DocumentCode
665631
Title
Cerebro: A platform for collaborative incident response and investigation
Author
Connell, Anne ; Palko, Tim ; Yasar, Hasan
Author_Institution
Software Eng. Inst., Carnegie Mellon Univ., Pittsburgh, PA, USA
fYear
2013
fDate
12-14 Nov. 2013
Firstpage
241
Lastpage
245
Abstract
Today´s incident response training, architectures, and methodologies are all built upon disconnected siloes of domain expertise, but attacks upon an organization´s critical information systems are not done in a disjointed way. Attacks on critical information systems and infrastructure are not solely network, or malware, or single disks; they are coordinated, large-scale multisite attacks done in an organized manner. With the increase in frequency and sophistication of these attacks, it is not enough to rely on intrusion detection systems, trusted IT staff, or organizational information security divisions. The velocity of a cyber attack should be met with an equally coordinated response. There is a need to develop a platform that enables responders to establish trust and develop an effective collaborative response plan and investigation process across multiple organizations and legal bodies to track adversaries, mitigate the threat, get critical systems back online, and pursue legal action against the offenders. In this work we propose such a platform for efficient collaboration. Our work is informed by our practices in supporting law enforcement organizations dealing with large-scale distributed attacks on critical information systems and infrastructure and by an examination of Stuxnet, a computer worm discovered in June 2010 that is believed to have been created by the United States and Israel to attack Iran´s nuclear facilities. Based on these experiences of operational support, the authors propose Cerebro, an Extensible Large-Scale Analysis Platform designed to fuse structured domain specific information, decision support, and collaboration in an automated fashion, to effectively detect and respond to such attacks.
Keywords
invasive software; Cerebro platform; Stuxnet computer worm; collaborative incident response; collaborative investigation process; critical information systems; cyber attack velocity; extensible large-scale analysis platform; information technology; intrusion detection systems; large-scale distributed attacks; malware; multisite attacks; organizational information security divisions; trusted IT staff; Collaboration; Computers; Law enforcement; Malware; Monitoring; Organizations; digital intelligence; digital investigations; incident response; multi-site collaboration; multi-site coordination; network security;
fLanguage
English
Publisher
ieee
Conference_Titel
Technologies for Homeland Security (HST), 2013 IEEE International Conference on
Conference_Location
Waltham, MA
Print_ISBN
978-1-4799-3963-3
Type
conf
DOI
10.1109/THS.2013.6699007
Filename
6699007
Link To Document