SlideShare ist ein Scribd-Unternehmen logo

The OODA Loop: A Holistic Approach to Cyber Security

Lancope, Inc.
Lancope, Inc.

A holistic approach to cyber security is one that includes the threat actors, advance telemetry of the network and a defensive strategy that continuously adapts to the adversaries capability and threat landscape. By collecting and analyzing network data via technologies such as NetFlow, organizations can obtain the security intelligence needed to fill in the gaps left by conventional tools and more effectively feed their OODA loop - a cyclical process for Observation, Orientation, Decision and Action. By embracing the OODA loop, and turning the network into a sensor grid for delivering key security information, organizations can dramatically improve their situational awareness, incident response and forensics procedures. When you leave this session you will... • Understand how the motives and techniques of online attackers have changed over the last couple of decades • Realize why conventional security tools like firewalls and antivirus are no longer enough to fend off today’s advanced threats, and why more holistic cyber security strategies are needed • Know about the “OODA loop” and how it can be applied to cyber security to protect IT infrastructure and data from advanced adversaries • Understand how network data such as NetFlow can be cost-effectively collected and analyzed to feed and speed up your OODA loop • Have a strategy for dramatically improving incident response and forensics

Technologie
1 von 22
Downloaden Sie, um offline zu lesen
The OODA Loop: A Holistic Approach to Cyber Security TK Keanini, CTO Lancope Dude, follow me on twitter @tkeanini
Cyber Security Strategy Retrospective 2  Fragmented Tactics  Deterministic Threat  Push exploits to Enterprise  Single-Step Exploits  Overt Tactics (cost to exploit)  Threat Intelligence Optional  Holistic Strategy  Adaptive Threat  Pull exploits to Enterprise  Multi-Step Exploits  Covert Tactics (cost to remain hidden)  Threat Intelligence Mandatory Continuously evaluate your strategy Yesterday Today
A Holistic Approach to Cyber Security • Holistic Strategy (Framing the Conflict) • Holistic Telemetry (Data Complete) • Holistic Understanding (Information and Knowledge Complete) 3
Holistic Strategy • Inclusive of all the players – Not just operations, must include bad guys • Must be a continuous process – If it does not look like a loop, it’s probably wrong • A framework for the changing dynamics of conflict – Understanding the game dynamics • Sun Tzu • Musashi • Clausewitz How to Best Frame Conflict 4
Colonel John Boyd (1927 – 1997) • Fighter Pilot – Forty-Second Boyd • Military Theories – Energy Maneuverability Theory • Drove requirements for the F15 and F16 – Discourse on Winning & Losing – Destruction & Creation – Many modern military strategies based on Boyd • The OODA Loop – the concept that all combat, indeed all human competition from chess to soccer to business, involves a continuous cycle of Observation, Orientation, Decision, and Action
Simplified OODA in the Context of Time • Intelligence — Observation — Orientation • Execution — Decision — Action
Feedback Loops of the OODA Loop
Conflict: Red vs. Blue O O D A A D O O Red OpsBlue Ops Spin your loop faster than your adversary OODA for Cyber Security
OODA Loop Summary • Observation and Orientation (OO) increases your perceptive boundaries. – Superior Situational Awareness • Sampling Rate of the OO is relative to the rate of change – Fast enough to represent change • Decision and Actions raise the cost to your adversaries’ Observation/Orientation • Operate at a faster tempo or rhythm than our adversaries Ultimately you are making it more expensive for the adversary to operate and hide
Holistic Telemetry • Multi Sensor – No place to hide (space and time) • Metadata as Context • Observation of Data – Completeness • Orientation of Information – User Centric – App Centric Data Complete 10 Flows IP MAC Noun S: (n) telemetry (automatic transmission and measurement of data from remote sources by wire or radio or other means) App Users
Holistic Understanding Intelligence 11 CraftKnowledge •Synthesis of Information Sets •Know how •Observer Centric Fusion of DataInformation •Synthesis of Data Sets •Information Sets AtomicData •Identifiers, Addresses, Counts, Types, etc. •Sets of Signals & Symbols AnalyticSynthetic
Holistic Cyber Security The Art of Cyberwar 12 Decision Action Observation Orientation Data Information Knowledge Automated Semi Automated Manual SDN Cloud
OODA Loop and the Kill Chain Infiltration Exfiltration
Your Infrastructure Provides the Observation... InternetAtlanta San Jose New York ASR-1000 Cat6k UCS with Nexus 1000v ASA Cat6k 3925 ISR 3560-X 3850 Stack(s) Cat4k Datacenter WAN DMZ Access NetFlow NetFlow NetFlow NetFlow NetFlow NetFlow NetFlow NetFlow NetFlow NetFlow NetFlow NetFlow NetFlow NetFlow NetFlow NetFlow © 2013 Lancope, Inc. All rights reserved. 14
…for Total Visibility from Edge to Access. StealthWatch delivers the Orientation InternetAtlanta San Jose New York ASR-1000 Cat6k UCS with Nexus 1000v ASA Cat6k 3925 ISR 3560-X 3850 Stack(s) Cat4kDatacenter WAN DM Z Access © 2013 Lancope, Inc. All rights reserved. 15
Data Observation 16© 2013 Lancope, Inc. All rights reserved.
Geographic Traffic Orientation
Time of Day Orientation
User Location Orientation
Data Hoarding Orientation
Data Disclosure Orientation
http://www.lancope.com @Lancope (company) @netflowninjas (company blog) https://www.facebook.com/Lancope http://www.linkedin.com/groups/NetFlow-Ninjas-2261596/about https://plus.google.com/u/0/103996520487697388791/posts http://feeds.feedburner.com/NetflowNinjas Thank You 22© 2013 Lancope, Inc. All rights reserved. TK Keanini, Chief Technology Officer tk@lancope.com @tkeanini

