Loading…
FloCon 2019 has ended

Sign up or log in to bookmark your favorites and sync them to your phone or calendar.

General Session [clear filter]
Thursday, January 10
 

8:30am

Detecting Lateral Movement with a Compute-intense Graph Kernel
Both successful intruders and internal abusers of computer networks seek to move laterally in an enterprise network, to discover other sources of valuable information; detection of lateral movement remains a valuable analytic for cybersecurity analysts. We calculate maximum independent set, an NP-hard graph kernel, on a graph composed of point-to-point (e.g., ssh and RDP) connections, to detect lateral movement. In addition to assessing whether the atypical lateral movement is tree-like and suspect, we display it in the network graph context so an analyst can judge the likely risk. We seek data with known lateral movement to validate the analytic. This work extends the cybersecurity trend of applying more computing to a smaller fraction of the data, such as O(n^2) analytics like betweenness centrality. This trend anticipates the rapidly growing computational performance of early quantum computers from D-Wave Systems, enabling use of graph kernels with exponential computational cost on small (by cyber standards) datasets. We discuss the implications of using these more compute-intense kernels.

Attendees will Learn: 
  • How a set of analytic kernels that detect global characteristics and that analysts may not have considered are useful
  • Add an additional tool to the analytic toolbox

Speakers
avatar for Steve Reinhardt

Steve Reinhardt

Director of Customer Applications, D-Wave Government Inc.
Steve Reinhardt has built hardware and software systems that deliver new levels of performance:  usable via conceptually simple interfaces, including Cray Research’s T3E distributed-memory systems, ISC’s Star-P parallel-MATLAB software, and YarcData/Cray’s Urika graph-analytic... Read More →



Thursday January 10, 2019 8:30am - 9:00am
Grand Ballroom 300 Bourbon St, New Orleans, LA 70130

9:00am

Time-based Correlation of Malicious Events and their Connections
In the cyber security arena, many events of interest occur in conjunction with network connection events. For example, a connection to a suspected malware command and control node might proceed a hidden process disabling security logging on a compromised computer. Associating such malicious events with their related connections is a critical task in network forensics. Often times a suspicious connection can tip off investigators to previously overlooked events and vice versa. However, in many cases, associating events with corresponding connections is difficult due to network layering, dynamic addressing, or gaps in sensor coverage. Inevitably, the investigator will invoke timestamps to help correlate events with possible connections. In this presentation, we discuss automating this approach with a Time Based Correlation big data analytic that uses a statistical approach to gauge independence in events and possibly related connections. We include the results of a validating discrete event simulation that identifies under which conditions this approach provides the best performance and fewest false positives. We discuss scaling this analytic to the DoD enterprise level and its use in helping detect various anomalies.

Attendees will learn:
Attendees will learn how to automate the use of statistics to help link events and connections in a timeline during an incident or forensic investigation. This includes under which conditions time can be definitive in linking events and when it must be combined with other methods.

Speakers
avatar for Steven Henderson

Steven Henderson

Lead Data Scientist, Enlighten IT Consulting
Steve Henderson is the Lead Data Scientist at Enlighten IT Consulting, where he supervises petabyte-scale data science analytics in support of DoD cyber operations for USCYBERCOM, ARCYBERCOM, and DISA. Steve is a 23-year Army veteran who is an expert in data science systems engineering... Read More →
avatar for Brittany Nicholls

Brittany Nicholls

Cloud Software Engineer, Enlighten IT Consulting
Brittany Nicholls is a Technical Lead who oversees a team of software engineers at Enlighten IT Consulting, LLC, an Alion Company. She and her team are currently focused on advancing the fusion of cloud analytics and visualizations. These innovative tools assist Defensive Cyber Operations... Read More →



Thursday January 10, 2019 9:00am - 9:30am
Grand Ballroom 300 Bourbon St, New Orleans, LA 70130

9:30am

Quantum Approach to Inverse Malware Eradication
A quantum approach to malware eradication addresses the needs of organizations, which are facing a shortage of cybersecurity staff and resources, to tackle the increasing and dynamic cyber threat they are facing in a distributed and mobile computing environment. This approach closes the existing security gap and provides entities with a layer of security and protection between end-user and the Internet. It also provides a new sensing capability to provide a novel vantage point for threats in near real-time while sharing that visibility through standardized methodologies. The quantum approach to malware eradication inverts current common practices through the rewrite of binaries and documents to drive inbound and outbound files into compliance with permitted behaviors—an organization’s pre-established file risk parameters. This approach borrows from a variety of reductionist models introduced over the last few decades across the physical, biological and social sciences to analyze, describe and at times control the emergent properties of complex adaptive systems at their most fundamental, constituent levels. Positing that a file, including its content and behavior, emerges from the complex interactions of its constituent parts, the approach reduces it to predictable building-blocks and then regenerates them in accordance with a controlled, pre-established rule set without an impact to content, but with risk-based behavior controls. Interdicting files before they reach an endpoint, the quantum approach offers the opportunity to significantly reduce the vulnerability introduced into enterprises by the human user who is susceptible to a variety of social engineering attacks. It is the ultimate “left of boom” method that eliminates as much malware as all retroactive detection methods combined with no human interaction. Combining these methods is the future. It is scalable such that small- and medium-sized organizations can afford it, and it is flexible such that it can be applied across multiple use-cases.

Attendees will Learn:
​​​​Quantum rewrites of binaries and documents to support permitted behaviors is the inverse of malware response where content needs to be detected, analyzed and/or detonated. It is the ultimate “left of boom” method that eliminates as much malware as all retroactive detection methods combined with no human interaction. The goal is to inform the attendees that using a 'pass only known good' methodolgy through a quantum approach simplifies the solution and the future of information security will benefit from an inverted approach to security.

Speakers
avatar for Daniel Medina

Daniel Medina

Director, Strategic & Technical Engagement, Glasswall Solutions Inc.
Daniel V. Medina is currently the Director of Strategic and Technical Engagements at Glasswall Solutions Inc. In his current role, Mr. Medina is responsible for developing and leading strategic engagement, thought leadership, and business development for Glasswall Solutions Inc... Read More →
avatar for Matthew Shabat

Matthew Shabat

U.S. Strategy Manager, Glasswall Solutions
Matt Shabat is the U.S. Strategy Manager for Glasswall Solutions. He served for nearly 10 years in the U.S. Department of Homeland Security's Office of Cybersecurity and Communications, most recently as a cybersecurity strategist and as the Director of Performance Management, and... Read More →



Thursday January 10, 2019 9:30am - 10:00am
Grand Ballroom 300 Bourbon St, New Orleans, LA 70130