When an organization’s IT staff members are alerted about a possible cyber intrusion, they jump into detective mode, poring over reams of data to figure out what changed in the minutes, days and weeks before the alarm bell sounded.
But the data these detectives have to work with is often confusing or incomplete.
Akatosh, a tool developed by researchers at Oak Ridge National Laboratory in Tennessee, aims to fix that problem by taking regular “snapshots” of the state of every computer in an organization’s network.
» Get the best federal technology news and ideas delivered right to your inbox. Sign up here.
When the alarm bell sounds, the system automatically compares the post-incident snapshot with previous snapshots and tells the IT professionals precisely what changed, helping them to determine if the incident is a real concern and the best way to fix or mitigate it.
Akatosh is one of eight technologies developed by government labs or research partners the Homeland Security Department’s technology transfer office showcased Tuesday to companies that might want to run pilot programs with the tools or commercialize them.
DHS’ Transition to Practice office has helped dozens of technologies developed by national labs and universities reach commercial viability since the office launched in 2012. That includes eight tools fully offered or licensed by private companies, 15 tools being piloted within government or the private sector and five being offered as open source code, Program Manager Nadia Carlsten said during Tuesday’s demo.
The program’s goal is to give a boost to cybersecurity products that address existing or future gaps in protection but which the free market is unlikely to fund on its own, Carlsten said.
The office demonstrated eight of those tools at the RSA cybersecurity conference in February and plans to take three of them to the Black Hat hacker conference this summer.
Another product demoed Tuesday was APE, an Android application developed with federal funding by the nonprofit MITRE Corp., which scans all incoming traffic to the phone and blocks anything known to be malicious. Because the service is app-based, it can update much faster in response to new threats than security updates to the Android operating system itself.
The tool also disables unneeded phone functions to limit vulnerabilities, MITRE engineer Mark Mitchell said.
The Policy Enforcement and Access Control for Endpoints, or PEACE, tool, developed with federal help at the Worchester Polytechnic Institute, is a central controller that requires permission from any computer in a network before it shares anything with another computer.
The controller scans those requests to assess the likelihood they’re coming from a real human rather than a computer bug. It also applies rules set by the company such as not sharing links to services likely to allow malware in, said Craig Shue, a Worcester Polytechnic professor.
Because PEACE collects information about how scrupulous or careless an organization’s employees are, it also allows system administrators to set different rules for different employees, Shue said, loosening the reins on conscientious ones and tightening them on security risks.