Empfohlen

Ato cycle
Ato cycleAto cycle
Ato cycle
Sridhar
 
Using Maltego Tungsten to Explore Cyber-Physical Confluence in Geolocation
Using Maltego Tungsten to Explore Cyber-Physical Confluence in GeolocationUsing Maltego Tungsten to Explore Cyber-Physical Confluence in Geolocation
Using Maltego Tungsten to Explore Cyber-Physical Confluence in Geolocation
Shalin Hai-Jew
 
Applying Boyd's OODA Loop Strategy to Drive IT Security Decision and Action
Applying Boyd's OODA Loop Strategy to Drive IT Security Decision and ActionApplying Boyd's OODA Loop Strategy to Drive IT Security Decision and Action
Applying Boyd's OODA Loop Strategy to Drive IT Security Decision and Action
nCircle - a Tripwire Company
 
Mark Robinson 'Why Players Are Leaving Your Game' Delta DNA
Mark Robinson 'Why Players Are Leaving Your Game' Delta DNAMark Robinson 'Why Players Are Leaving Your Game' Delta DNA
Mark Robinson 'Why Players Are Leaving Your Game' Delta DNA
Pocket Gamer Biz
 
GIAF USA: Summer 2015
GIAF USA: Summer 2015GIAF USA: Summer 2015
GIAF USA: Summer 2015
deltaDNA
 
Solving the Visibility Gap for Effective Security
Solving the Visibility Gap for Effective SecuritySolving the Visibility Gap for Effective Security
Solving the Visibility Gap for Effective Security
Lancope, Inc.
 
Network Security and Visibility through NetFlow
Network Security and Visibility through NetFlowNetwork Security and Visibility through NetFlow
Network Security and Visibility through NetFlow
Lancope, Inc.
 
The Internet of Everything is Here
The Internet of Everything is HereThe Internet of Everything is Here
The Internet of Everything is Here
Lancope, Inc.
 

Empfohlen

Ato cycle
Ato cycleAto cycle
Ato cycle
Sridhar
 
Using Maltego Tungsten to Explore Cyber-Physical Confluence in Geolocation
Using Maltego Tungsten to Explore Cyber-Physical Confluence in GeolocationUsing Maltego Tungsten to Explore Cyber-Physical Confluence in Geolocation
Using Maltego Tungsten to Explore Cyber-Physical Confluence in Geolocation
Shalin Hai-Jew
 
Applying Boyd's OODA Loop Strategy to Drive IT Security Decision and Action
Applying Boyd's OODA Loop Strategy to Drive IT Security Decision and ActionApplying Boyd's OODA Loop Strategy to Drive IT Security Decision and Action
Applying Boyd's OODA Loop Strategy to Drive IT Security Decision and Action
nCircle - a Tripwire Company
 
Mark Robinson 'Why Players Are Leaving Your Game' Delta DNA
Mark Robinson 'Why Players Are Leaving Your Game' Delta DNAMark Robinson 'Why Players Are Leaving Your Game' Delta DNA
Mark Robinson 'Why Players Are Leaving Your Game' Delta DNA
Pocket Gamer Biz
 
GIAF USA: Summer 2015
GIAF USA: Summer 2015GIAF USA: Summer 2015
GIAF USA: Summer 2015
deltaDNA
 
Solving the Visibility Gap for Effective Security
Solving the Visibility Gap for Effective SecuritySolving the Visibility Gap for Effective Security
Solving the Visibility Gap for Effective Security
Lancope, Inc.
 
