Diese Präsentation wurde erfolgreich gemeldet.
Die SlideShare-Präsentation wird heruntergeladen. ×

SCIT Labs - intrusion tolerant systems

Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Nächste SlideShare
Moving target-defense
Moving target-defense
Wird geladen in …3
×

Hier ansehen

1 von 26 Anzeige

SCIT Labs - intrusion tolerant systems

Herunterladen, um offline zu lesen

The variety and complexity of cyber attacks is increasing. The attackers have a strong economic and political motivation thus leading to organized and targeted attacks. We have concluded that intrusions are inevitable, and have focused on strategies to work through the attack while limiting the losses. Our approach, called Self Cleansing Intrusion Tolerance (SCIT), leads to the next generation of secure servers. SCIT shifts the focus from intrusion avoidance to reducing the losses resulting from an intrusion. This additional layer of defense is justified, because the current reactive approaches cannot keep up with the rapidly increasing new threats.

The variety and complexity of cyber attacks is increasing. The attackers have a strong economic and political motivation thus leading to organized and targeted attacks. We have concluded that intrusions are inevitable, and have focused on strategies to work through the attack while limiting the losses. Our approach, called Self Cleansing Intrusion Tolerance (SCIT), leads to the next generation of secure servers. SCIT shifts the focus from intrusion avoidance to reducing the losses resulting from an intrusion. This additional layer of defense is justified, because the current reactive approaches cannot keep up with the rapidly increasing new threats.

Anzeige
Anzeige

Weitere Verwandte Inhalte

Diashows für Sie (20)

Ähnlich wie SCIT Labs - intrusion tolerant systems (20)

Anzeige

Aktuellste (20)

