SlideShare a Scribd company logo

SCIT - Vision Series

E
Eric Jacobs
1 of 5
Download to read offline
Self-Cleaning Intrusion Tolerance (SCIT)Self-Cleaning Intrusion Tolerance (SCIT) MSAG msag.net 703.538-0807 Copyright © 2014, Micro Systems Consultants, Inc. Permission to duplicate and distribute this document is granted provided the document is duplicated and distributed in its entirety, three pages. November 2014 Author: Eric Jacobs, Director ejacobs@msag.net MSAG Vision Series TM AIRCRAFT AEROSPACE
Self-Cleansing Intrusion Tolerance (SCIT) Copyright © 2014, Micro Systems Consultants, Inc. Permission to duplicate and distribute this document is granted provided the document is duplicated and distributed in its entirety, three pages. 1 Intrusions are Inevitable The figure at right is an excerpt from Verizon’s 2014 Data Breach Investigations Report (http://www.verizonenterprise.com/DBIR/2014/). The data clearly shows the significant amount of time that typically exists between the Compromise of a system, of which more than half the time takes place in a matter of minutes, and the time it takes to Discover the Compromise, which more than half the time takes months. In more than 90% of these instances, Exfiltration has occurred before the Compromise was Discovered. Cyber security strategies built on Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS) cannot prevent all intrusions. Self- Cleaning Intrusion Tolerance (SCIT) is an award- winning patented technology that delivers a proactive approach to cyber attack deterrence. The SCIT approach applies to virtual and physical server environments. It exploits virtualization to automatically restore the operating system and applications to a pristine state and achieves ultra- low intrusion persistence time – minutes as opposed to days, weeks, or months, for conventional systems. SCIT servers subvert attacks by robbing intruders of the time and persistent access needed to launch and sustain attacks. The SCIT Process SCIT-enabled servers have a six-state cycle, as illustrated below – Startup to Online Spare to Production/Exposed to Quiescent (which drains the transaction queue) to Forensics and, finally to Stop, when the server is stopped and destroyed. SCIT-enabled servers reduce operational costs and the probability of violating Service Level Agreements and Objectives (SLA/SLO) by increasing the protection of the datasets and operational resilience.
Self-Cleansing Intrusion Tolerance (SCIT) Copyright © 2014, Micro Systems Consultants, Inc. Permission to duplicate and distribute this document is granted provided the document is duplicated and distributed in its entirety, three pages. 2 SCIT software and appliance-based solutions can be installed rapidly and seamlessly integrated with existing FISMA-compliant architecture. There is no requirement to alter existing security implementations or protocols, and SCIT cycle times can be adapted based on information from existing security tools. SCIT does not require changes to application code. Benefits of a Proactive Approach SCIT proactively deters cyber attacks by reducing the window of opportunity for adversaries to mount and execute cyber attacks. SCIT-enabled web servers become state-of-the-art agile defense systems that features: • Responses to newly discovered vulnerabilities. Threat vectors can often be better managed at a more sane pace with less urgency and chance of collateral adverse effects. • Ultra Low Intrusion Persistence Time, configurable from hours to as low as one minute. • Automatic restore to a pristine state at regular intervals without manual intervention. • Automatic recovery from software deletion attacks. • Increased visibility of the repeated attempts of intruders to access your environment. Production / Exposed Start Online Spare Quiescent Forensics Stop SCIT APPROACH Pristine servers rotated into production at appropriate time intervals. Capture for offline Forensic Analysis
Self-Cleansing Intrusion Tolerance (SCIT) Copyright © 2014, Micro Systems Consultants, Inc. Permission to duplicate and distribute this document is granted provided the document is duplicated and distributed in its entirety, three pages. 3 • Lower Total Cost of Ownership (TCO) by reducing false positive alerts and associated investigation and recovery costs. • Reduction of memory leaks through SCIT’s continuous clean processes. • Increased operational resilience, faster recovery time, and better update management. Additional benefits realized after introducing SCIT-enabled servers includes: • Reduction in data exfiltration losses. • Support for forensic and cyber intelligence activities. • Quick and easy application of hot patches and recovery from bad patches. • Support for disaster recovery/Continuity of Operations (COOP) architectures. SCIT Compared to Traditional Approaches Existing host integrity tools such as firewalls, IPS, and IDS are reactive and help with understood and known threats. These tools provide limited, if any, protection against zero-day threats. SCIT is proactive, threat independent, and contains zero-day threat losses. Conclusion This paper highlights a cost-effective approach to the implementation of proactive measures to protect an organization’s infrastructure and assets. SCIT can quickly be operational with little impact on an organization’s technical staff and existing processes.
MSAG 2785 Hartland Road Falls Church, VA 22043 msag.net 703.538.0807

