A mindset that permeates our entire enterprise. An uncommon understanding of internal and external threats and opportunities which can be tapped to improve efficiency, optimize investment, and secure your enterprise.
That help you transform and secure your business
100% Cloud-delivered Security. Request a Demo. Fast user experience, Reduce costs, Simplify remote user and branch IT, and deliver Active Cyber Defense.
Active Cyber Defense (ACD)
A component of XBAND’s overall approach to defensive cyber operations. Active Cyber Defense is far more than just the enhancement of defensive cybersecurity capabilities for businesses and commercial enterprises. ACD-defined capabilities and processes can be employed to support federal, state, and local government agencies and organizations, defense contractors, critical infrastructure segments, and industry. The ability to rapidly and automatically share and understand threat information and analysis, cyber activity alerts, and response action is critical to enabling unity of effort in successfully detecting and defending against advanced cyber-attacks.
From 2000-2014 global Internet usage increased 741%, up from 360 million to almost 3.5 billion people . The security and effective operation of the U.S. critical infrastructure rely on cyberspace industrial control systems and information technology that may be vulnerable to disruption or exploitation. DoD and the nation as a whole rely on a secure and dependable cyberspace that protects fundamental freedoms, privacy, and the free flow of information.
Our networks and data are subject to continuous cybersecurity attacks from a wide range of threats. Effective defense against these adversaries requires near real-time orchestration of thousands of end components and network systems, multiple organizational processes, and the selection, de-confliction, and execution of complex response actions within and across diverse domains. Today, such orchestration is primarily a manual, human-in-the-loop, process to correlate multiple inputs and direct an array of responses. This current process does not provide the speed, agility and control necessary to ensure operational mission success in the presence of sophisticated cyber threats. Through the introduction of ACD constructs, secure orchestration will provide an automated, human-in-the-loop capability to select, direct, and track responses to network and cybersecurity events.
A comprehensive ACD solution would have characteristics that include the ability to operate with dialable levels of automated decision-making that enable the detection and mitigation of threats at cyber-relevant speed; it must be scalable to operate in any size enterprise, and work in an integrated manner with other network defense and hardening capabilities while creating and consuming shared situational awareness. Finally these capabilities must be available soon and be designed in a manner that allows them to be built and operated by both the private sector and USG.
The ACD Framework, depicted here, describes the set of five high-level conceptual capabilities necessary to perform ACD anywhere in cyberspace. A foundational messaging fabric must exist to enable real-time communications using standard protocols, interfaces and schema among the other four components. Then there must be sensors that report data on the current state of the network, sense-making analytics to understand current state, automated decision -making to decide how to react to current state information, and capabilities to act on those decisions to defend the network. Although not a unique part of the ACD framework, Shared Situational Awareness is a critical provider and consumer of actionable ACD information.
ACD is far more than just the enhancement of defensive cybersecurity capabilities for the DoD and the Intelligence Community. ACD-defined capabilities and processes can be employed to support federal, state, and local government agencies and organizations, defense contractors, critical infrastructure segments, and industry. The ability to rapidly and automatically share and understand threat information and analysis, cyber activity alerts, and response action is critical to enabling unity of effort in successfully detecting and defending against advanced cyber-attacks.
Today, even the best within-network cybersecurity is achieved by products/services that operate independently of each other (e.g., virus checkers, remote configuration management), do not benefit from full situational awareness (e.g., on threats and mitigations), and often rely on human-in-the-loop process.
The state of cybersecurity within networks can and should be advance by the development and use of commercially-produced, multi-sourced, standards-enabled solutions that can interact and share situational awareness.
When deployed as a comprehensive integrated set of solutions across the interior and at the boundary of a network enterprise, ACD can provide mitigation of zero day attacks and enable hardening of allied networks against such attaks in cyber relevant time through a shared messaging fabric. Using the ACD Framework as a guide, enterprises can rapidly deploy ACD solutions and leverage cybersecurity capabilities already deployed on their networks. The automation inherent in an ACD solution also holds the promise of efficiencies and scalability that will lead to cost savings in network management.
Journal of Information Warfare, April 2014 Active Cyber Defense: A Vision for Real-Time Cyber Defense
Join OUR agent network
Our commitment to our partners is to keep things simple, consistent and effective.