SCIT Labs - intrusion tolerant systems

  1. 1. Moving Target Proactive Cyber Defense – Keeping Bad Guys Out of Servers Arun Sood, Ph.D. SCIT Labs, Inc Clifton, VA asood@scitlabs.com SCIT Labs Confidential and Proprietary 1
  2. 2. I. Intrusions Are Inevitable New Proactive Approaches are Required SCIT Labs Confidential and Proprietary 2
  3. 3. May 2011 Security Incidents Worldwide Sunday Monday Tuesday Wednesday Thursday Friday Saturday 1 2 3 4 5 6 7 Gmail X-Factor TV Sony SEC Bestbuy Central OR Sony Show Woman Netflix Comm College to Woman Sony Healthcare 8 9 10 11 12 13 14 Huntington Assurant Fox Michaels National Bank 15 16 17 18 19 20 21 Mass Anthem Blue PBS Sony Lockheed Martin Government Cross of NASA Sony X2 Regions Bank California 22 23 24 25 26 27 28 Sony Sony Sony Northrop L-3 Grumman Communications 29 30 31 Honda Nintendo Citibank Source: Confab 2011 SCIT Labs Confidential and Proprietary 3
  4. 4. Epsilon Data Breach – 2011 SCIT Labs Confidential and Proprietary 4
  5. 5. Source: Symantec 2010 Review SCIT Labs Confidential and Proprietary 5
  6. 6. II. Cyber Attacks Persist • Intruders need access and time to orchestrate their attacks • Intrusions persist for days, weeks, months • Malware is hard to detect • Highly customized malicious code blends into the information landscape SCIT Labs Confidential and Proprietary 6
  7. 7. Intruder Residence Time in Months 3 months 2 months 5 months SCIT Labs Confidential and Proprietary 7 7
  8. 8. Verizon DBIR 2010: Significant Intruder Residence Time SCIT Labs Confidential and Proprietary 8
  9. 9. III. Current Servers are Sitting Ducks Adversary has the advantage We increase Adversary Work Factor SCIT Labs Confidential and Proprietary 9
  10. 10. SCIT Labs Confidential and Proprietary 10
  11. 11. The SCIT Approach Reduce server exposure time Restore to pristine state Threat Independent Must maintain uninterrupted service SCIT Labs Confidential and Proprietary 11
  12. 12. Zero Days – Fixing Vulnerabilities • Detecting a vulnerability • Reporting vulnerability • Developing a patch to fix vulnerability • Patch distribution • Testing in staging area • Patch application Use Moving Target Defense Make it Difficult to Exploit the Vulnerability SCIT Labs Confidential and Proprietary 12
  13. 13. Servers How SCIT works -Virtual Example: 5 online and 3 offline servers -Physical Online servers; potentially compromised Offline servers; in self-cleansing SCIT Labs Confidential and Proprietary 13 13
  14. 14. Resilience, Recovery, Tolerance, Forensics SCIT Labs Confidential and Proprietary 14
  15. 15. The SCIT Approach • Patented, Proven, Award Winning Self Cleansing Intrusion Tolerance Technology • Uses Virtualization Technology • Ultra Low Intruder Residence Time • Subverts attacks by robbing intruders of time and persistent access needed to launch attacks SCIT Labs Confidential and Proprietary 15
  16. 16. IDS/IPS vs Intrusion Tolerance Firewall, IDS, IPS Intrusion tolerance Risk management. Reactive. Proactive. A priori information Attack models. Software Exposure time. Length of required. vulnerabilities. longest transaction. Protection approach. Prevent all intrusions. Limit losses. System Administrator High. Manage reaction Less. No false alarms workload. rules. Manage false alarms. generated. Design metric. Unspecified. Exposure time. Packet/Data stream Required. Not required. monitoring. Higher traffic volume More computations. Computation volume requires. unchanged. Applying patches. Must be applied Can be planned. immediately. SCIT Labs Confidential and Proprietary 16 16
  17. 17. Results of Simulation: NIDS, SCIT, NIDS+SCIT Parameters used Results of the simulation Simulation Metrics Value (units) Total damage No. of Mean Damage Case Number of queries 5000 (records) breaches (records/breach) used NIDS 245,962 (100%) 192 1,281 Intruder Residence 0 minutes to 2 SCIT: ET 4hrs 55,364 (23%) 508 109 Time (IRT) months SCIT: ET 4 mins 1,015 (0.4%) 508 2 Mean IRT – Pareto 48 hours distribution NIDS + HIDS 210,578 (86%) 164 1,284 Exposure Time – 2 1. 4 hrs NIDS + SCIT cases 2. 4 mins (ET 4 hrs) 20,931 (9%) 191 110 Mean of records 675 NIDS + SCIT stolen per day records/breach (ET 4 mins) 383 (0.16%) 191 2 IDS Only SCIT+IDS SCIT Labs Confidential and Proprietary 17
  18. 18. SCIT Server State Transitions 1 2 3 Active – Exposed Start New VM Online Spare to Internet 6 5 4 Archive VM for Kill VM Grace Period Future Analysis SCIT Labs Confidential and Proprietary 18
  19. 19. SCIT – Applications SCIT Implementations Web Tier: Web, 1. One application DNS, SSO…… 1 2 N (function) per server App Tier: Biz logic, Content Mgr, CRM…. 1 2 M 2. Five applications per server Data Tier: DB Mgr; File Mgr 1 L 3. 1000 applications Storage Tier: 100 servers Transactions (ms); 1 K Large File transfer (High speed- seconds) 4. Cloud SCIT Labs Confidential and Proprietary 19
  20. 20. Collaboration and Recognition • Lockheed Martin and Northrop Grumman – Testing and validation of SCIT servers. – Funded and collaborated with SCIT research – Integrated in LM cloud offering; NGC evaluating use cases for cloud app – LM and Landis Gyr are sub – SCIT application to Electricity Smart Grid • Raytheon – Collaborated on SBIR proposal • Awards – Winner Security Technology of Tomorrow Challenge, CNI Expo + GSC Jun 10 – Runners up Cyber Security Challenge GSC Nov 09 – Army SBIR: SCIT DNS • Patents: 3 issued + 3 more applied. SCIT Labs Confidential and Proprietary 20
  21. 21. Target Market and Applications • Cloud and Hosting • Government Services – Civil – Web sites: LAMP & – DOD Windows IIS – Intelligence Community – DNS • Financial services – Ecommerce • Health care – Single Sign On – Email and comm – LDAP server – Streaming media SCIT Labs Confidential and Proprietary 21
  22. 22. Risk = Threat X Vulnerabilities X Consequences SCIT Labs Confidential and Proprietary 22
  23. 23. Cyber Security Approaches Vulner- Conse- Work Factor Technology Approach Threat abilities quences A D Intrusion Detection / Prevention X + Firewall X + Malware detection X + Incoming Packet Monitoring X + Packet Analysis X + SSL Proxy X + SIEM X + Forensics X + SCIT - Recovery + Intrusion X + Tolerance + Forensic Support Outgoing Packet Monitoring (DLP) X + A=Adversary Work Factor; D=Defender Work Factor SCIT Labs Confidential and Proprietary 23
  24. 24. Pilot Project • Data Storage servers • Implement on one or two platforms using remote access • Support & training • Develop evaluation measures • Demonstrate achievement of measures in 3 month • Roll out commitment and plan SCIT Labs Confidential and Proprietary 24
  25. 25. Benefits of SCIT • SCIT removes malware without detection • SCIT reduces data ex-filtration • SCIT does not rely on signatures and is threat independent • SCIT is mission resilient: automatic recovery • SCIT reduces intrusion response (alerts) management cost SCIT Labs Confidential and Proprietary 25
  26. 26. Demo PROACTIVE CYBER ATTACK DEFENSE Arun Sood, Ph.D. asood@scitlabs.com +1703.347.4494 SCIT Labs Confidential and Proprietary 26

×