Recommended

Ece seminar 20070927
Ece seminar 20070927Ece seminar 20070927
Ece seminar 20070927Todd Deshane
 
Ece seminar 20070927
Ece seminar 20070927Ece seminar 20070927
Ece seminar 20070927Todd Deshane
 
Creating Correlation Rules in AlienVault
Creating Correlation Rules in AlienVaultCreating Correlation Rules in AlienVault
Creating Correlation Rules in AlienVaultAlienVault
 
Avoid Meltdown from the Spectre - How to measure impact and track remediation
Avoid Meltdown from the Spectre - How to measure impact and track remediationAvoid Meltdown from the Spectre - How to measure impact and track remediation
Avoid Meltdown from the Spectre - How to measure impact and track remediationQualys
 
Measure Network Performance, Security and Stability
Measure Network Performance, Security and StabilityMeasure Network Performance, Security and Stability
Measure Network Performance, Security and StabilityIxia
 
Configuring Data Sources in AlienVault
Configuring Data Sources in AlienVaultConfiguring Data Sources in AlienVault
Configuring Data Sources in AlienVaultAlienVault
 
Defending Industrial Control Systems From Cyberattack
Defending Industrial Control Systems From CyberattackDefending Industrial Control Systems From Cyberattack
Defending Industrial Control Systems From CyberattackMountain States Engineering and Controls
 
OSSIM User Training: Detect and Respond to Threats More Quickly with OSSIM v4.5
OSSIM User Training: Detect and Respond to Threats More Quickly with OSSIM v4.5OSSIM User Training: Detect and Respond to Threats More Quickly with OSSIM v4.5
OSSIM User Training: Detect and Respond to Threats More Quickly with OSSIM v4.5AlienVault
 

Recommended

Ece seminar 20070927
Ece seminar 20070927Ece seminar 20070927
Ece seminar 20070927Todd Deshane
 
Ece seminar 20070927
Ece seminar 20070927Ece seminar 20070927
Ece seminar 20070927Todd Deshane
 
Creating Correlation Rules in AlienVault
Creating Correlation Rules in AlienVaultCreating Correlation Rules in AlienVault
Creating Correlation Rules in AlienVaultAlienVault
 
Avoid Meltdown from the Spectre - How to measure impact and track remediation
Avoid Meltdown from the Spectre - How to measure impact and track remediationAvoid Meltdown from the Spectre - How to measure impact and track remediation
Avoid Meltdown from the Spectre - How to measure impact and track remediationQualys
 
Measure Network Performance, Security and Stability
Measure Network Performance, Security and StabilityMeasure Network Performance, Security and Stability
Measure Network Performance, Security and StabilityIxia
 
Configuring Data Sources in AlienVault
Configuring Data Sources in AlienVaultConfiguring Data Sources in AlienVault
Configuring Data Sources in AlienVaultAlienVault
 
Defending Industrial Control Systems From Cyberattack
Defending Industrial Control Systems From CyberattackDefending Industrial Control Systems From Cyberattack
Defending Industrial Control Systems From CyberattackMountain States Engineering and Controls
 
OSSIM User Training: Detect and Respond to Threats More Quickly with OSSIM v4.5
OSSIM User Training: Detect and Respond to Threats More Quickly with OSSIM v4.5OSSIM User Training: Detect and Respond to Threats More Quickly with OSSIM v4.5
OSSIM User Training: Detect and Respond to Threats More Quickly with OSSIM v4.5AlienVault
 
Sourcefire Webinar - NEW GENERATION IPS
Sourcefire Webinar - NEW GENERATION IPSSourcefire Webinar - NEW GENERATION IPS
Sourcefire Webinar - NEW GENERATION IPSmmiznoni
 
