SCIT - Vision Series
-
Upload
eric-jacobs -
Category
Documents
-
view
27 -
download
0
Transcript of SCIT - Vision Series
Self-Cleaning Intrusion Tolerance (SCIT)Self-Cleaning Intrusion Tolerance (SCIT)
MSAG msag.net 703.538-0807
Copyright © 2014, Micro Systems Consultants, Inc.Permission to duplicate and distribute this document is granted
provided the document is duplicated and distributed in its entirety, three pages.
November 2014 Author: Eric Jacobs, Director [email protected]
MSAG Vision Series TM
AIRCRAFT AEROSPACE
Self-Cleansing Intrusion Tolerance (SCIT)
Copyright © 2014, Micro Systems Consultants, Inc.
Permission to duplicate and distribute this document is granted
provided the document is duplicated and distributed in its entirety, three pages.
1
Intrusions are Inevitable
The figure at right is an excerpt from Verizon’s
2014 Data Breach Investigations Report
(http://www.verizonenterprise.com/DBIR/2014/).
The data clearly shows the significant amount of
time that typically exists between the Compromise
of a system, of which more than half the time takes
place in a matter of minutes, and the time it takes
to Discover the Compromise, which more than
half the time takes months. In more than 90% of
these instances, Exfiltration has occurred before
the Compromise was Discovered.
Cyber security strategies built on Intrusion
Detection Systems (IDS) and Intrusion Prevention
Systems (IPS) cannot prevent all intrusions. Self-
Cleaning Intrusion Tolerance (SCIT) is an award-
winning patented technology that delivers a
proactive approach to cyber attack deterrence. The
SCIT approach applies to virtual and physical
server environments. It exploits virtualization to
automatically restore the operating system and
applications to a pristine state and achieves ultra-
low intrusion persistence time – minutes as
opposed to days, weeks, or months, for
conventional systems. SCIT servers subvert
attacks by robbing intruders of the time and
persistent access needed to launch and sustain attacks.
The SCIT Process
SCIT-enabled servers have a six-state cycle, as illustrated below – Startup to Online Spare to
Production/Exposed to Quiescent (which drains the transaction queue) to Forensics and, finally
to Stop, when the server is stopped and destroyed. SCIT-enabled servers reduce operational costs
and the probability of violating Service Level Agreements and Objectives (SLA/SLO) by
increasing the protection of the datasets and operational resilience.
Self-Cleansing Intrusion Tolerance (SCIT)
Copyright © 2014, Micro Systems Consultants, Inc.
Permission to duplicate and distribute this document is granted
provided the document is duplicated and distributed in its entirety, three pages.
2
SCIT software and appliance-based solutions can be installed rapidly and seamlessly integrated
with existing FISMA-compliant architecture. There is no requirement to alter existing security
implementations or protocols, and SCIT cycle times can be adapted based on information from
existing security tools. SCIT does not require changes to application code.
Benefits of a Proactive Approach
SCIT proactively deters cyber attacks by reducing the window of opportunity for adversaries to
mount and execute cyber attacks. SCIT-enabled web servers become state-of-the-art agile
defense systems that features:
• Responses to newly discovered vulnerabilities. Threat vectors can often be better
managed at a more sane pace with less urgency and chance of collateral adverse effects.
• Ultra Low Intrusion Persistence Time, configurable from hours to as low as one minute.
• Automatic restore to a pristine state at regular intervals without manual intervention.
• Automatic recovery from software deletion attacks.
• Increased visibility of the repeated attempts of intruders to access your environment.
Production /
Exposed
Start
Online Spare
Quiescent
Forensics
Stop
SCIT APPROACH
Pristine servers rotated into
production at appropriate
time intervals.
Capture for offline
Forensic Analysis
Self-Cleansing Intrusion Tolerance (SCIT)
Copyright © 2014, Micro Systems Consultants, Inc.
Permission to duplicate and distribute this document is granted
provided the document is duplicated and distributed in its entirety, three pages.
3
• Lower Total Cost of Ownership (TCO) by reducing false positive alerts and associated
investigation and recovery costs.
• Reduction of memory leaks through SCIT’s continuous clean processes.
• Increased operational resilience, faster recovery time, and better update management.
Additional benefits realized after introducing SCIT-enabled servers includes:
• Reduction in data exfiltration losses.
• Support for forensic and cyber intelligence activities.
• Quick and easy application of hot patches and recovery from bad patches.
• Support for disaster recovery/Continuity of Operations (COOP) architectures.
SCIT Compared to Traditional Approaches
Existing host integrity tools such as firewalls, IPS, and IDS are reactive and help with
understood and known threats. These tools provide limited, if any, protection against zero-day
threats. SCIT is proactive, threat independent, and contains zero-day threat losses.
Conclusion
This paper highlights a cost-effective approach to the implementation of proactive measures to
protect an organization’s infrastructure and assets. SCIT can quickly be operational with little
impact on an organization’s technical staff and existing processes.