• Subscribe

iSGTW Feature - Security through collaboration part II: framework for investigations

Feature - Security through collaboration, part II: a framework for investigations


Image courtesy of NCSA.

Last week, Randal Butler of NCSA, University of Illinois, discussed cyber security in today's world of cross-domain computing, trust relationships and sophisticated cyber attacks. This week, he follows up with a discussion of collaborative cyber security and a prototype framework for cyber investigation developed by NCSA.

In today's cyber-climate, a single attack can affect multiple organizations, increasing the need for security professionals to collaborate in both incident prevention and response.

The challenges that cyber investigators face are very much like those of their counterparts in academic research. The data they collect often comes from many sites and in a variety of formats, making it difficult to analyze. Cyber security at academic sites is often underfunded and understaffed.

They also share benefits. In both research and security, the combination of unique problem-solving skills, perspectives and information that individuals bring to a team significantly enhances what can be accomplished alone.

In The Lord of the Rings, the three remaining palantirs (palanĂ­ri) were used primarily for deception. NCSA's palantir will instead help root it out. Image courtesy of flickr.com.

"Build me an army"

NCSA has developed a Web-based collaborative problem solving environment, or framework, for cyber security investigations. Called Palantir, it houses and manages investigation data within an advanced data repository that supports auditing and data provenance capture. The data's provenance-its origin, how it was produced and by whom, how it has been processed-is particularly critical information for the investigative process. The framework also supports tools for data analysis, secure communications, and the capacity to add sites and investigators as the investigation expands. Investigators can create workflows for analyzing, visualizing and publishing data using the integrated CyberIntegrator scientific workflow system.

A collaborative framework of this type acts as a force multiplier, bringing the expertise and experience of a network of security professionals, in a variety of roles, to bear on an investigation. It brings organization to a very complicated process that may involve tens or hundreds of people and sites, and thousands of security logs, tracking all the different approaches to analysis and ensuring that the investigative steps can be retraced.

Palantir is based on a collaborative environment called the NCSA CyberCollaboratory, designed to enable academic research communities to interact and share data using Web-based applications and portal technology.

Cyber security-especially incident response-is now benefiting from collaboration concepts and technologies developed by the very researchers it has been protecting.

-Randal Butler, NCSA, for iSGTW

Join the conversation

Do you have story ideas or something to contribute? Let us know!

Copyright © 2021 Science Node ™  |  Privacy Notice  |  Sitemap

Disclaimer: While Science Node ™ does its best to provide complete and up-to-date information, it does not warrant that the information is error-free and disclaims all liability with respect to results from the use of the information.

Republish

We encourage you to republish this article online and in print, it’s free under our creative commons attribution license, but please follow some simple guidelines:
  1. You have to credit our authors.
  2. You have to credit ScienceNode.org — where possible include our logo with a link back to the original article.
  3. You can simply run the first few lines of the article and then add: “Read the full article on ScienceNode.org” containing a link back to the original article.
  4. The easiest way to get the article on your site is to embed the code below.