CentOS Implementation - Who Will Support you?
CentOS Implementation - Who Will Support you?CentOS Implementation - Who Will Support you?
CentOS Implementation - Who Will Support you?Sébastien Grimonet
 
IDS for Security Analysts: How to Get Actionable Insights from your IDS
IDS for Security Analysts: How to Get Actionable Insights from your IDSIDS for Security Analysts: How to Get Actionable Insights from your IDS
IDS for Security Analysts: How to Get Actionable Insights from your IDSAlienVault
 
SourceFire IPS Overview
SourceFire IPS OverviewSourceFire IPS Overview
SourceFire IPS OverviewGuardEra Access Solutions, Inc.
 
Six Steps to SIEM Success
Six Steps to SIEM SuccessSix Steps to SIEM Success
Six Steps to SIEM SuccessAlienVault
 
IPS Best Practices
IPS Best PracticesIPS Best Practices
IPS Best PracticesHeather Axworthy
 
Intelligence-based computer network defence: Understanding the cyber kill cha...
Intelligence-based computer network defence: Understanding the cyber kill cha...Intelligence-based computer network defence: Understanding the cyber kill cha...
Intelligence-based computer network defence: Understanding the cyber kill cha...Huntsman Security
 
Best Practices for Configuring Your OSSIM Installation
Best Practices for Configuring Your OSSIM InstallationBest Practices for Configuring Your OSSIM Installation
Best Practices for Configuring Your OSSIM InstallationAlienVault
 
OSSIM Overview
OSSIM OverviewOSSIM Overview
OSSIM Overviewn|u - The Open Security Community
 
Dressing up the ICS Kill Chain
Dressing up the ICS Kill ChainDressing up the ICS Kill Chain
Dressing up the ICS Kill ChainDragos, Inc.
 
Malware detection how to spot infections early with alien vault usm
Malware detection how to spot infections early with alien vault usmMalware detection how to spot infections early with alien vault usm
Malware detection how to spot infections early with alien vault usmAlienVault
 
SIEM 101: Get a Clue About IT Security Analysis
SIEM 101: Get a Clue About IT Security Analysis SIEM 101: Get a Clue About IT Security Analysis
SIEM 101: Get a Clue About IT Security Analysis AlienVault
 
Alien vault _policymanagement
Alien vault _policymanagementAlien vault _policymanagement
Alien vault _policymanagementMarjo'isme Yoyok
 
Cerdant Security State of the Union
Cerdant Security State of the UnionCerdant Security State of the Union
Cerdant Security State of the UnionDavid Perkins
 
SonicWALL Advanced Features
SonicWALL Advanced FeaturesSonicWALL Advanced Features
SonicWALL Advanced FeaturesDavid Perkins
 
Denial of Service Attack Defense Techniques
Denial of Service Attack Defense TechniquesDenial of Service Attack Defense Techniques
Denial of Service Attack Defense TechniquesIRJET Journal
 
Ch08 Microsoft Operating System Vulnerabilities
Ch08 Microsoft Operating System VulnerabilitiesCh08 Microsoft Operating System Vulnerabilities
Ch08 Microsoft Operating System Vulnerabilitiesphanleson
 
the_role_of_resilience_data_in_ensuring_cloud_security.pdf
the_role_of_resilience_data_in_ensuring_cloud_security.pdfthe_role_of_resilience_data_in_ensuring_cloud_security.pdf
the_role_of_resilience_data_in_ensuring_cloud_security.pdfsarah david
 
the_role_of_resilience_data_in_ensuring_cloud_security.pptx
the_role_of_resilience_data_in_ensuring_cloud_security.pptxthe_role_of_resilience_data_in_ensuring_cloud_security.pptx
the_role_of_resilience_data_in_ensuring_cloud_security.pptxsarah david
 
CISA GOV - Seven Steps to Effectively Defend ICS
CISA GOV - Seven Steps to Effectively Defend ICSCISA GOV - Seven Steps to Effectively Defend ICS
CISA GOV - Seven Steps to Effectively Defend ICSMuhammad FAHAD
 
Defending industrial control systems from cyber attack
Defending industrial control systems from cyber attackDefending industrial control systems from cyber attack
Defending industrial control systems from cyber attackAnalynk Wireless, LLC
 
NCCIC - Seven Steps for Achieving Cybersecurity for Industrial Control Systems
NCCIC - Seven Steps for Achieving Cybersecurity for Industrial Control SystemsNCCIC - Seven Steps for Achieving Cybersecurity for Industrial Control Systems
NCCIC - Seven Steps for Achieving Cybersecurity for Industrial Control SystemsMiller Energy, Inc.
 

