CID #1 Risk Reduction
Final Report
15 December 2010
Unclassified For Official Use Only
Topics
•
•
•
•
•
•
•
•
•
Contractual Context
Target Use Cases Benefiting from CID-1
Implementation Approach
Demonstration Architecture
Demonstration Results
Observation/Lessons
Summary
Observations/Lesson’s Learned
What’s Next (CID 1 Overview)
Unclassified For Official Use Only
1
Contractual Context
• CID-1 Risk Reduction
– BlackRidge Technology
– HBGary
Blackridge
• Objectives:
– Set the stage for the actual CID activity
– Show significant progress in commercial integration (company to
company integration) by COB December
– Accelerate commercial road-map baseline
• Deliverables
CDRL
A001
Description
Monthly Progress/Cost Reports, due 5th day after end of each month
A002
A003
TIM Presentations and Meeting Minutes, due 14 calendar days following the event
Risk Reduction Report, due 31 December 2010
Unclassified For Official Use Only
2
CID-1 Target Use Cases
•
Target Capability
–
–
–
•
Enabled governmental use cases:
–
–
•
Software endpoint agent: Provide real-time, characterization of the trust level of a protected endpoint, for multiple
instances of trust assessment.
Transport access control (TAC) client and appliance: The software client provides a multi-mode identity which
conveys the identity and trust assessment of the protected endpoint. The hardware appliance recovers the identity
and trust assessment.
Data center: Provide hosted web services, with the TAC appliance in-line to the data center portal, enabling a riskbased response by a protected server.
The commercial use case is the government use case for protecting TIC, NIPRNet, or SIPRNet gateways and
web servers.
The ability to interface with GFE endpoint agents; the ability to use witting or unwitting host traffic; the ability to
transmit a unique tag for authenticating endpoints on the first packet, and to provide a protected communications
path; the ability to recover or redirect tagged traffic at line-rate, in real-time; and the ability to access 10-20% of
the world’s web traffic through a global content provider; all enable a range of government-unique missions.
Enabled commercial use cases: e-commerce, fraud mitigation, and behavioral tracking
(is the endpoint user behaving like a person, or like a bot?).
Unclassified For Official Use Only
3
Technical Architecture
TCP Packet
Web
Traffic
Source
TCP Packet Options
1) Seq
2) Seq + Key + Time
3) Seq + Key + Time + LPI Data
CDN
NOC
TAC
Client
Endpoint
Payload
1.
2.
3.
4.
5.
TCP Packet
TAC
Appliance
Internet
CDN
Server
CDN Edge Network
SIEM
Monitor
TAC
Mgmt
Payload
Mgmt
Host generates web traffic destined for Content Data Network (CDN) provider
Endpoint payload generates data
TAC Client generates steganographic token, with LPI data embedded and signed with secure hash
TAC Appliance in data center recognizes token and takes action in conjunction with CDN: transport
payload data, clone or redirect session, geolocate
Reverse C3 path via store and forward acknowledgement at TAC Appliance
Unclassified For Official Use Only
Implementation Approach
• Tag-ups, meetings, tools…
• Subs do self-integration based on mutual
interest aimed at future business collaborations
Unclassified For Official Use Only
5
Demonstration
• Chart to show what was actually done
• Provide context to the demonstration
• Run demonstration
– Think of this as a script for what actions/events take place in what order during
the demo
This page includes Blackridge and/or HBGary proprietary information – use of this information for
other purposes requires permission from the respective parties
6
Results
• Low level check list of what was done
– This is essentially a list of lower level tasks mean to indicate we actually did real
work
This page includes Blackridge and/or HBGary proprietary information – use of this information for
other purposes requires permission from the respective parties
7
Observations & Lessons’ Learned
This should generally support Farallon’s business
case….indicating that future Government expenditures in this
venue will not be wasted.
Include any ideas that could improve the process
This page includes Blackridge and/or HBGary proprietary information – use of this information for
other purposes requires permission from the respective parties
8
What’s Next: CID 1 Overview
Top level schedule for CID 1 (all three
demos)
This page includes Blackridge and/or HBGary proprietary information – use of this information for
other purposes requires permission from the respective parties
9
Summary
This page includes Blackridge and/or HBGary proprietary information – use of this information for
other purposes requires permission from the respective parties
10
Commercial Company Assessments
• Black Ridge
–
–
–
–
Challenges faced
Lessons Learned
Commercial Roadmap Assessment
Recommendations for CID-1
• HBGary
–
–
–
–
Challenges faced
Lessons Learned
Commercial Roadmap Assessment
Recommendations for CID-1
This page includes Blackridge and/or HBGary proprietary information – use of this information for
other purposes requires permission from the respective parties
11