worlds.
Is your ICS breached? Are you sure? How do you know?
The current state of security in Industrial Control Systems is a widely publicized issue, but fixes to ICS security issues are long cycle, with some systems and devices that will unfortunately never have patches available. In this environment, visibility into security threats to ICS is critical, and almost all of ICS monitoring has been focused on compliance, rather than looking for indicators/evidence of compromise. The non-intrusive nature of Network Security Monitoring (NSM) is a perfect fit for ICS. This presentation will show how NSM should be part of ICS defense and response strategy, various options for implementing NSM, and some of the capabilities that NSM can bring to an ICS security program. Free tools such as Security Onion, Snort IDS, Bro IDS, NetworkMiner, and Wireshark will be used to look at the ICS environment for anomalies. It will be helpful if attendees have read these books (but they aren't required): The Cuckoo's Egg by Cliff Stoll, The Practice of Network Security Monitoring by Richard Bejtlich, and Applied Network Security Monitoring by Chris Sanders and Jason Smith.
This presentation was given at BSides Las Vegas 2015.
The modern times that we live in, the gentle shift that we are making towards the Internet of Things (IoT) is slowly but surely getting a grip on our day to day lives. The same goes for securing our Industrial Control Systems (ICS). We see that the demand for ICS security is raising and governmental regulations are being established and implement. However, this also means that the need for ICS security professionals is raising as well. More and more security professionals/firms are starting to perform security assessments such as penetration testing on an ICS level. Two years ago I got the question if I was up for the challenge, converting myself from a ‘normal’ security professional to a ICS specific security professional.
The purpose of this talk would be to provide a starting point for security professionals that want to make the shift towards ICS Security, just like I did two years ago. While the term starting point might be a bit misleading, the goal would be to provide an ICS 001 talk instead in contrast to an ICS 101 talk.
Lessons Learned for a Behavior-Based IDS in the Energy SectorEnergySec
This presentation will review lessons learned from a deployment of behavior-based intrusion detection system (IDS) on a SCADA network that was part of a large-scale energy management system. The IDS architecture, sensor features, and sensor placement within the target SCADA environment proved to be key for successful detection of malicious activity. Challenges included simultaneous monitoring of multiple SCADA protocols (DNP3 and ICCP) across multiple network segments; monitoring of both encrypted and unencrypted network traffic; adapting to slow environment changes to minimize false positive output; and integration of the behavior-based IDS output into an existing monitoring system/SIEM
Keynote: Elastic Observability evolution and visionElasticsearch
Elastic Observability is helping organisations drive their mean time to resolution toward zero with end-to-end visibility in a single platform. Hear about the latest features and capabilities at all layers — from ingest to insight — and get a glimpse into the future straight from the product leaders who are building it.
This one-day workshop combines the Hack Warz ethical hacking competition with the Risk Management Framework six-step Security Life Cycle to demonstrate how to think like a hacker when designing a systems hardening plan.
SECQME Watch Over Me Deck 204, We are raising USD 150,000 at USD 1.5 million valuation. We like to be the "Waze" of the Personal Safety, (Which Sold to Google for USD933M) , Waze tells you where the traffic jams are so user could avoid traffic, Watch Over Me auto alert you when you enter high crime streets so you can avoid high-crime area
Mobile apps are the entry point to your web applications, APIs and web services. But sometimes the developer implements security in the mobile app that can easily be bypassed by a malicious attacker, allowing the attacker to exploit your web applications and steal confidential information. In this presentation I will show you how easy it is to attack a mobile application, intercept the communication and exploit the trust model of mobile apps. I will also give an overview of the OWASP Top 10 Mobile Risks.
Basic Android OS security mechanism,
Basic malware definition
Attacking Android platform with
Malware, Remote access, File is stealing and Social Engeering attack is methods have been done discussing in the class.
Attacking the Android:
Installing Kali Linux on android to perform attacks
Installing Dsploit for running attack with android (MITM, XSS, traffic sniffing…. Etc.)