More Related Content

What's hot

Sourcefire Webinar - NEW GENERATION IPS
Sourcefire Webinar - NEW GENERATION IPSSourcefire Webinar - NEW GENERATION IPS
Sourcefire Webinar - NEW GENERATION IPSmmiznoni
 
CentOS Implementation - Who Will Support you?
CentOS Implementation - Who Will Support you?CentOS Implementation - Who Will Support you?
CentOS Implementation - Who Will Support you?Sébastien Grimonet
 
IDS for Security Analysts: How to Get Actionable Insights from your IDS
IDS for Security Analysts: How to Get Actionable Insights from your IDSIDS for Security Analysts: How to Get Actionable Insights from your IDS
IDS for Security Analysts: How to Get Actionable Insights from your IDSAlienVault
 
Six Steps to SIEM Success
Six Steps to SIEM SuccessSix Steps to SIEM Success
Six Steps to SIEM SuccessAlienVault
 
Intelligence-based computer network defence: Understanding the cyber kill cha...
Intelligence-based computer network defence: Understanding the cyber kill cha...Intelligence-based computer network defence: Understanding the cyber kill cha...
Intelligence-based computer network defence: Understanding the cyber kill cha...Huntsman Security
 
Best Practices for Configuring Your OSSIM Installation
Best Practices for Configuring Your OSSIM InstallationBest Practices for Configuring Your OSSIM Installation
Best Practices for Configuring Your OSSIM InstallationAlienVault
 
Dressing up the ICS Kill Chain
Dressing up the ICS Kill ChainDressing up the ICS Kill Chain
Dressing up the ICS Kill ChainDragos, Inc.
 
Malware detection how to spot infections early with alien vault usm
Malware detection how to spot infections early with alien vault usmMalware detection how to spot infections early with alien vault usm
Malware detection how to spot infections early with alien vault usmAlienVault
 
SIEM 101: Get a Clue About IT Security Analysis
SIEM 101: Get a Clue About IT Security Analysis SIEM 101: Get a Clue About IT Security Analysis
SIEM 101: Get a Clue About IT Security Analysis AlienVault
 
Alien vault _policymanagement
Alien vault _policymanagementAlien vault _policymanagement
Alien vault _policymanagementMarjo'isme Yoyok
 
Cerdant Security State of the Union
Cerdant Security State of the UnionCerdant Security State of the Union
Cerdant Security State of the UnionDavid Perkins
 
SonicWALL Advanced Features
SonicWALL Advanced FeaturesSonicWALL Advanced Features
SonicWALL Advanced FeaturesDavid Perkins
 
Denial of Service Attack Defense Techniques
Denial of Service Attack Defense TechniquesDenial of Service Attack Defense Techniques
Denial of Service Attack Defense TechniquesIRJET Journal
 
Ch08 Microsoft Operating System Vulnerabilities
Ch08 Microsoft Operating System VulnerabilitiesCh08 Microsoft Operating System Vulnerabilities
Ch08 Microsoft Operating System Vulnerabilitiesphanleson
 

What's hot (17)

Sourcefire Webinar - NEW GENERATION IPS
Sourcefire Webinar - NEW GENERATION IPSSourcefire Webinar - NEW GENERATION IPS
Sourcefire Webinar - NEW GENERATION IPS
 
CentOS Implementation - Who Will Support you?
CentOS Implementation - Who Will Support you?CentOS Implementation - Who Will Support you?
CentOS Implementation - Who Will Support you?
 