Network Security and Visibility through NetFlow
Network Security and Visibility through NetFlowNetwork Security and Visibility through NetFlow
Network Security and Visibility through NetFlow
Lancope, Inc.
 
The Internet of Everything is Here
The Internet of Everything is HereThe Internet of Everything is Here
The Internet of Everything is Here
Lancope, Inc.
 
Combating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside OutCombating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside Out
Lancope, Inc.
 
Combating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside OutCombating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside Out
Lancope, Inc.
 
5 Signs you have an Insider Threat
5 Signs you have an Insider Threat5 Signs you have an Insider Threat
5 Signs you have an Insider Threat
Lancope, Inc.
 
Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...
Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...
Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...
Lancope, Inc.
 
Detecting Threats: A Look at the Verizon DBIR and StealthWatch
Detecting Threats: A Look at the Verizon DBIR and StealthWatchDetecting Threats: A Look at the Verizon DBIR and StealthWatch
Detecting Threats: A Look at the Verizon DBIR and StealthWatch
Lancope, Inc.
 
So You Want a Threat Intelligence Function (But Were Afraid to Ask)
So You Want a Threat Intelligence Function (But Were Afraid to Ask)So You Want a Threat Intelligence Function (But Were Afraid to Ask)
So You Want a Threat Intelligence Function (But Were Afraid to Ask)
Lancope, Inc.
 
Extending Network Visibility: Down to the Endpoint
Extending Network Visibility: Down to the EndpointExtending Network Visibility: Down to the Endpoint
Extending Network Visibility: Down to the Endpoint
Lancope, Inc.
 
Save Your Network – Protecting Manufacturing Data from Deadly Breaches
Save Your Network – Protecting Manufacturing Data from Deadly BreachesSave Your Network – Protecting Manufacturing Data from Deadly Breaches
Save Your Network – Protecting Manufacturing Data from Deadly Breaches
Lancope, Inc.
 
The Seven Deadly Sins of Incident Response
The Seven Deadly Sins of Incident ResponseThe Seven Deadly Sins of Incident Response
The Seven Deadly Sins of Incident Response
Lancope, Inc.
 
Save Your Network – Protecting Healthcare Data from Deadly Breaches
Save Your Network – Protecting Healthcare Data from Deadly BreachesSave Your Network – Protecting Healthcare Data from Deadly Breaches
Save Your Network – Protecting Healthcare Data from Deadly Breaches
Lancope, Inc.
 
Using Your Network as a Sensor for Enhanced Visibility and Security
Using Your Network as a Sensor for Enhanced Visibility and Security Using Your Network as a Sensor for Enhanced Visibility and Security
Using Your Network as a Sensor for Enhanced Visibility and Security
Lancope, Inc.
 
Insider threats webinar 01.28.15
Insider threats webinar 01.28.15Insider threats webinar 01.28.15
Insider threats webinar 01.28.15
Lancope, Inc.
 
Protecting the Crown Jewels from Devastating Data Breaches
Protecting the Crown Jewels from Devastating Data BreachesProtecting the Crown Jewels from Devastating Data Breaches
Protecting the Crown Jewels from Devastating Data Breaches
Lancope, Inc.
 
The Library of Sparta
The Library of SpartaThe Library of Sparta
The Library of Sparta
Lancope, Inc.
 
SCADA Security: The Five Stages of Cyber Grief
SCADA Security: The Five Stages of Cyber GriefSCADA Security: The Five Stages of Cyber Grief
SCADA Security: The Five Stages of Cyber Grief
Lancope, Inc.
 
Looking for the weird webinar 09.24.14
Looking for the weird webinar 09.24.14Looking for the weird webinar 09.24.14
Looking for the weird webinar 09.24.14
Lancope, Inc.
 
Cisco CSIRT Case Study: Forensic Investigations with NetFlow
Cisco CSIRT Case Study: Forensic Investigations with NetFlowCisco CSIRT Case Study: Forensic Investigations with NetFlow
Cisco CSIRT Case Study: Forensic Investigations with NetFlow
Lancope, Inc.
 