Speaker:Santhosh Kumar
Event:Defcon Kerala
Date:8/03/2014
Android-Forensic and Security Analysis.
Android one of the leading Mobile Operating System which is managed by Google released back in 2008 now stands with a 4.4.x version Android KitKat.The Study Shows that increasing Crime Rates are switching from Computer Centered to PDA Based.Crime against Women,Children And Abuse.As the Digital Forensics and Law Enforcement Agencies find new Hard Challenges Cracking Down different Situation in the Android Environment.Google Play Store which has over 1 Million Application Active has also added to the Pain.
The Talk Focus on various Methods,the Various Situation where the forensics is useful.
The Methods are classified as Logical and physical which involves from breaking the passcodes to exploring virtual NAND memory.
The talk also focus on various places where is information is available to the forensic point of view.
Affected by Mobile Cyber Attack? Tortured by a Android Smartphone ? Relax there is a solution to each and everything.
The Talk also focus on using both Windows And linux as the Forensic Investigation Environment.
Android Which has the linux kernel at Heart can be best paradise when it comes to Forensic Data.
Various Tools on way this can be done in faster way.
Forensic always useful whether you are from a corporate environment or even from the massive Law enforcement Agencies.
In this session, David Ting, VP of Engineering at DataVisor, explores the latency challenges associated with a global client base and what can be learned when implementing a performance-improving solution.
Learn what makes SCADAguardian (the Nozomi Networks flagship technology) so unique and powerful. From enterprise IT, to OT, we enable scalable security strategies for ICS.
The numbers are shocking: 69% of enterprise security executives report having experienced insider threats over one year. At the same time, 62% of business users report having access to data they should not see. Making matters worse? 43% of business say it takes at least a month (if not longer) to detect employees viewing files and emails they’re not authorized to access.*
With its comprehensive suite of flexible, simple, efficient solutions, Cisco Security offers a seamless approach designed to ease the burden on your IT team while strengthening your security posture. That includes Cisco Stealthwatch, a network visibility and security analytics system. Using NetFlow, Stealthwatch helps you use your network as a security sensor and enforcer to detect and remediate attacks, ultimately improving your threat defense—including time to detection and response.
Today, nearly a third of organizations lack the ability to prevent or deter insider threats.* Don’t let your agency be one of them.
The Actifile Platform From Data discovery to data encryption in 1 click .pdfGuy Bavly
The Actifile Platform
From Data Discovery to Data Encryption in 1-Click
A state-of-the-art data security platform that offers complete protection and control of organizations' data.
SLIDE 2
The Actifile Difference
Up and running in as little as 48 hours
Analyzes risk and puts $ value on data
Set and forget – little to no maintenance
Encrypts all endpoints
Makes data unreadable to outside actors
SLIDE 3
Key Principles
Perimeterless World
Remediate Data Risk
Preemptive vs. Reactive
SLIDE 4
Perimeterless World
Organizations have transitioned from security perimeter to endless endpoints
Reliance on the cloud
Work from home
Zero trust architecture
Actifile’s answer:
Cross-platform discovery functionality
Data flow monitoring capabilities
SLIDE 5
Remediate Data Risk
Actifile provides detailed breakdown of risk and leverages data risk for
Data flow monitoring
Auditing
Remediation
SLIDE 6
Preemptive vs Reactive
DLPs try to prevent the exfiltration of the file, but are ineffective because:
Can’t stop external threats like ransomware
Require extensive rule setting and ongoing maintenance
Actifile’s solutions:
Preempt the threats
Automatic Encryption
SLIDE 7
How Does Actifile Work?