IDS for Security Analysts: How to Get Actionable Insights from your IDS
IDS for Security Analysts: How to Get Actionable Insights from your IDSIDS for Security Analysts: How to Get Actionable Insights from your IDS
IDS for Security Analysts: How to Get Actionable Insights from your IDS
 
SourceFire IPS Overview
SourceFire IPS OverviewSourceFire IPS Overview
SourceFire IPS Overview
 
Six Steps to SIEM Success
Six Steps to SIEM SuccessSix Steps to SIEM Success
Six Steps to SIEM Success
 
IPS Best Practices
IPS Best PracticesIPS Best Practices
IPS Best Practices
 
Intelligence-based computer network defence: Understanding the cyber kill cha...
Intelligence-based computer network defence: Understanding the cyber kill cha...Intelligence-based computer network defence: Understanding the cyber kill cha...
Intelligence-based computer network defence: Understanding the cyber kill cha...
 
Best Practices for Configuring Your OSSIM Installation
Best Practices for Configuring Your OSSIM InstallationBest Practices for Configuring Your OSSIM Installation
Best Practices for Configuring Your OSSIM Installation
 
OSSIM Overview
OSSIM OverviewOSSIM Overview
OSSIM Overview
 
Dressing up the ICS Kill Chain
Dressing up the ICS Kill ChainDressing up the ICS Kill Chain
Dressing up the ICS Kill Chain
 
Malware detection how to spot infections early with alien vault usm
Malware detection how to spot infections early with alien vault usmMalware detection how to spot infections early with alien vault usm
Malware detection how to spot infections early with alien vault usm
 
SIEM 101: Get a Clue About IT Security Analysis
SIEM 101: Get a Clue About IT Security Analysis SIEM 101: Get a Clue About IT Security Analysis
SIEM 101: Get a Clue About IT Security Analysis
 
Alien vault _policymanagement
Alien vault _policymanagementAlien vault _policymanagement
Alien vault _policymanagement
 
Cerdant Security State of the Union
Cerdant Security State of the UnionCerdant Security State of the Union
Cerdant Security State of the Union
 
SonicWALL Advanced Features
SonicWALL Advanced FeaturesSonicWALL Advanced Features
SonicWALL Advanced Features
 
Denial of Service Attack Defense Techniques
Denial of Service Attack Defense TechniquesDenial of Service Attack Defense Techniques
Denial of Service Attack Defense Techniques
 
Ch08 Microsoft Operating System Vulnerabilities
Ch08 Microsoft Operating System VulnerabilitiesCh08 Microsoft Operating System Vulnerabilities
Ch08 Microsoft Operating System Vulnerabilities
 

Similar to SCIT - Vision Series

the_role_of_resilience_data_in_ensuring_cloud_security.pdf
the_role_of_resilience_data_in_ensuring_cloud_security.pdfthe_role_of_resilience_data_in_ensuring_cloud_security.pdf
the_role_of_resilience_data_in_ensuring_cloud_security.pdfsarah david
 
the_role_of_resilience_data_in_ensuring_cloud_security.pptx
the_role_of_resilience_data_in_ensuring_cloud_security.pptxthe_role_of_resilience_data_in_ensuring_cloud_security.pptx
the_role_of_resilience_data_in_ensuring_cloud_security.pptxsarah david
 
CISA GOV - Seven Steps to Effectively Defend ICS
CISA GOV - Seven Steps to Effectively Defend ICSCISA GOV - Seven Steps to Effectively Defend ICS
CISA GOV - Seven Steps to Effectively Defend ICSMuhammad FAHAD
 
Defending industrial control systems from cyber attack
Defending industrial control systems from cyber attackDefending industrial control systems from cyber attack
Defending industrial control systems from cyber attackAnalynk Wireless, LLC
 
NCCIC - Seven Steps for Achieving Cybersecurity for Industrial Control Systems
NCCIC - Seven Steps for Achieving Cybersecurity for Industrial Control SystemsNCCIC - Seven Steps for Achieving Cybersecurity for Industrial Control Systems
NCCIC - Seven Steps for Achieving Cybersecurity for Industrial Control SystemsMiller Energy, Inc.
 
