CID #1 Risk Reduction Final Report 15 December 2010 Unclassified For Official Use Only Topics • • • • • • • • • Contractual Context Target Use Cases Benefiting from CID-1 Implementation Approach Demonstration Architecture Demonstration Results Observation/Lessons Summary Observations/Lesson’s Learned What’s Next (CID 1 Overview) Unclassified For Official Use Only 1 Contractual Context • CID-1 Risk Reduction – BlackRidge Technology – HBGary Blackridge • Objectives: – Set the stage for the actual CID activity – Show significant progress in commercial integration (company to company integration) by COB December – Accelerate commercial road-map baseline • Deliverables CDRL A001 Description Monthly Progress/Cost Reports, due 5th day after end of each month A002 A003 TIM Presentations and Meeting Minutes, due 14 calendar days following the event Risk Reduction Report, due 31 December 2010 Unclassified For Official Use Only 2 CID-1 Target Use Cases • Target Capability – – – • Enabled governmental use cases: – – • Software endpoint agent: Provide real-time, characterization of the trust level of a protected endpoint, for multiple instances of trust assessment. Transport access control (TAC) client and appliance: The software client provides a multi-mode identity which conveys the identity and trust assessment of the protected endpoint. The hardware appliance recovers the identity and trust assessment. Data center: Provide hosted web services, with the TAC appliance in-line to the data center portal, enabling a riskbased response by a protected server. The commercial use case is the government use case for protecting TIC, NIPRNet, or SIPRNet gateways and web servers. The ability to interface with GFE endpoint agents; the ability to use witting or unwitting host traffic; the ability to transmit a unique tag for authenticating endpoints on the first packet, and to provide a protected communications path; the ability to recover or redirect tagged traffic at line-rate, in real-time; and the ability to access 10-20% of the world’s web traffic through a global content provider; all enable a range of government-unique missions. Enabled commercial use cases: e-commerce, fraud mitigation, and behavioral tracking (is the endpoint user behaving like a person, or like a bot?). Unclassified For Official Use Only 3 Technical Architecture TCP Packet Web Traffic Source TCP Packet Options 1) Seq 2) Seq + Key + Time 3) Seq + Key + Time + LPI Data CDN NOC TAC Client Endpoint Payload 1. 2. 3. 4. 5. TCP Packet TAC Appliance Internet CDN Server CDN Edge Network SIEM Monitor TAC Mgmt Payload Mgmt Host generates web traffic destined for Content Data Network (CDN) provider Endpoint payload generates data TAC Client generates steganographic token, with LPI data embedded and signed with secure hash TAC Appliance in data center recognizes token and takes action in conjunction with CDN: transport payload data, clone or redirect session, geolocate Reverse C3 path via store and forward acknowledgement at TAC Appliance Unclassified For Official Use Only Implementation Approach • Tag-ups, meetings, tools… • Subs do self-integration based on mutual interest aimed at future business collaborations Unclassified For Official Use Only 5 Demonstration • Chart to show what was actually done • Provide context to the demonstration • Run demonstration – Think of this as a script for what actions/events take place in what order during the demo This page includes Blackridge and/or HBGary proprietary information – use of this information for other purposes requires permission from the respective parties 6 Results • Low level check list of what was done – This is essentially a list of lower level tasks mean to indicate we actually did real work This page includes Blackridge and/or HBGary proprietary information – use of this information for other purposes requires permission from the respective parties 7 Observations & Lessons’ Learned This should generally support Farallon’s business case….indicating that future Government expenditures in this venue will not be wasted. Include any ideas that could improve the process This page includes Blackridge and/or HBGary proprietary information – use of this information for other purposes requires permission from the respective parties 8 What’s Next: CID 1 Overview Top level schedule for CID 1 (all three demos) This page includes Blackridge and/or HBGary proprietary information – use of this information for other purposes requires permission from the respective parties 9 Summary This page includes Blackridge and/or HBGary proprietary information – use of this information for other purposes requires permission from the respective parties 10 Commercial Company Assessments • Black Ridge – – – – Challenges faced Lessons Learned Commercial Roadmap Assessment Recommendations for CID-1 • HBGary – – – – Challenges faced Lessons Learned Commercial Roadmap Assessment Recommendations for CID-1 This page includes Blackridge and/or HBGary proprietary information – use of this information for other purposes requires permission from the respective parties 11
© Copyright 2025 Paperzz