OUR WORK

 WE BELIEVE THE SYNTHESIS OF THREE FUNDAMENTAL COMPONENTS CAN UNLOCK NECESSARY ANSWERS

info-sharing-01Operationalizing Threat Intelligence and Effective Information Sharing

Security Enhanced Software-Defined Networks (SDNs)

Endpoint Fluxing

 

info-sharing-01Operationalizing Threat Intelligence and Effective Information Sharing

SHARED THREAT FEEDS CAN HELP ANSWER KEY QUESTIONS ABOUT DIGITAL ASSETS

For the first time in history the foundational infrastructure for automatically sharing cyber threat indicators is now a public and private sector reality. Timely and accurate information sharing between the government and the private sector has the potential to raise the cost to our nation’s adversaries, but it could also overwhelm operators if not properly implemented. The incorporation of threat feeds – the operationalization of them – will help answer what digital assets are doing, identify when unacceptable risks are present, and pave the way for increased automation.

 

Security Enhanced Software-Defined Networks (SDNs)

SECURITY ENHANCED SDNs CAN PROVIDE INSIGHT NOT PREVIOUSLY POSSIBLE

SDNs will forever change the networking world. Where traditional methods of building networks typically involve the use of “vertically integrated” systems, SDN-based ecosystems are increasingly leveraging open and “disaggregated” components. We believe these components – if properly enhanced – can deliver better situational awareness, essential context, and ultimately better network security. We are exploring the use of machine learning to provide automated asset identification, and identifying orchestration functions that are necessary to fully automate low latency information capture, processing, and tipping.

 

Endpoint Fluxing

RETHINKING ENDPOINTS COULD BE DISRUPTIVE FOR OUR ADVERSARIES

The detection of our adversary’s toolsets has been the focus of endpoint defense strategies for decades. While essential to information security operations, the efficacy of this approach remains challenged. We are exploring methods of dynamically changing parts of the computing environments and resetting endpoint components to pristine or “known good” states.  Our intention is to force adversaries to perform parts of their operation at an unprecedented tempo; hours as opposed to months. The approach could force a trade-off between moving rapidly and losing access; attackers typically move slowly and quietly in order to avoid detection, and this approach could help force more rapid and noisy movement.

  • PROJECTS

  • lucidleader-01LUCIDLEADER’S objectives are to improve information sharing between the public and private sector with the strategic goal of increasing timeliness and the value of indicator sharing. This project will focus on ways to automate the filtering of noise from signal, and allow for indicators to be more actionable in an operational setting.
  • poseidon-01POSEIDON is a joint project between two IQT Labs: Lab41 and Cyber Reboot. Current software defined network (SDN) offerings lack tangible security emphasis much less methods to enhance operational security. Without situational awareness and context, defending a network remains a difficult proposition. This project will utilize SDN and machine learning to help determine what digital assets are on the network and what those assets are doing.  This goal will help sponsors leverage SDN to provide situational awareness and better defend their networks.