Protecting Financial Networks from Cyber Crime
Protecting Financial Networks from Cyber CrimeProtecting Financial Networks from Cyber Crime
Protecting Financial Networks from Cyber Crime
Lancope, Inc.
 
SCADA Security: The Five Stages of Cyber Grief
SCADA Security: The Five Stages of Cyber GriefSCADA Security: The Five Stages of Cyber Grief
SCADA Security: The Five Stages of Cyber Grief
Lancope, Inc.
 
Reverse Engineering Malware: A look inside Operation Tovar
Reverse Engineering Malware: A look inside Operation TovarReverse Engineering Malware: A look inside Operation Tovar
Reverse Engineering Malware: A look inside Operation Tovar
Lancope, Inc.
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
HampshireHUG
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
ThousandEyes
 

Weitere ähnliche Inhalte

Mehr von Lancope, Inc.

Combating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside OutCombating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside Out
Lancope, Inc.
 
Combating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside OutCombating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside Out
Lancope, Inc.
 
5 Signs you have an Insider Threat
5 Signs you have an Insider Threat5 Signs you have an Insider Threat
5 Signs you have an Insider Threat
Lancope, Inc.
 
Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...
Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...
Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...
Lancope, Inc.
 
Detecting Threats: A Look at the Verizon DBIR and StealthWatch
Detecting Threats: A Look at the Verizon DBIR and StealthWatchDetecting Threats: A Look at the Verizon DBIR and StealthWatch
Detecting Threats: A Look at the Verizon DBIR and StealthWatch
Lancope, Inc.
 
So You Want a Threat Intelligence Function (But Were Afraid to Ask)
So You Want a Threat Intelligence Function (But Were Afraid to Ask)So You Want a Threat Intelligence Function (But Were Afraid to Ask)
So You Want a Threat Intelligence Function (But Were Afraid to Ask)
Lancope, Inc.
 
Extending Network Visibility: Down to the Endpoint
Extending Network Visibility: Down to the EndpointExtending Network Visibility: Down to the Endpoint
Extending Network Visibility: Down to the Endpoint
Lancope, Inc.
 
Save Your Network – Protecting Manufacturing Data from Deadly Breaches
Save Your Network – Protecting Manufacturing Data from Deadly BreachesSave Your Network – Protecting Manufacturing Data from Deadly Breaches
Save Your Network – Protecting Manufacturing Data from Deadly Breaches
Lancope, Inc.
 
The Seven Deadly Sins of Incident Response
The Seven Deadly Sins of Incident ResponseThe Seven Deadly Sins of Incident Response
The Seven Deadly Sins of Incident Response
Lancope, Inc.
 
Save Your Network – Protecting Healthcare Data from Deadly Breaches
Save Your Network – Protecting Healthcare Data from Deadly BreachesSave Your Network – Protecting Healthcare Data from Deadly Breaches
Save Your Network – Protecting Healthcare Data from Deadly Breaches
Lancope, Inc.
 
Using Your Network as a Sensor for Enhanced Visibility and Security
Using Your Network as a Sensor for Enhanced Visibility and Security Using Your Network as a Sensor for Enhanced Visibility and Security
Using Your Network as a Sensor for Enhanced Visibility and Security
Lancope, Inc.
 
Insider threats webinar 01.28.15
Insider threats webinar 01.28.15Insider threats webinar 01.28.15
Insider threats webinar 01.28.15
Lancope, Inc.
 
Protecting the Crown Jewels from Devastating Data Breaches
Protecting the Crown Jewels from Devastating Data BreachesProtecting the Crown Jewels from Devastating Data Breaches
Protecting the Crown Jewels from Devastating Data Breaches
Lancope, Inc.
 
The Library of Sparta
The Library of SpartaThe Library of Sparta
The Library of Sparta
Lancope, Inc.
 
SCADA Security: The Five Stages of Cyber Grief
SCADA Security: The Five Stages of Cyber GriefSCADA Security: The Five Stages of Cyber Grief
SCADA Security: The Five Stages of Cyber Grief
Lancope, Inc.
 
Looking for the weird webinar 09.24.14
Looking for the weird webinar 09.24.14Looking for the weird webinar 09.24.14
Looking for the weird webinar 09.24.14
Lancope, Inc.
 
Cisco CSIRT Case Study: Forensic Investigations with NetFlow
Cisco CSIRT Case Study: Forensic Investigations with NetFlowCisco CSIRT Case Study: Forensic Investigations with NetFlow
Cisco CSIRT Case Study: Forensic Investigations with NetFlow
Lancope, Inc.
 
