Upload File

Download - The OODA Loop: A Holistic Approach to Cyber Security

Transcript
Page 1: The OODA Loop: A Holistic Approach to Cyber Security

The OODA Loop: A Holistic Approach to Cyber Security

TK Keanini, CTO Lancope Dude, follow me on twitter @tkeanini

Page 2: The OODA Loop: A Holistic Approach to Cyber Security

Cyber Security Strategy Retrospective

2

Fragmented Tactics

Deterministic Threat

Push exploits to Enterprise

Single-Step Exploits

Overt Tactics (cost to exploit)

Threat Intelligence Optional

Holistic Strategy

Adaptive Threat

Pull exploits to Enterprise

Multi-Step Exploits

Covert Tactics (cost to remain hidden)

Threat Intelligence Mandatory

Continuously evaluate your strategy

Yesterday Today

Presenter
Presentation Notes
Poll: Who has been going Information security longer than 10 years? 20 years? “Put all your eggs in one basket and then protect that basket as well as you can” – old way
Page 3: The OODA Loop: A Holistic Approach to Cyber Security

A Holistic Approach to Cyber Security

• Holistic Strategy (Framing the Conflict) • Holistic Telemetry (Data Complete) • Holistic Understanding (Information and

Knowledge Complete)

3

Page 4: The OODA Loop: A Holistic Approach to Cyber Security

Holistic Strategy

• Inclusive of all the players – Not just operations, must include bad guys

• Must be a continuous process – If it does not look like a loop, it’s probably

wrong

• A framework for the changing dynamics of conflict – Understanding the game dynamics

• Sun Tzu • Musashi • Clausewitz

How to Best Frame Conflict

4

Page 5: The OODA Loop: A Holistic Approach to Cyber Security

Colonel John Boyd (1927 – 1997)

• Fighter Pilot – Forty-Second Boyd

• Military Theories – Energy Maneuverability Theory

• Drove requirements for the F15 and F16 – Discourse on Winning & Losing – Destruction & Creation – Many modern military strategies based on Boyd

• The OODA Loop – the concept that all combat, indeed all human competition from

chess to soccer to business, involves a continuous cycle of Observation, Orientation, Decision, and Action

Page 6: The OODA Loop: A Holistic Approach to Cyber Security

Simplified OODA in the Context of Time

• Intelligence — Observation

— Orientation

• Execution — Decision

— Action

Page 7: The OODA Loop: A Holistic Approach to Cyber Security

Feedback Loops of the OODA Loop

Page 8: The OODA Loop: A Holistic Approach to Cyber Security

Conflict: Red vs. Blue O O D A

A D O O

Red Ops Blue Ops

Spin your loop faster than your adversary

OODA for Cyber Security

Page 9: The OODA Loop: A Holistic Approach to Cyber Security

OODA Loop Summary

• Observation and Orientation (OO) increases your perceptive boundaries. – Superior Situational Awareness

• Sampling Rate of the OO is relative to the rate of change – Fast enough to represent change

• Decision and Actions raise the cost to your adversaries’ Observation/Orientation

• Operate at a faster tempo or rhythm than our adversaries

Ultimately you are making it more expensive for the adversary to operate and hide

Page 10: The OODA Loop: A Holistic Approach to Cyber Security

Holistic Telemetry

• Multi Sensor – No place to hide

(space and time)

• Metadata as Context

• Observation of Data – Completeness

• Orientation of Information – User Centric – App Centric

Data Complete

10

Flows

IP

MAC

Noun S: (n) telemetry (automatic transmission and measurement of data from remote sources by wire or radio or other means)

App

Users

Presenter
Presentation Notes
[images] Detection (Comprehension of the Parts) Telemetry Must be all of the network They will hide where you have no detection Data and Metadata Flow Data/Metadata User Data/Metadata Application Data/Metadata Etc… Techniques of Detection
http://wordnetweb.princeton.edu/perl/webwn?o2=&o0=1&o8=1&o1=1&o7=&o5=&o9=&o6=&o3=&o4=&s=telemetry&i=0&h=0#c
Page 11: The OODA Loop: A Holistic Approach to Cyber Security

Holistic Understanding Intelligence

11

Craft Knowledge •Synthesis of Information Sets •Know how •Observer Centric

Fusion of Data Information •Synthesis of Data Sets • Information Sets

Atomic Data • Identifiers, Addresses, Counts, Types, etc. •Sets of Signals & Symbols