Step 1: Data Risk Discovery and Quantification
Step 2: Data Risk Monitoring and Auditing
Step 3: Data Risk Remediation by Encryption
SLIDE 8
Step 1: Data Risk Recovery and Quantification
Based on predefined privacy regulation and PII definitions, Actifile immediately starts scans for sensitive data, using smart patterns. Actifile then quantifies data risk per PII type in local currencies (. i.e., US dollars)
SLIDE 9
Step 2: Data Risk Monitoring and Auditing
Tracking and audits data risk in real-time, by continually monitoring incoming and outgoing sensitive data flows from and to the perimeter-less organization.
SLIDE 10
Step 3: Data Risk Remediation by Encryption
Our patented transparent encryption process automatically secures sensitive data across all endpoints, cloud apps, 3rd party portals, and shadow IT in as little as 72 hours by preemptively encrypting sensitive private data in files, while also transitioning the data to safe harbor, per all privacy regulations requirements.
SLIDE 11
Actifile cloud and endpoint based data security
SLIDE 12
What can Actifile do for you?
Sensitive File Discovery
Data Risk Quantification
Real-Time Data Flow Monitoring
Full Audit and Indelible Log
3rd Party Integration and Reporting
Risk Remediation by Encryption
SLIDE 13
Actifile vs Legacy DLPs
Simple to use
Low maintenance cost
Preemptive encryption
Business-oriented
Transparent decryption
Patented delayed encryption
Unique monitoring
Despite billions spent on enterprise cyber security, breaches from advanced attacks, costing millions, are occurring on a daily basis.
Our Solution: Complete Near Real-time Network Security Visibility and Awareness: If security analysts could see everything occurring on their network in real-time, breaches would occur but there would never be catastrophic damage – breach reaction would be almost instantaneous. Novetta Cyber Analytics is a linchpin enterprise security solution that enables security analysts, for the first time, to see a complete, near real-time, uncorrupted picture of their entire network. Security analysts then ask and receive answers to subtle questions – at the speed of thought – to enable detection, triage and response to breaches as they occur.
The Benefits: Increase events-responded-to an estimated 30X over.
Substantially reduce or eliminate damage from breaches.
Create a dramatically more effective and efficient security team.
Maximize current security infrastructure investment.
Be far more confident that your network is actually secure.
OUR DIFFERENTIATORS:
Understands the truth of what is happening on your network.
Detects advanced attacks that have breached perimeter defenses.
Develops a complete, near real-time understanding of suspicious behaviour.
Develops a battleground understanding of your entire security situation.
Augments current security solutions.
Proven speed, scale and effectiveness on the largest, most attacked networks on earth.
Accelerating Cloud Services and How to Match your Workload to the Right Intel...Amazon Web Services
This presentation will take you through the underlying Intel technologies available in AWS EC2 Instances, what benefits these technologies can provide and how to use these technologies to maximise your use case workloads AWS EC2 Instances provide a wide selection of instance types, optimised to fit a broad and diverse set of use cases, all supported by the latest Intel Xeon processors and technologies providing you with confidence to choose an AWS EC2 instance type that best meet your performance needs for compute intensive, memory intensive, or IOPS intensive applications.
So, if you are interested in how to maximise your existing code optimisations and investments or thinking about migrating workloads to AWS come to this session.
Speaker: Peter Kerney, Lead Enterprise Architect, Cloud, SDI and NFV, Intel
Overall Security Process Review CISC 6621Agend.docxkarlhennesey
Overall Security Process Review
CISC 662
1
Agenda
Review of the following technologies and current products:
SIEM
CASB
EDR (Enterprise Detection and Response)
NGFW (Next Generation Firewalls)
Threat Intelligence
Summary of Term
SANS Technology Institute - Candidate for Master of Science Degree
What is a SIEM?
SIEM - Security Information Event Management
Logging and Event Aggregation
Network (router,switch,firewall,etc)
System (Server,workstation,etc)
Application (Web, DB )
Correlation Engine
2+ related events = higher alarm (1+1=3)
3
At first glance SIEM's appliances and software look like an event aggregator. While a SIEM has the advantage of aggregating logs what puts them apart from the event aggregator market are the correlation engines.
