the ooda loop: a holistic approach to cyber security

Report

Tags:

Post on 19-Oct-2014

3.111 Views

Category:

Technology

9 Downloads

Preview:

Click to see full reader

DESCRIPTION

A holistic approach to cyber security is one that includes the threat actors, advance telemetry of the network and a defensive strategy that continuously adapts to the adversaries capability and threat landscape. By collecting and analyzing network data via technologies such as NetFlow, organizations can obtain the security intelligence needed to fill in the gaps left by conventional tools and more effectively feed their OODA loop - a cyclical process for Observation, Orientation, Decision and Action. By embracing the OODA loop, and turning the network into a sensor grid for delivering key security information, organizations can dramatically improve their situational awareness, incident response and forensics procedures. When you leave this session you will... • Understand how the motives and techniques of online attackers have changed over the last couple of decades • Realize why conventional security tools like firewalls and antivirus are no longer enough to fend off today’s advanced threats, and why more holistic cyber security strategies are needed • Know about the “OODA loop” and how it can be applied to cyber security to protect IT infrastructure and data from advanced adversaries • Understand how network data such as NetFlow can be cost-effectively collected and analyzed to feed and speed up your OODA loop • Have a strategy for dramatically improving incident response and forensics

TRANSCRIPT

The OODA Loop: A Holistic Approach to Cyber Security

TK Keanini, CTO Lancope Dude, follow me on twitter @tkeanini

Cyber Security Strategy Retrospective

2

Fragmented Tactics

Deterministic Threat

Push exploits to Enterprise

Single-Step Exploits

Overt Tactics (cost to exploit)

Threat Intelligence Optional

Holistic Strategy

Adaptive Threat

Pull exploits to Enterprise

Multi-Step Exploits

Covert Tactics (cost to remain hidden)

Threat Intelligence Mandatory

Continuously evaluate your strategy

Yesterday Today

Presenter
Presentation Notes
Poll: Who has been going Information security longer than 10 years? 20 years? “Put all your eggs in one basket and then protect that basket as well as you can” – old way

A Holistic Approach to Cyber Security

• Holistic Strategy (Framing the Conflict) • Holistic Telemetry (Data Complete) • Holistic Understanding (Information and

Knowledge Complete)

3

Holistic Strategy

• Inclusive of all the players – Not just operations, must include bad guys

• Must be a continuous process – If it does not look like a loop, it’s probably

wrong

• A framework for the changing dynamics of conflict – Understanding the game dynamics

• Sun Tzu • Musashi • Clausewitz

How to Best Frame Conflict

4

Colonel John Boyd (1927 – 1997)

• Fighter Pilot – Forty-Second Boyd

• Military Theories – Energy Maneuverability Theory

• Drove requirements for the F15 and F16 – Discourse on Winning & Losing – Destruction & Creation – Many modern military strategies based on Boyd

• The OODA Loop – the concept that all combat, indeed all human competition from

chess to soccer to business, involves a continuous cycle of Observation, Orientation, Decision, and Action

Simplified OODA in the Context of Time

• Intelligence — Observation

— Orientation

• Execution — Decision

— Action

Feedback Loops of the OODA Loop

Conflict: Red vs. Blue O O D A

A D O O

Red Ops Blue Ops

Spin your loop faster than your adversary

OODA for Cyber Security

OODA Loop Summary

• Observation and Orientation (OO) increases your perceptive boundaries. – Superior Situational Awareness

• Sampling Rate of the OO is relative to the rate of change – Fast enough to represent change

• Decision and Actions raise the cost to your adversaries’ Observation/Orientation

• Operate at a faster tempo or rhythm than our adversaries

Ultimately you are making it more expensive for the adversary to operate and hide

Holistic Telemetry

• Multi Sensor – No place to hide

(space and time)

• Metadata as Context

• Observation of Data – Completeness

• Orientation of Information – User Centric – App Centric

Data Complete

10

Flows

IP

MAC

Noun S: (n) telemetry (automatic transmission and measurement of data from remote sources by wire or radio or other means)

