Home › Blog

Blog

Recent Blog Entries

  • The Case for Internet Situational Awareness
    Jan 20 2010
    dgabbard
    I spend a lot of time talking to people from all walks of life about situational awareness, and what it means for 'cyberspace.' While there are a growing number of people who seem to understand the concept, its importance, and the future trajectory it is on, I find a disproportionately high number of people - even those I would consider expert in this field - either don't understand or have not yet embraced situational awareness and the means by which it can improve security, operational capabilities, and hence the bottom line.
     
    Read more >>
  • The Cyber Intelligence Mecca: Ten Rules for Achieving Cyber Situational Awareness
    Nov 03 2009
    jlewis

    One thing is for certain, network analysts are overwhelmed with the amount of data available, and current analysis tools are not designed for the rapidly increasing data sets or demands created by modern networks. Identifying an emerging threat, identifying the nature and extent of the threat, and gaining perspective on its possible impact requires complete visibility into vast Internet pathways and real-time data integration.

    Read more >>
  • Network Analysis 2.0: Staying Ahead of the Threat Curve with AIRE
    Oct 28 2009
    jlewis

    Automation, innovation, reaction and expansion (AIRE) are the foundation of the next generation of analysis techniques and tools - Network Analysis 2.0. The importance of data network analysis is often overlooked, but it impacts many areas including cyber defense, cyber intelligence, law enforcement / investigative analysis, and financial and critical infrastructure. Cyber attacks are conducted daily by organized groups around the world, and network analysis is important for maintaining total cyber situational awareness.

    Read more >>
  • Network Topology Discovery and Exploitation
    Oct 26 2009
    jlewis

    Threats tend to be ignored if the impact of those threats is not fully understood. SNMP is a good example of a frequently ignored threat. Enabling public Read Only SNMP on a network device may open a door for attackers to map a network topology without generating a lot of suspicious network traffic. It's possible that port 161 queries from the Internet are suspicious, but might be overlooked if they originate from a compromised host on the local network.

    Read more >>
  • Cyber Response Assumptions Part V - Importance of Data Sharing
    Sep 28 2009
    dgabbard

    If the H1N1 outbreaks and the recently foiled airport bombing plans tell us anything, it's that information and information sharing are at the center of response for any significant security event. A significant cyber security event is certainly not going to be any different. Naturally, this type of data sharing should be bi-directional.

    Remember the fourth assumption - Data about the event(s) needs to be able to flow both up to decision makers and down to responding organizations.

    Read more >>
  • Cyber Response Assumptions Part IV - Data Flow is Critical
    Jul 08 2009
    dgabbard

     In the aftermath of a significant national cyber security incident, the ensuing coordination effort is likely to be a significant challenge. It's likely to be a challenge for a number of reasons - not the least of which was one of the assumptions outlined earlier:

    Read more >>
  • Cyber Response Assumptions Part III - No Traditional Boundaries in Cyberspace
    May 18 2009
    dgabbard

    Let's consider a hospital triage unit. Their job is to prioritize patients based on the severity of their condition, and to ensure that those in need of immediate attention get it quickly, while delaying attention and treatment to those less-critically injured.  To make a long story short, a patient with a broken arm arriving to a triage location at the same time as a patient in cardiac arrest will likely not receive attention until after the more severely injured patient receives care. It's a relatively well defined, easy to follow system.

    Read more >>