The correlation engines allow the ability to uncover threats/attacks across multiple related events which by themselves would not be a cause for alarm.
SIEM
4
What is a SIEM?
5
Security information and event management (SIEM) is the technology that can tie all your systems together and give you a comprehensive view of IT security.
IT security is typically a patchwork of technologies – firewalls, intrusion prevention, endpoint protection, threat intelligence and the like – that work together to protect an organization’s network and data from hackers and other threats. Tying all those disparate systems together is another challenge, however, and that’s where SIEM can help.
SIEM systems manage and make sense of security logs from all kinds of devices and carry out a range of functions, including spotting threats, preventing breaches before they occur, detecting breaches, and providing forensic information to determine how a security incident occurred as well as its possible impact.
Using SIEM
How do SIEM Products help the following Security concerns?
Countermeasures to detect attempts to infect internal system
Identification of infected systems trying to exfiltrate information
Mitigation of the impact of infected systems
Detection of outbound sensitive information ( DLP)
6
These questions are a core part of a companies overall security architecture. If a SIEM isn't providing answers or solutions to these questions what is it doing?
If you aren't using your SIEM to solve issues like these it may just be an expensive log aggregator/collection system sitting in your network collecting dust.
SIEM Advantages
Correlation of data from multiple systems and from different events detecting security and operational conditions
Anomaly detection by using a baseline of events over time to find deviations from expected or normal behavior
Comprehensive view into an environment based on event types, protocols, log sources, etc
APT (advanced persistent threat) protection through detection of protocol and application anomalies
Prioritization based on risk of threat to assets, staff can triage the most vulnerable targets
Alerting and monitoring on events of interest to escalate pri ...
Presented at the Fifth International Network Conference (INC 2005), Samos Island, Greece, 6 July 2005
Abstract: Distributed Hash Tables (DHTs) have been used in Peer-to-Peer networks to provide key lookups in typically O(log n) hops whilst requiring maintenance of only small amounts of routing state. We propose ROME, a layer to be run on top of one such DHT to provide control over nodes joining the network. We show this can reduce further the hop counts in networks where available node capacity far exceeds workload, without the need to modify any processes of the underlying DHT protocol.
PDPTA 05 Poster: ROME: Optimising Lookup and Load-Balancing in DHT-Based P2P ...James Salter
Distributed Hash Tables (DHTs) have been used in Peer-to-Peer networks to provide key lookups in typically O(log n) hops whilst requiring maintenance of only small amounts of routing state. We extend ROME, a layer which runs on top of the Chord DHT to provide control over network size through monitoring of node workload and propose the use of processes to reorganise nodes and add or remove them from a pool of available machines. We show this can reduce further the hop counts in networks where available node capacity exceeds workload, without the need to modify any processes of the underlying Chord protocol.
FCS 05: A Multi-Ring Method for Efficient Multi-Dimensional Data Lookup in P2...James Salter
Presented at The 2005 International Conference on Foundations of Computer Science (FCS'05), Monte Carlo Resort, Las Vegas, Nevada, USA, 28 June 2005
Abstract: We describe a multi-ring approach to building multi-tiered P2P networks for efficient lookup of multi-dimensional data, utilising an alternative strategy for building the network overlay designed to reduce the hops required to route lookups and improve fault tolerance by allowing for the selection of high quality nodes with which to build subrings. We provide a case study showing how the method could be used to support 2-dimensional data in the form of keyword-value queries. Our calculations indicate that the presented method yields improvements in the average query hop count while reducing the amount of state stored on each node. The use of Preference Lists can further reduce the average hop count through bypassing previously traversed segments of the structure.