Protecting Financial Networks from Cyber Crime
Protecting Financial Networks from Cyber CrimeProtecting Financial Networks from Cyber Crime
Protecting Financial Networks from Cyber Crime
Lancope, Inc.
 

Mehr von Lancope, Inc. (20)

Combating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside OutCombating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside Out
 
Combating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside OutCombating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside Out
 
5 Signs you have an Insider Threat
5 Signs you have an Insider Threat5 Signs you have an Insider Threat
5 Signs you have an Insider Threat
 
Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...
Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...
Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...
 
Detecting Threats: A Look at the Verizon DBIR and StealthWatch
Detecting Threats: A Look at the Verizon DBIR and StealthWatchDetecting Threats: A Look at the Verizon DBIR and StealthWatch
Detecting Threats: A Look at the Verizon DBIR and StealthWatch
 
So You Want a Threat Intelligence Function (But Were Afraid to Ask)
So You Want a Threat Intelligence Function (But Were Afraid to Ask)So You Want a Threat Intelligence Function (But Were Afraid to Ask)
So You Want a Threat Intelligence Function (But Were Afraid to Ask)
 
Extending Network Visibility: Down to the Endpoint
Extending Network Visibility: Down to the EndpointExtending Network Visibility: Down to the Endpoint
Extending Network Visibility: Down to the Endpoint
 
Save Your Network – Protecting Manufacturing Data from Deadly Breaches
Save Your Network – Protecting Manufacturing Data from Deadly BreachesSave Your Network – Protecting Manufacturing Data from Deadly Breaches
Save Your Network – Protecting Manufacturing Data from Deadly Breaches
 
The Seven Deadly Sins of Incident Response
The Seven Deadly Sins of Incident ResponseThe Seven Deadly Sins of Incident Response
The Seven Deadly Sins of Incident Response
 
Save Your Network – Protecting Healthcare Data from Deadly Breaches
Save Your Network – Protecting Healthcare Data from Deadly BreachesSave Your Network – Protecting Healthcare Data from Deadly Breaches
Save Your Network – Protecting Healthcare Data from Deadly Breaches
 
Using Your Network as a Sensor for Enhanced Visibility and Security
Using Your Network as a Sensor for Enhanced Visibility and Security Using Your Network as a Sensor for Enhanced Visibility and Security
Using Your Network as a Sensor for Enhanced Visibility and Security
 
Insider threats webinar 01.28.15
Insider threats webinar 01.28.15Insider threats webinar 01.28.15
Insider threats webinar 01.28.15
 
Protecting the Crown Jewels from Devastating Data Breaches
Protecting the Crown Jewels from Devastating Data BreachesProtecting the Crown Jewels from Devastating Data Breaches
Protecting the Crown Jewels from Devastating Data Breaches
 
The Library of Sparta
The Library of SpartaThe Library of Sparta
The Library of Sparta
 
SCADA Security: The Five Stages of Cyber Grief
SCADA Security: The Five Stages of Cyber GriefSCADA Security: The Five Stages of Cyber Grief
SCADA Security: The Five Stages of Cyber Grief
 
Looking for the weird webinar 09.24.14
Looking for the weird webinar 09.24.14Looking for the weird webinar 09.24.14
Looking for the weird webinar 09.24.14
 
Cisco CSIRT Case Study: Forensic Investigations with NetFlow
Cisco CSIRT Case Study: Forensic Investigations with NetFlowCisco CSIRT Case Study: Forensic Investigations with NetFlow
Cisco CSIRT Case Study: Forensic Investigations with NetFlow
 
Protecting Financial Networks from Cyber Crime
Protecting Financial Networks from Cyber CrimeProtecting Financial Networks from Cyber Crime
Protecting Financial Networks from Cyber Crime
 
SCADA Security: The Five Stages of Cyber Grief
SCADA Security: The Five Stages of Cyber GriefSCADA Security: The Five Stages of Cyber Grief
SCADA Security: The Five Stages of Cyber Grief
 
Reverse Engineering Malware: A look inside Operation Tovar
Reverse Engineering Malware: A look inside Operation TovarReverse Engineering Malware: A look inside Operation Tovar
Reverse Engineering Malware: A look inside Operation Tovar
 

Kürzlich hochgeladen

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
 

Kürzlich hochgeladen (20)