Defending Industrial Control Systems From Cyberattack
Defending Industrial Control Systems From CyberattackDefending Industrial Control Systems From Cyberattack
Defending Industrial Control Systems From CyberattackCTi Controltech
 
Seven recommendations for bolstering industrial control system cyber security
Seven recommendations for bolstering industrial control system cyber securitySeven recommendations for bolstering industrial control system cyber security
Seven recommendations for bolstering industrial control system cyber securityCTi Controltech
 
Secure design best practices and design patterns
Secure design best practices and design patternsSecure design best practices and design patterns
Secure design best practices and design patternsIntopalo Digital Oy
 
Microservices architecture
Microservices architectureMicroservices architecture
Microservices architectureFaren faren
 
IRJET- Privacy Preserving and Proficient Identity Search Techniques for C...
IRJET- Privacy Preserving and Proficient Identity Search Techniques for C...IRJET- Privacy Preserving and Proficient Identity Search Techniques for C...
IRJET- Privacy Preserving and Proficient Identity Search Techniques for C...IRJET Journal
 
How to Build a Practical and Cost-Effective Security Strategy
How to Build a Practical and Cost-Effective Security StrategyHow to Build a Practical and Cost-Effective Security Strategy
How to Build a Practical and Cost-Effective Security StrategyCloudflare
 
HOW-CLOUD-IMPLEMENTATION-CAN-ENSURE-MAXIMUM-ROI.pdf
HOW-CLOUD-IMPLEMENTATION-CAN-ENSURE-MAXIMUM-ROI.pdfHOW-CLOUD-IMPLEMENTATION-CAN-ENSURE-MAXIMUM-ROI.pdf
HOW-CLOUD-IMPLEMENTATION-CAN-ENSURE-MAXIMUM-ROI.pdfAgaram Technologies
 
Cryoserver Technical Overview
Cryoserver Technical OverviewCryoserver Technical Overview
Cryoserver Technical Overviewcryoserver
 
1 hour agoSrinivas Goud Thadakapally week 3 discussionCOLL.docx
1 hour agoSrinivas Goud Thadakapally week 3 discussionCOLL.docx1 hour agoSrinivas Goud Thadakapally week 3 discussionCOLL.docx
1 hour agoSrinivas Goud Thadakapally week 3 discussionCOLL.docxaulasnilda
 
1 hour agoSrinivas Goud Thadakapally week 3 discussionCOLL.docx
1 hour agoSrinivas Goud Thadakapally week 3 discussionCOLL.docx1 hour agoSrinivas Goud Thadakapally week 3 discussionCOLL.docx
1 hour agoSrinivas Goud Thadakapally week 3 discussionCOLL.docxcroftsshanon
 
Maintaining Continuous Compliance with HCL BigFix
Maintaining Continuous Compliance with HCL BigFixMaintaining Continuous Compliance with HCL BigFix
Maintaining Continuous Compliance with HCL BigFixHCLSoftware
 
Tripwire enterprise 87_datasheet
Tripwire enterprise 87_datasheetTripwire enterprise 87_datasheet
Tripwire enterprise 87_datasheetDevaraj Sl
 
Multi-Server Authentication Key Exchange Approach in BIGDATA Environment
Multi-Server Authentication Key Exchange Approach in BIGDATA EnvironmentMulti-Server Authentication Key Exchange Approach in BIGDATA Environment
Multi-Server Authentication Key Exchange Approach in BIGDATA EnvironmentIRJET Journal
 

Similar to SCIT - Vision Series (20)

the_role_of_resilience_data_in_ensuring_cloud_security.pdf
the_role_of_resilience_data_in_ensuring_cloud_security.pdfthe_role_of_resilience_data_in_ensuring_cloud_security.pdf
the_role_of_resilience_data_in_ensuring_cloud_security.pdf
 
the_role_of_resilience_data_in_ensuring_cloud_security.pptx
the_role_of_resilience_data_in_ensuring_cloud_security.pptxthe_role_of_resilience_data_in_ensuring_cloud_security.pptx
the_role_of_resilience_data_in_ensuring_cloud_security.pptx
 
CISA GOV - Seven Steps to Effectively Defend ICS
CISA GOV - Seven Steps to Effectively Defend ICSCISA GOV - Seven Steps to Effectively Defend ICS
CISA GOV - Seven Steps to Effectively Defend ICS
 
Defending industrial control systems from cyber attack
Defending industrial control systems from cyber attackDefending industrial control systems from cyber attack
Defending industrial control systems from cyber attack
 
