Adam Tyra

As the digital world becomes increasingly connected, it is no longer possible for infrastructure owners and operators to remain agnostic in the face of evolving cyber threats. Here’s what they can do to build an integrated cyber defense.

Robustness of complex networks has been extensively studied via the notion of site percolation, which typically models independent and non-adaptive attacks (or disruptions). However, real-life attacks are often dependent and/or adaptive . This motivates us to characterize the robustness of complex networks, including non-interdependent and interdependent ones, against dependent and adaptive attacks. For this purpose, dependent attacks are accommodated by L-hop percolation where the nodes… Show more

Robustness of complex networks has been extensively studied via the notion of site percolation, which typically models independent and non-adaptive attacks (or disruptions). However, real-life attacks are often dependent and/or adaptive . This motivates us to characterize the robustness of complex networks, including non-interdependent and interdependent ones, against dependent and adaptive attacks. For this purpose, dependent attacks are accommodated by L-hop percolation where the nodes within some L-hop (L≥0) distance of a chosen node are all deleted during one attack (with L=0 degenerating to site percolation). Whereas, adaptive attacks are launched by attackers who can make node-selection decisions based on the network state in the beginning of each attack. The resulting characterization enriches the body of knowledge with new insights, such as: (i) the Achilles’ Heel phenomenon is only valid for independent attacks, but not for dependent attacks; (ii) powerful attack strategies (e.g., targeted attacks and dependent attacks, dependent attacks and adaptive attacks) are not compatible and cannot help the attacker when used collectively. Our results shed some light on the design of robust complex networks. Show less

The massive distributed denial of service attack that occurred in October 2016 dramatically realized the fears of security researchers regarding cyber risks due to insecure design in the “Internet of Things.” Given the advancing complexity of malware, defenders can assume that future attacks from connected devices will likely be far more sophisticated than the packet-flooding denial of service perpetrated by the Mirai botnet. Increasingly capable connected devices will cause real-world physical… Show more

The massive distributed denial of service attack that occurred in October 2016 dramatically realized the fears of security researchers regarding cyber risks due to insecure design in the “Internet of Things.” Given the advancing complexity of malware, defenders can assume that future attacks from connected devices will likely be far more sophisticated than the packet-flooding denial of service perpetrated by the Mirai botnet. Increasingly capable connected devices will cause real-world physical damage. The shortfall apparent in our defensive planning will need a solution sooner than we think. Show less

Tool vendors have recognized the potential of machine learning and are hard at work building platforms to automate security monitoring in order to solve manpower and resource shortages. However, viable solutions that can replace even low-level analysts might be further than we think. In this article we’ll discuss why adversary detection is a fundamentally larger and more difficult problem than other applications of analytics and why security analytics tools probably won’t replace human analysts… Show more

Tool vendors have recognized the potential of machine learning and are hard at work building platforms to automate security monitoring in order to solve manpower and resource shortages. However, viable solutions that can replace even low-level analysts might be further than we think. In this article we’ll discuss why adversary detection is a fundamentally larger and more difficult problem than other applications of analytics and why security analytics tools probably won’t replace human analysts anytime soon. Show less

This article will focus on crafting deceptions for the defense. Deceptions can be created using practically any means available, and the utility of deception as a defensive tool extends far beyond detection and research. However, unlike other cybersecurity tools, deception doesn’t come with a user guide. Many defenders struggle to deploy deception effectively, and this has resulted in a loss of stakeholder confidence in deception as a worthwhile use of resources. By examining specific… Show more

This article will focus on crafting deceptions for the defense. Deceptions can be created using practically any means available, and the utility of deception as a defensive tool extends far beyond detection and research. However, unlike other cybersecurity tools, deception doesn’t come with a user guide. Many defenders struggle to deploy deception effectively, and this has resulted in a loss of stakeholder confidence in deception as a worthwhile use of resources. By examining specific difficulties that many organizations experience with deception tactics, defenders can gain insight into the conditions required for success in cyber deceptions. This insight can then be combined with a basic deception methodology and a bit of adversary focus to craft effective cyber deceptions that enhance security and lead attackers down the path to defeat. Show less

Traditional SecOps aren’t adversary focused, but they should be! By integrating threat intelligence with an adversary-focused operational cycle of deliberately planned security operations, organizations can deploy an active defense specifically targeted at protecting critical resources and resulting in improved return on investment for the enterprise security budget.

An organization’s intellectual property and critical business systems have substantial
monetary value, and organization leaders expect their security programs to keep the data
secure and the attackers out. To this end, the effectiveness of the organization’s security
operations can be significantly enhanced by an Active Defense guided by deliberate
planning, a defined strategic end-state and an adversary focus. By organizing and
integrating the organization’s existing security… Show more

An organization’s intellectual property and critical business systems have substantial
monetary value, and organization leaders expect their security programs to keep the data
secure and the attackers out. To this end, the effectiveness of the organization’s security
operations can be significantly enhanced by an Active Defense guided by deliberate
planning, a defined strategic end-state and an adversary focus. By organizing and
integrating the organization’s existing security operations, Active Defense can help reduce
the number of successful targeted attacks and decrease the amount of time that intruders
can operate before being ejected from the network. Show less

A description of cultural, organizational, and technological challenges to conducting Defensive Cyberspace Operations (DCO) in tactical unit headquarters

Fighting evil consistently requires you to proactively investigate it, hunt it down, and kick in the door where you find it. Organizations must evolve their security operations to hunt intruders and either eradicate them from the network or confirm that they were not there in the first place.

By integrating timely threat intelligence, security practitioners can deploy an active defense specifically targeted at critical resources rather than focusing on the outer perimeter. Defenders will… Show more

Fighting evil consistently requires you to proactively investigate it, hunt it down, and kick in the door where you find it. Organizations must evolve their security operations to hunt intruders and either eradicate them from the network or confirm that they were not there in the first place.

By integrating timely threat intelligence, security practitioners can deploy an active defense specifically targeted at critical resources rather than focusing on the outer perimeter. Defenders will improve their effectiveness, and attackers will seek out softer targets.

The term “Active Defense” has been used, abused, and misconstrued. Learn how to expose your cyber enemies and eradicate them from your network by leveraging anomaly analysis, active hunting, cyber-recon by fire, and clear-and-hold missions. We’ll discuss these and other tactics to show why the best defense is an active defense Show less

A discussion of current information security trends in the context of overseas and austere environment operations for non-governmental organizations.

A presentation describing the use of dynamically linked library (DLL) and shared object (SO) "shimming" to enable persistence and code injection for malicious software.

A study of simulated dependent and adaptive attacks against several classes of complex networks