1 / 24

Cyber Ecosystem & Data Security

Cyber Ecosystem & Data Security. Subhro Kar CSCE 824, Spring 2013 University of South Carolina, Columbia. What is an Ecosystem?. Definition Functional Units Relationships Balance Comparison with Cyber Space. Biological Ecosystems. The system is closely related

Download Presentation

Cyber Ecosystem & Data Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Cyber Ecosystem & Data Security Subhro Kar CSCE 824, Spring 2013 University of South Carolina, Columbia

  2. What is an Ecosystem? • Definition • Functional Units • Relationships • Balance • Comparison with Cyber Space

  3. Biological Ecosystems • The system is closely related • The balance is always maintained • Relationships are well defined • Monitored by nature Source: http://www.tutorvista.com/content/biology/biology-iv/ecosystem/food-web.php

  4. Evolution of the Cyber Ecosystem

  5. A typical Network Diagram Source: http://www.broadband.gov/plan/16-public-safety/

  6. What is a Cyber Ecosystem? • Entities in network are not merely considered in isolation • Each member has a specific goal • Each member is related to every other member in one way or the other • Processes are important • Anticipate and prevent attacks • Limit the speed of attacks across devices • Recover to a trusted state

  7. What is a Cyber Ecosystem? • Devices has a level of built in Security • Automated responses • Immunity

  8. Malware Ecosystem • Each member in the ecosystem has a specific purpose • Each of the members respond to the behaviour of other members • Automated upto an extent • Monitoring the whole process

  9. Building Blocks • Automated Course of Actions • Pro-active responses • Speed of response matches the speed of attacks • Being able to decide on solutions based on historical data • Sharing of Information at different levels from local to global • Rapid learning procedures • Communications guided by policy rather than constraints • High levels of collaboration and interoperability • Authentication

  10. Types of Attacks • Brute force attacks • Malware • Hacking attempts • Social Engineering • Insiders • Physical loss and theft

  11. Monitoring • Monitoring forms one of the foundations of the Cyber Ecosystem • Informs about anomalies so that proper countermeasures can be taken • Does not always happen at the system level contrary to standard device monitoring

  12. Business Process Monitoring • Holy grail of monitoring systems • Highest level of abstraction • Generally related to long running transactions • Can serve as a ready metric for overall success of the system • Can only detect problems post their occurrences • Uses complex business logic • Goal: To maintain business continuity

  13. Functional Monitoring • Lower level than Business Process Monitoring • Granularity limited to a single application or node in a distributed architecture • Goal: To assess the availability as well as performance of a system • Generally done by bots running scripts on individual systems • Incapable of deciding on countermeasures

  14. Technical Monitoring • Monitoring as a typical system administrator understands • Lowest level of monitoring and responsible for individual pieces of software • Subsystems are considered in isolation and has nothing to do with their contribution to the system • Ideal place for designing incident response since the monitoring system is aware of how to modify behaviour of individual subsystems.

  15. Intelligence and Experience Gathering • Currently lacking in existing systems • Could be based on statistical models and data modeling • Should become more accurate based on experience • Should be able to heuristically identify attacks • Could put up some defence against 0 day attacks

  16. Okay!! I got attacked… Now what??!!

  17. Incident Response • Targets for restoring the balance of the ecosystem just like its biological brother • Either filter it out or sacrifice parts of the system to facilitate containment • Not an isolated process. There are lots of loopbacks to the monitoring • Dynamically adjusts itself to adjust response based on current monitoring data

  18. How does everything fit together? • It is a continuous process • Dynamic • Historical data is important • Business continuity important • The goal of the attacker might not be the epicenter of the attack Source: http://blogs.csoonline.com/business_continuity_event_planning_the_incident_response_team

  19. Incident Response - Implementation • Firewalls • Intrusion Detection and Prevention Systems • Log servers • Configuration Management Servers • Offline resources like Debuggers

  20. Desired Cyber Ecosystem Capabilities • Automated Defense Identification, Selection, and Assessment Authentication • Interoperability • Machine Learning and Evolution • Security Built in • Business Rules-Based Behavior Monitoring • General Awareness and Education

  21. Desired Cyber Ecosystem Capabilities • Moving Target • Privacy • Risk Based Data Management • Situation Awareness • Tailored Trustworthy spaces

  22. Where we stand… • The ecosystem is far from automated. We have a long way to go • Triangulating automated decisions are complicated. Most of the processes are manual and will probably remain so in the near future • The weakest link is generally the End Users • Insiders can cause havocs • It is always about the financial incentive of being able to build a proper ecosystem.

  23. References • Developing a healthy cyber ecosystem, http://www.mitre.org/news/digest/homeland_security/10_11/cyber_ecosystem.html • Enabling Distributed Security in Cyberspace, http://www.dhs.gov/xlibrary/assets/nppd-cyber-ecosystem-white-paper-03-23-2011.pdf • Cybersecurity Ecosystem – The Future? http://www.nextgov.com/cybersecurity/cybersecurity-report/2011/03/cybersecurity-ecosystem-the-future/54390/ • Enabling Distributed Security in Cyberspace, http://blogs.msstate.edu/ored/Cyber%20Ecosystem%20I3P%20Presentation%2016%20April%202012%20MSU%20ras.ppt

  24. Questions?? Source: http://what-if.xkcd.com

More Related