INC 2004: An Efficient Mechanism for Adaptive Resource Discovery in GridsJames Salter
Presented at the Fourth International Network Conference (INC 2004), Plymouth, UK, 6 July 2004. [Winner of Best Paper Award]
Abstract: Computational Grids are designed to bring together collections of resources distributed among diverse physical locations, allowing an individual to exploit a huge amount of computing power, specialist instruments and vast databases. It is essential that an effective method of resource discovery is available for users and software agents to find the resources they require. We present an initial model for resource discovery in Grid environments, designed to remove the need for broadcast of updates and queries across the network. We compare our system with several others in terms of the number of messages needed to query for resources and the ability to guarantee to find matching resources if they exist anywhere in the network.
Opendatabay - Open Data Marketplace.pptxOpendatabay
Opendatabay.com unlocks the power of data for everyone. Open Data Marketplace fosters a collaborative hub for data enthusiasts to explore, share, and contribute to a vast collection of datasets.
First ever open hub for data enthusiasts to collaborate and innovate. A platform to explore, share, and contribute to a vast collection of datasets. Through robust quality control and innovative technologies like blockchain verification, opendatabay ensures the authenticity and reliability of datasets, empowering users to make data-driven decisions with confidence. Leverage cutting-edge AI technologies to enhance the data exploration, analysis, and discovery experience.
From intelligent search and recommendations to automated data productisation and quotation, Opendatabay AI-driven features streamline the data workflow. Finding the data you need shouldn't be a complex. Opendatabay simplifies the data acquisition process with an intuitive interface and robust search tools. Effortlessly explore, discover, and access the data you need, allowing you to focus on extracting valuable insights. Opendatabay breaks new ground with a dedicated, AI-generated, synthetic datasets.
Leverage these privacy-preserving datasets for training and testing AI models without compromising sensitive information. Opendatabay prioritizes transparency by providing detailed metadata, provenance information, and usage guidelines for each dataset, ensuring users have a comprehensive understanding of the data they're working with. By leveraging a powerful combination of distributed ledger technology and rigorous third-party audits Opendatabay ensures the authenticity and reliability of every dataset. Security is at the core of Opendatabay. Marketplace implements stringent security measures, including encryption, access controls, and regular vulnerability assessments, to safeguard your data and protect your privacy.
Levelwise PageRank with Loop-Based Dead End Handling Strategy : SHORT REPORT ...Subhajit Sahu
Abstract — Levelwise PageRank is an alternative method of PageRank computation which decomposes the input graph into a directed acyclic block-graph of strongly connected components, and processes them in topological order, one level at a time. This enables calculation for ranks in a distributed fashion without per-iteration communication, unlike the standard method where all vertices are processed in each iteration. It however comes with a precondition of the absence of dead ends in the input graph. Here, the native non-distributed performance of Levelwise PageRank was compared against Monolithic PageRank on a CPU as well as a GPU. To ensure a fair comparison, Monolithic PageRank was also performed on a graph where vertices were split by components. Results indicate that Levelwise PageRank is about as fast as Monolithic PageRank on the CPU, but quite a bit slower on the GPU. Slowdown on the GPU is likely caused by a large submission of small workloads, and expected to be non-issue when the computation is performed on massive graphs.
Techniques to optimize the pagerank algorithm usually fall in two categories. One is to try reducing the work per iteration, and the other is to try reducing the number of iterations. These goals are often at odds with one another. Skipping computation on vertices which have already converged has the potential to save iteration time. Skipping in-identical vertices, with the same in-links, helps reduce duplicate computations and thus could help reduce iteration time. Road networks often have chains which can be short-circuited before pagerank computation to improve performance. Final ranks of chain nodes can be easily calculated. This could reduce both the iteration time, and the number of iterations. If a graph has no dangling nodes, pagerank of each strongly connected component can be computed in topological order. This could help reduce the iteration time, no. of iterations, and also enable multi-iteration concurrency in pagerank computation. The combination of all of the above methods is the STICD algorithm. [sticd] For dynamic graphs, unchanged components whose ranks are unaffected can be skipped altogether.
StarCompliance is a leading firm specializing in the recovery of stolen cryptocurrency. Our comprehensive services are designed to assist individuals and organizations in navigating the complex process of fraud reporting, investigation, and fund recovery. We combine cutting-edge technology with expert legal support to provide a robust solution for victims of crypto theft.
