Transcription
UNCLASSIFIEDBig Data Platform (BDP) and CyberSituational Awareness AnalyticCapabilities (CSAAC)Daniel V. BartDISA Infrastructure DevelopmentCyber Situational Awareness and Analytics22 April 2016UNCLASSIFIEDUNITED IN SERVICE TO OUR NATION
UNCLASSIFIEDPresentation Disclaimer“The information provided in this briefing is for general information purposesonly. It does not constitute a commitment on behalf of the United StatesGovernment to provide any of the capabilities, systems or equipmentpresented and in no way obligates the United States Government to enter intoany future agreements with regard to the same. The information presentedmay not be disseminated without the express consent of the United StatesGovernment. This brief may also contain references to United StatesGovernment future plans and projected system capabilities. Mention of theseplans or capabilities in no way guarantees that the U.S. Government will followthese plans or that any of the associated system capabilities will be availableor releasable to foreign governments.”UNCLASSIFIEDUNITED IN SERVICE TO OUR NATION2
UNCLASSIFIEDCyber Situational AwarenessAccess to all the rawdataUNCLASSIFIEDMine and Fuse datainto observationsIdentify patterns andindicators that areout of the normUNITED IN SERVICE TO OUR NATIONIdentify aggregateanomalous behaviorsthat fit a maliciousprofile3
UNCLASSIFIEDKey DefinitionsBig Data Platform (BDP)The BDP provides a common computing solution capable of ingesting, storing, processing,sharing, and visualizing multiple petabytes of data from DoD Information Network (DoDIN)sourcesCyber Situational Awareness Analytic Capabilities (CSAAC)DODIN Ops / Situational AwarenessCSAAC is the set of widgets, analytics, ingest code, and data structures deployed on the BDPproviding unified situational awareness across DODIN Operations and Defense CyberspaceOperations (DCO)Enterprise Services MonitoringUNCLASSIFIEDUNITED IN SERVICE TO OUR NATION4
UNCLASSIFIEDCyber Situational Awareness Framework with Big ntelDATA INGEST SERVICEDISNOSSUNCLASSIFIEDCyber DefenseNear Real andReal TimeANALYTIC PLATFORMAnalyzeCollect ialCloud*FederalCDCs/DECCEnclaves &Gateways End Points*CyberIntel*DIB*Future IntegrationDATA SOURCESUNITED IN SERVICE TO OUR NATION5
UNCLASSIFIEDInfrastructure, Data, Analytic Integration Management (IDAIM)Data acquisition – Data acquisition methodology and operationsbased upon user/community use case requirementsAnalytic Development Management – Governance policies andprocesses for internal/external tool development and cloudintegrationBig Data Platform (BDP) Baseline Change Management – BDP baseline tool integrationbased upon community use cases/requirementsRequirements Management – Requirements gathering, dissemination, scoring andintegration for BDP/CSAAC enhancementsKnowledge Base / Collaboration – Environment for developers to access what otheranalysts / data scientists are working on across the DoDGovernance Portal ‐ e/SitePages/Home.aspxData Portal ‐ SSIFIEDUNITED IN SERVICE TO OUR NATION6
UNCLASSIFIEDBig Data Platform Community efforts Statistical ModelingRisk ModelingData Scientist ViewMission mappingTargeted NetworkDefenseUNCLASSIFIED Navy Tactical CloudGeospatialVisualizationGraphical BasedQuery Targeted NetworkDefenseData Scientist ViewBehavioral AnalyticsDARPA Net DefenseUNITED IN SERVICE TO OUR NATION Cyber AdvancedAnalyticsPersistent MalwareDetectionBehavioralAnalyticsMachine Learning Anomaly DetectionAdvanced AnalyticsMission MappingData SharingIncident ManagementVulnerabilityManagement7
UNCLASSIFIEDNetwork Operations Capability Focused on situational awareness of enterprise servicesGives visual indications for health and status of DoD Enterprise EmailAllows for quick problem overviewAllows understanding of customers affected if system issues areoccurring How many customers?Where are they located?What Service do they work for?DODIN Ops / Situational AwarenessUtilized by DISA Operations and DoD EnterpriseEmail customersEnterprise Services MonitoringUNCLASSIFIEDUNITED IN SERVICE TO OUR NATION8
UNCLASSIFIEDComputer Network Defense Capability Focused on Cyber Threat AnalysisAbility to automatically ingest, analyze, and update cyber threatinformation from reportsAnswers the following questions based on data already ingested UNCLASSIFIEDHave we seen this threat before ?Where have we seen this threat across the DoDIN ?Who else has reported this threat ?Do we have an existing counter measure in place / where ?Allows a automated workflow to create newcounter measuresUtilized by DISA DCC and Cyber Operations teamsacross DoDUNITED IN SERVICE TO OUR NATIONDefensive Cyber OpsFight by Indicator (FbI)9
UNCLASSIFIEDAnomaly Detection Suite Capability Focused on Internal Threat AnalysisBrings together data from NIPR and SIPR to identify anomaliesProvides visibility into DoD users’ network activity to assist withinquiry and investigation proceduresAudit ManagementUses Big Data to perform complex analyticswhich result in focused resultsUtilized by DISA Risk management, MissileDefense, Army ARCYBERInsider Threat Detection ServiceUNCLASSIFIEDUNITED IN SERVICE TO OUR NATION10
UNCLASSIFIEDOpportunities to Assist Commitment to Open Architecture / Open Standards Enterprise Architecture Need automated capability(s) to enable secure continuous integration into operationsLeverage Data Repositories UNCLASSIFIEDHow to facilitate information sharing to minimize redundant effortsDEVOPS / Agile Environment Need more subject matter expertise for problem determination/solvingCollaboration Environment Foundational for analytics reuse and common Situational AwarenessData Scientists How to best support the DoD level at scale, federation, and hierarchyData Standards, Catalogs, and Tagging Can’t tear out and replace large parts of a capability with each good ideaStrengthen authoritative lineage and reduce excessive storage instancesUNITED IN SERVICE TO OUR NATION11
UNITED IN SERVICE TO OUR NATIONUNCLASSIFIED12
Big Data Platform (BDP) and Cyber Situational Awareness Analytic Capabilities (CSAAC) . DISA Infrastructure Development Cyber Situational Awareness and Analytics 22 April 2016. UNCLASSIFIED 2 UNCLASSIFIED UNITED IN SERVICE TO OUR NATION Presentation Disclaimer "The information provided in this briefing is for general information purposes .