App

Users

Presenter
Presentation Notes
[images] Detection (Comprehension of the Parts) Telemetry Must be all of the network They will hide where you have no detection Data and Metadata Flow Data/Metadata User Data/Metadata Application Data/Metadata Etc… Techniques of Detection
http://wordnetweb.princeton.edu/perl/webwn?o2=&o0=1&o8=1&o1=1&o7=&o5=&o9=&o6=&o3=&o4=&s=telemetry&i=0&h=0#c

Holistic Understanding Intelligence

11

Craft Knowledge •Synthesis of Information Sets •Know how •Observer Centric

Fusion of Data Information •Synthesis of Data Sets • Information Sets

Atomic Data • Identifiers, Addresses, Counts, Types, etc. •Sets of Signals & Symbols

Analytic Synthetic

Presenter
Presentation Notes
[images] Data becomes Information: Synthesis/Analytics All is too much so quickly synthesize the “right” set Data becomes Information Orientation/Centricity SenseMaking

Holistic Cyber Security The Art of Cyberwar

12

Decision

Action

Observation

Orientation

Data

Information

Knowledge

Automated

Semi Automated

Manual

SDN Cloud

OODA Loop and the Kill Chain

Infiltration

Exfiltration

Your Infrastructure Provides the Observation...

Internet Atlanta

San Jose

New York

ASR-1000

Cat6k

UCS with Nexus 1000v

ASA Cat6k

3925 ISR

3560-X

3850 Stack(s)

Cat4k Datacenter

WAN

DMZ

Access

NetFlow

NetFlow

NetFlow

NetFlow

NetFlow

NetFlow

NetFlow

NetFlow

NetFlow

NetFlow

NetFlow

NetFlow

NetFlow

NetFlow

NetFlow NetFlow

© 2013 Lancope, Inc. All rights reserved. 14

…for Total Visibility from Edge to Access. StealthWatch delivers the Orientation

Internet Atlanta

San Jose

New York

ASR-1000

Cat6k

UCS with Nexus 1000v

ASA Cat6k

3925 ISR

3560-X

3850 Stack(s)

Cat4k Datacenter

WAN

DMZ

Access

© 2013 Lancope, Inc. All rights reserved. 15

Data Observation

16 © 2013 Lancope, Inc. All rights reserved.

Geographic Traffic Orientation

Time of Day Orientation

User Location Orientation

Data Hoarding Orientation

Data Disclosure Orientation

http://www.lancope.com

@Lancope (company) @netflowninjas (company blog)

https://www.facebook.com/Lancope

http://www.linkedin.com/groups/NetFlow-Ninjas-2261596/about

https://plus.google.com/u/0/103996520487697388791/posts

http://feeds.feedburner.com/NetflowNinjas

Thank You

22 © 2013 Lancope, Inc. All rights reserved.

TK Keanini, Chief Technology Officer tk@lancope.com @tkeanini

http://www.lancope.com
https://www.facebook.com/Lancope
https://www.facebook.com/Lancope
http://www.linkedin.com/groups/NetFlow-Ninjas-2261596/about
http://www.linkedin.com/groups/NetFlow-Ninjas-2261596/about
http://www.linkedin.com/groups/NetFlow-Ninjas-2261596/about
http://www.linkedin.com/groups/NetFlow-Ninjas-2261596/about
http://www.linkedin.com/groups/NetFlow-Ninjas-2261596/about
https://plus.google.com/u/0/103996520487697388791/posts
http://feeds.feedburner.com/NetflowNinjas
http://feeds.feedburner.com/NetflowNinjas
mailto:tk@lancope.com

top related

holistic life - Τεύχος 73
Documents
holistic life profile
Documents
holistic bilingual
Documents
holistic life τεύχος 53
Documents
holistic life Τεύχος 70
Documents
roles of higher education institutions (heis) in …30...
Documents
holistic life τεύχος 62
Documents
holistic life τεύχος 65
Documents
holistic life τεύχος 72
Documents
holistic life issue 51
Documents
a holistic approach to iftt fi iinfrastructure...
Documents
the 7th roundtable meeting of asia-pacific network for...
Documents
holistic wellbeing
Documents
holistic life τεύχος 57
Documents
کاربرد مدل جامع قابلیت های...
Documents
holistic tourism brochure
Documents
holistic life 35
Documents
tbc holistic empowerment
Business
holistic life _Τεύχος 56
Documents
productos holistic life
Health & Medicine