ARSTRAT Cyber Threat Center Concept Overview & HBGary Capabilities
Presentation Outline a. HBGary Overview a. Products b. Services b. ARSTRAT Cyber Threat Center Concept Overview
HBGary Federal a. Company established in 2005 b. HQs in Sacremento, CA offices in DC, establishing SCIF in Colorado c. Provide classified software and services, leveraging HBGary malware analysis product-line d. Greg Hoglund a. Founder, Chairman e. Aaron Barr a. CEO f. Ted Vera a. President | COO
Evolving Risk Environment a. Valuable cyber targets b. Attackers are motivated and well-funded c. Malware is sophisticated and targeted d. Existing security isn’t stopping the attacks
Traditional Malware Analysis is Difficult a. Requires lots of technical expertise b. Time consuming c. Expensive d. Doesn’t scale
HBGary Responder
Digital DNA a. Automated malware detection b. Behavior based software classification system c. 3500 software and malware behavioral traits d. Example a. Huge number of key logger variants in the wild b. About 10 logical ways to build a key logger
Digital DNA Ranking Software Modules by Threat Severity 0 B 8 A C 2 05 0 F 51 03 0 F 64 27 27 7 B ED 06 19 42 00 C 2 02 21 3 D 00 63 02 21 8 A C 2 0 F 51 0 F 64 Software Behavioral Traits
HBGary Cybersecurity Services a. Advanced malware detection & threat analysis b. Live first response triage of servers and workstations c. Enterprise scope of breach analysis d. Root cause analysis e. Malware analysis f. Enterprise containment, mitigation and remediation
HBGary IO Mission Expertise a. Computer Network Operations a. Computer Network Attack a. Custom malware development b. Computer Network Exploitation a. Persistent software implants c. Covert Communications a. Netcentric b. Space Based b. Influence Operations a. Netcentric influence operations b. Payload & platform development c. Campaign management
CNA/CNE 0 -day Exploit Development a. Unpublished 0 -day Exploits (on the shelf) a. VMware ESX and ESXi b. Win 2 K 3 Terminal Services c. Win 2 K 3 MSRP d. Solaris 10 RPC e. Adobe Flash f. Sun Java g. Win 2 k Professional & Server h. XRK Rootkit and Keylogger i. (Next. Gen) Rootkit 2009
Space-based IO a. Space-based COVCOM system a. Uses COTs capabilities b. Secure message traffic c. Red - Black interface d. Secure space-based implant C 2
HBGary Malware Feed Processor a. Malware feeds (over $25 K in subscriptions) b. Receives thousands of malware samples daily c. 64 simultaneous VMWare instances of Windows d. HBGary Responder automated reverse engineering of 5000 unique malware daily e. Automated signature, DDNA behavior, and social analysis (attribution) f. Accessible via online Portal Nobody else does this!
HBGary Feed Processor Portal
1 st IO / ACERT Challenges a. 1 st IO / ACERT is tactically focused on infections rather than threats and lacks the fundamental tools to improve cybersecurity: a. Lack adequate malware analysis and incident response staff b. Workflow and knowledge management c. Communications and Collaboration d. Resource Characterization and Visualization e. Mission Impact and COAs
How can ARSTRAT Help the Cyber Mission? ARSTRAT Cyber Threat Center a. ARSTRAT can drive past the vehicles of infection to analyze and identify the threats and their methods of attack - attribution. b. ARSTRAT can provide cyber threat products to subordinate commands. Enhance their capability to fight infections. c. ARSTRAT cyber threat products would significantly benefit the entire cybersecurity community.
ARSTRAT Cyber Threat Center a. All-source analysis a. Blueshash/Tutiledge Alerts b. Joint Cyber Database (JCD) b. HBGary feed processor a. Automatically REs 5000 malware/day (scalable) b. Racks and stacks by severity c. Force multiplier - queues malware up for analysts c. Staffing Requirement: 6 FTEs a. 1 Threat Analyst (Palantir) a. Link analysis of threat b. 3 FTE malware/threat analyst (REs) c. 2 FTE linguist/analysts (chinese & russian)
ARSTRAT Cyber Threat Products a. Threat Maps a. Link analysis b. Threat Vectors c. Distributed Malware association b. Threat Reports a. Digital DNA sequences (behaviors) b. Threat markers c. Author Digital Fingerprints - attribution c. Evolution of attacks / the threats
Questions? Aaron Barr aaron@hbgary. com Ted Vera ted@hbgary. com
Скачать презентацию ARSTRAT Cyber Threat Center Concept Overview HBGary
186f851c77edf6097bfdd59bd76e8938.ppt