NCCIC - Seven Steps for Achieving Cybersecurity for Industrial Control Systems
NCCIC - Seven Steps for Achieving Cybersecurity for Industrial Control SystemsNCCIC - Seven Steps for Achieving Cybersecurity for Industrial Control Systems
NCCIC - Seven Steps for Achieving Cybersecurity for Industrial Control Systems
 
Defending Industrial Control Systems From Cyberattack
Defending Industrial Control Systems From CyberattackDefending Industrial Control Systems From Cyberattack
Defending Industrial Control Systems From Cyberattack
 
Seven recommendations for bolstering industrial control system cyber security
Seven recommendations for bolstering industrial control system cyber securitySeven recommendations for bolstering industrial control system cyber security
Seven recommendations for bolstering industrial control system cyber security
 
Secure design best practices and design patterns
Secure design best practices and design patternsSecure design best practices and design patterns
Secure design best practices and design patterns
 
50120140504001
5012014050400150120140504001
50120140504001
 
Microservices architecture
Microservices architectureMicroservices architecture
Microservices architecture
 
IRJET- Privacy Preserving and Proficient Identity Search Techniques for C...
IRJET- Privacy Preserving and Proficient Identity Search Techniques for C...IRJET- Privacy Preserving and Proficient Identity Search Techniques for C...
IRJET- Privacy Preserving and Proficient Identity Search Techniques for C...
 
Cloud Computing
Cloud ComputingCloud Computing
Cloud Computing
 
How to Build a Practical and Cost-Effective Security Strategy
How to Build a Practical and Cost-Effective Security StrategyHow to Build a Practical and Cost-Effective Security Strategy
How to Build a Practical and Cost-Effective Security Strategy
 
HOW-CLOUD-IMPLEMENTATION-CAN-ENSURE-MAXIMUM-ROI.pdf
HOW-CLOUD-IMPLEMENTATION-CAN-ENSURE-MAXIMUM-ROI.pdfHOW-CLOUD-IMPLEMENTATION-CAN-ENSURE-MAXIMUM-ROI.pdf
HOW-CLOUD-IMPLEMENTATION-CAN-ENSURE-MAXIMUM-ROI.pdf
 
Cryoserver Technical Overview
Cryoserver Technical OverviewCryoserver Technical Overview
Cryoserver Technical Overview
 
1 hour agoSrinivas Goud Thadakapally week 3 discussionCOLL.docx
1 hour agoSrinivas Goud Thadakapally week 3 discussionCOLL.docx1 hour agoSrinivas Goud Thadakapally week 3 discussionCOLL.docx
1 hour agoSrinivas Goud Thadakapally week 3 discussionCOLL.docx
 
1 hour agoSrinivas Goud Thadakapally week 3 discussionCOLL.docx
1 hour agoSrinivas Goud Thadakapally week 3 discussionCOLL.docx1 hour agoSrinivas Goud Thadakapally week 3 discussionCOLL.docx
1 hour agoSrinivas Goud Thadakapally week 3 discussionCOLL.docx
 
Maintaining Continuous Compliance with HCL BigFix
Maintaining Continuous Compliance with HCL BigFixMaintaining Continuous Compliance with HCL BigFix
Maintaining Continuous Compliance with HCL BigFix
 
Tripwire enterprise 87_datasheet
Tripwire enterprise 87_datasheetTripwire enterprise 87_datasheet
Tripwire enterprise 87_datasheet
 
Multi-Server Authentication Key Exchange Approach in BIGDATA Environment
Multi-Server Authentication Key Exchange Approach in BIGDATA EnvironmentMulti-Server Authentication Key Exchange Approach in BIGDATA Environment
Multi-Server Authentication Key Exchange Approach in BIGDATA Environment
 