Analytic Synthetic

Presenter
Presentation Notes
[images] Data becomes Information: Synthesis/Analytics All is too much so quickly synthesize the “right” set Data becomes Information Orientation/Centricity SenseMaking
Page 12: The OODA Loop: A Holistic Approach to Cyber Security

Holistic Cyber Security The Art of Cyberwar

12

Decision

Action

Observation

Orientation

Data

Information

Knowledge

Automated

Semi Automated

Manual

SDN Cloud

Page 13: The OODA Loop: A Holistic Approach to Cyber Security

OODA Loop and the Kill Chain

Infiltration

Exfiltration

Page 14: The OODA Loop: A Holistic Approach to Cyber Security

Your Infrastructure Provides the Observation...

Internet Atlanta

San Jose

New York

ASR-1000

Cat6k

UCS with Nexus 1000v

ASA Cat6k

3925 ISR

3560-X

3850 Stack(s)

Cat4k Datacenter

WAN

DMZ

Access

NetFlow

NetFlow

NetFlow

NetFlow

NetFlow

NetFlow

NetFlow

NetFlow

NetFlow

NetFlow

NetFlow

NetFlow

NetFlow

NetFlow

NetFlow NetFlow

© 2013 Lancope, Inc. All rights reserved. 14

Page 15: The OODA Loop: A Holistic Approach to Cyber Security

…for Total Visibility from Edge to Access. StealthWatch delivers the Orientation

Internet Atlanta

San Jose

New York

ASR-1000

Cat6k

UCS with Nexus 1000v

ASA Cat6k

3925 ISR

3560-X

3850 Stack(s)

Cat4k Datacenter

WAN

DMZ

Access

© 2013 Lancope, Inc. All rights reserved. 15

Page 16: The OODA Loop: A Holistic Approach to Cyber Security

Data Observation

16 © 2013 Lancope, Inc. All rights reserved.

Page 17: The OODA Loop: A Holistic Approach to Cyber Security

Geographic Traffic Orientation

Page 18: The OODA Loop: A Holistic Approach to Cyber Security

Time of Day Orientation

Page 19: The OODA Loop: A Holistic Approach to Cyber Security

User Location Orientation

Page 20: The OODA Loop: A Holistic Approach to Cyber Security

Data Hoarding Orientation

Page 21: The OODA Loop: A Holistic Approach to Cyber Security

Data Disclosure Orientation

Page 22: The OODA Loop: A Holistic Approach to Cyber Security

http://www.lancope.com

@Lancope (company) @netflowninjas (company blog)

https://www.facebook.com/Lancope

http://www.linkedin.com/groups/NetFlow-Ninjas-2261596/about

https://plus.google.com/u/0/103996520487697388791/posts

http://feeds.feedburner.com/NetflowNinjas

Thank You

22 © 2013 Lancope, Inc. All rights reserved.

TK Keanini, Chief Technology Officer [email protected] @tkeanini

http://www.lancope.com
https://www.facebook.com/Lancope
https://www.facebook.com/Lancope
http://www.linkedin.com/groups/NetFlow-Ninjas-2261596/about
http://www.linkedin.com/groups/NetFlow-Ninjas-2261596/about
http://www.linkedin.com/groups/NetFlow-Ninjas-2261596/about
http://www.linkedin.com/groups/NetFlow-Ninjas-2261596/about
http://www.linkedin.com/groups/NetFlow-Ninjas-2261596/about
https://plus.google.com/u/0/103996520487697388791/posts
http://feeds.feedburner.com/NetflowNinjas
http://feeds.feedburner.com/NetflowNinjas
mailto:[email protected]

Top Related

Holistic Care Dan Transkultural
Holistic Care Dan Transkultural
An Holistic Approach
An Holistic Approach
Holistic Life τεύχος 55
Holistic Life τεύχος 55
TBC HOLISTIC EMPOWERMENT
TBC HOLISTIC EMPOWERMENT
Holistic Life - Τεύχος 73
Holistic Life - Τεύχος 73
Holistic Life τεύχος 72
Holistic Life τεύχος 72
Holistic Life τεύχος 36
Holistic Life τεύχος 36
Holistic Life τεύχος 41
Holistic Life τεύχος 41