Our Services Include:
Reporting to Tracking Authorities:
We immediately notify all relevant centralized exchanges (CEX), decentralized exchanges (DEX), and wallet providers about the stolen cryptocurrency. This ensures that the stolen assets are flagged as scam transactions, making it impossible for the thief to use them.
Assistance with Filing Police Reports:
We guide you through the process of filing a valid police report. Our support team provides detailed instructions on which police department to contact and helps you complete the necessary paperwork within the critical 72-hour window.
Launching the Refund Process:
Our team of experienced lawyers can initiate lawsuits on your behalf and represent you in various jurisdictions around the world. They work diligently to recover your stolen funds and ensure that justice is served.
At StarCompliance, we understand the urgency and stress involved in dealing with cryptocurrency theft. Our dedicated team works quickly and efficiently to provide you with the support and expertise needed to recover your assets. Trust us to be your partner in navigating the complexities of the crypto world and safeguarding your investments.
1. Big data … for security
James Salter
Hewlett Packard Labs
December 3, 2015
2. This is what we are dealing with...
2
6
Next generation
data centres
300K+
Employees and
contractors
A massive IT
operation
41K+
servers
440K+
PCs deployed
15K+
switches
1,500+
enterprise
routers
140+
Windows Domain
Controllers
Infrastructure
11.5M+
Internet mails per
day sent/received
150K+
mobile devices39M
IP Addresses
1.2M
devices
450K
mailboxes
managed
Connectivity
2.5B
security events
logged per day
2K+
managed firewalls
970K+
devices scanned for
vulnerabilities
450K
end points
protected with
anti-virus
Security
3. Security events data
HPE IT operates ArcSight
internally
Deployment 25% larger than
any other non-governmental
installation by volume
1
10
100
1000
10000
100000
1000000
1 2 3 4 5 6
Eventspersecond(logarithmicscale)
DNS traffic per HPE data
centre:
– 120,000 events/second
– ~64B events/day globally
Routers VPN AntiVirus Active Directory Web Proxy DNS
5. Collection is just part of the story
Analytics is where the power comes from
5
Correlation
Machine learning
Graph analytics
Anomaly detection
Advanced persistent threats
Data exfiltration
User behaviour analysis/insider threat
Endpoint visibility
6. Abuse case
Botnet command and control
Bot DNS server
akaajkajkajd.cn?
xisyudnwuxu.ru?
dfknwerpbnp.biz?
mneyqslgyb.info?
cspcicicipisjjew.hu?
C2 Server
(mneyqslgyb.info)
Attacker can’t maintain C2 server
at IP address for very long.
So it registers a random domain
name temporarily.
Bot tries a bunch of random
names until it finds one that
resolves.
7. AssetAsset
Abuse case
DNS tunneling (via subdomains)
Bot DNS server (Compromised) DNS
server
(example.com)
93cc3daf.example.com4fac3215.example.coma86f4221.example.comddee9152.example.com8bd5ff12.example.comd4bb92a1.example.comef409132.example.com1bfa3207.example.com298c5b3a.example.com
8. Solution architecture: Overview
8
DNS server(s)
DNS packet
capture
Whitelist
network
tap
DNS queries
and responses
Blacklist
Event logging Correlation and
alerting
Real-time processing
Near-time, historical analysis
DNS events:
queries and replies
9. In use at HPE
Hewlett Packard Enterprise
Cyber Defense Center, Palo Alto
9
10. From Labs … to HPE … to Customers
10
Screenshot from HPE DNS Malware Analytics
– HPE DNS Malware
Analytics
– Cloud-based managed
or self-service analytics
with on-premises
capture modules
11. The next challenges
11
? days ?
5 minutes
24 hours
Increase the correlation
time window
Data exfiltration “hidden in
the noise”
Exfil
time