SCIT - Vision Series

  • 1. Self-Cleaning Intrusion Tolerance (SCIT)Self-Cleaning Intrusion Tolerance (SCIT) MSAG msag.net 703.538-0807 Copyright © 2014, Micro Systems Consultants, Inc. Permission to duplicate and distribute this document is granted provided the document is duplicated and distributed in its entirety, three pages. November 2014 Author: Eric Jacobs, Director ejacobs@msag.net MSAG Vision Series TM AIRCRAFT AEROSPACE
  • 2. Self-Cleansing Intrusion Tolerance (SCIT) Copyright © 2014, Micro Systems Consultants, Inc. Permission to duplicate and distribute this document is granted provided the document is duplicated and distributed in its entirety, three pages. 1 Intrusions are Inevitable The figure at right is an excerpt from Verizon’s 2014 Data Breach Investigations Report (http://www.verizonenterprise.com/DBIR/2014/). The data clearly shows the significant amount of time that typically exists between the Compromise of a system, of which more than half the time takes place in a matter of minutes, and the time it takes to Discover the Compromise, which more than half the time takes months. In more than 90% of these instances, Exfiltration has occurred before the Compromise was Discovered. Cyber security strategies built on Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS) cannot prevent all intrusions. Self- Cleaning Intrusion Tolerance (SCIT) is an award- winning patented technology that delivers a proactive approach to cyber attack deterrence. The SCIT approach applies to virtual and physical server environments. It exploits virtualization to automatically restore the operating system and applications to a pristine state and achieves ultra- low intrusion persistence time – minutes as opposed to days, weeks, or months, for conventional systems. SCIT servers subvert attacks by robbing intruders of the time and persistent access needed to launch and sustain attacks. The SCIT Process SCIT-enabled servers have a six-state cycle, as illustrated below – Startup to Online Spare to Production/Exposed to Quiescent (which drains the transaction queue) to Forensics and, finally to Stop, when the server is stopped and destroyed. SCIT-enabled servers reduce operational costs and the probability of violating Service Level Agreements and Objectives (SLA/SLO) by increasing the protection of the datasets and operational resilience.
  • 3. Self-Cleansing Intrusion Tolerance (SCIT) Copyright © 2014, Micro Systems Consultants, Inc. Permission to duplicate and distribute this document is granted provided the document is duplicated and distributed in its entirety, three pages. 2 SCIT software and appliance-based solutions can be installed rapidly and seamlessly integrated with existing FISMA-compliant architecture. There is no requirement to alter existing security implementations or protocols, and SCIT cycle times can be adapted based on information from existing security tools. SCIT does not require changes to application code. Benefits of a Proactive Approach SCIT proactively deters cyber attacks by reducing the window of opportunity for adversaries to mount and execute cyber attacks. SCIT-enabled web servers become state-of-the-art agile defense systems that features: • Responses to newly discovered vulnerabilities. Threat vectors can often be better managed at a more sane pace with less urgency and chance of collateral adverse effects. • Ultra Low Intrusion Persistence Time, configurable from hours to as low as one minute. • Automatic restore to a pristine state at regular intervals without manual intervention. • Automatic recovery from software deletion attacks. • Increased visibility of the repeated attempts of intruders to access your environment. Production / Exposed Start Online Spare Quiescent Forensics Stop SCIT APPROACH Pristine servers rotated into production at appropriate time intervals. Capture for offline Forensic Analysis
  • 4. Self-Cleansing Intrusion Tolerance (SCIT) Copyright © 2014, Micro Systems Consultants, Inc. Permission to duplicate and distribute this document is granted provided the document is duplicated and distributed in its entirety, three pages. 3 • Lower Total Cost of Ownership (TCO) by reducing false positive alerts and associated investigation and recovery costs. • Reduction of memory leaks through SCIT’s continuous clean processes. • Increased operational resilience, faster recovery time, and better update management. Additional benefits realized after introducing SCIT-enabled servers includes: • Reduction in data exfiltration losses. • Support for forensic and cyber intelligence activities. • Quick and easy application of hot patches and recovery from bad patches. • Support for disaster recovery/Continuity of Operations (COOP) architectures. SCIT Compared to Traditional Approaches Existing host integrity tools such as firewalls, IPS, and IDS are reactive and help with understood and known threats. These tools provide limited, if any, protection against zero-day threats. SCIT is proactive, threat independent, and contains zero-day threat losses. Conclusion This paper highlights a cost-effective approach to the implementation of proactive measures to protect an organization’s infrastructure and assets. SCIT can quickly be operational with little impact on an organization’s technical staff and existing processes.
  • 5. MSAG 2785 Hartland Road Falls Church, VA 22043 msag.net 703.538.0807