04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 

The OODA Loop: A Holistic Approach to Cyber Security

  • 1. The OODA Loop: A Holistic Approach to Cyber Security TK Keanini, CTO Lancope Dude, follow me on twitter @tkeanini
  • 2. Cyber Security Strategy Retrospective 2  Fragmented Tactics  Deterministic Threat  Push exploits to Enterprise  Single-Step Exploits  Overt Tactics (cost to exploit)  Threat Intelligence Optional  Holistic Strategy  Adaptive Threat  Pull exploits to Enterprise  Multi-Step Exploits  Covert Tactics (cost to remain hidden)  Threat Intelligence Mandatory Continuously evaluate your strategy Yesterday Today
  • 3. A Holistic Approach to Cyber Security • Holistic Strategy (Framing the Conflict) • Holistic Telemetry (Data Complete) • Holistic Understanding (Information and Knowledge Complete) 3
  • 4. Holistic Strategy • Inclusive of all the players – Not just operations, must include bad guys • Must be a continuous process – If it does not look like a loop, it’s probably wrong • A framework for the changing dynamics of conflict – Understanding the game dynamics • Sun Tzu • Musashi • Clausewitz How to Best Frame Conflict 4
  • 5. Colonel John Boyd (1927 – 1997) • Fighter Pilot – Forty-Second Boyd • Military Theories – Energy Maneuverability Theory • Drove requirements for the F15 and F16 – Discourse on Winning & Losing – Destruction & Creation – Many modern military strategies based on Boyd • The OODA Loop – the concept that all combat, indeed all human competition from chess to soccer to business, involves a continuous cycle of Observation, Orientation, Decision, and Action
  • 6. Simplified OODA in the Context of Time • Intelligence — Observation — Orientation • Execution — Decision — Action
  • 7. Feedback Loops of the OODA Loop
  • 8. Conflict: Red vs. Blue O O D A A D O O Red OpsBlue Ops Spin your loop faster than your adversary OODA for Cyber Security
  • 9. OODA Loop Summary • Observation and Orientation (OO) increases your perceptive boundaries. – Superior Situational Awareness • Sampling Rate of the OO is relative to the rate of change – Fast enough to represent change • Decision and Actions raise the cost to your adversaries’ Observation/Orientation • Operate at a faster tempo or rhythm than our adversaries Ultimately you are making it more expensive for the adversary to operate and hide
  • 10. Holistic Telemetry • Multi Sensor – No place to hide (space and time) • Metadata as Context • Observation of Data – Completeness • Orientation of Information – User Centric – App Centric Data Complete 10 Flows IP MAC Noun S: (n) telemetry (automatic transmission and measurement of data from remote sources by wire or radio or other means) App Users
  • 11. Holistic Understanding Intelligence 11 CraftKnowledge •Synthesis of Information Sets •Know how •Observer Centric Fusion of DataInformation •Synthesis of Data Sets •Information Sets AtomicData •Identifiers, Addresses, Counts, Types, etc. •Sets of Signals & Symbols AnalyticSynthetic
  • 12. Holistic Cyber Security The Art of Cyberwar 12 Decision Action Observation Orientation Data Information Knowledge Automated Semi Automated Manual SDN Cloud
  • 13. OODA Loop and the Kill Chain Infiltration Exfiltration
  • 14. Your Infrastructure Provides the Observation... InternetAtlanta San Jose New York ASR-1000 Cat6k UCS with Nexus 1000v ASA Cat6k 3925 ISR 3560-X 3850 Stack(s) Cat4k Datacenter WAN DMZ Access NetFlow NetFlow NetFlow NetFlow NetFlow NetFlow NetFlow NetFlow NetFlow NetFlow NetFlow NetFlow NetFlow NetFlow NetFlow NetFlow © 2013 Lancope, Inc. All rights reserved. 14
  • 15. …for Total Visibility from Edge to Access. StealthWatch delivers the Orientation InternetAtlanta San Jose New York ASR-1000 Cat6k UCS with Nexus 1000v ASA Cat6k 3925 ISR 3560-X 3850 Stack(s) Cat4kDatacenter WAN DM Z Access © 2013 Lancope, Inc. All rights reserved. 15
  • 16. Data Observation 16© 2013 Lancope, Inc. All rights reserved.
  • 18. Time of Day Orientation
  • 22. http://www.lancope.com @Lancope (company) @netflowninjas (company blog) https://www.facebook.com/Lancope http://www.linkedin.com/groups/NetFlow-Ninjas-2261596/about https://plus.google.com/u/0/103996520487697388791/posts http://feeds.feedburner.com/NetflowNinjas Thank You 22© 2013 Lancope, Inc. All rights reserved. TK Keanini, Chief Technology Officer tk@lancope.com @tkeanini