https://www.iacdautomate.com/ic_oct2018 daily 0.75 2018-10-29 https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1540847524579-SKC83T9F6HL4RORZPJ75/Day+1+AM3+Keynote+Speaker_Ramsay.jpg IC_oct2018 - October 2018 Integrated Cyber Day1 Keynote Sherri Ramsay Keynote Speaker: Sherri Ramsay, Consultant; Former Director, NSA/CSS Threat Operations Center (NTOC) https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1540847524579-SKC83T9F6HL4RORZPJ75/Day+1+AM3+Keynote+Speaker_Ramsay.jpg IC_oct2018 - October 2018 Integrated Cyber Day1 Keynote Sherri Ramsay Keynote Speaker: Sherri Ramsay, Consultant; Former Director, NSA/CSS Threat Operations Center (NTOC) https://static1.squarespace.com/static/5a94b67ff93fd440f0516297/5bd367a915fcc0874fa6dd47/5bd367cd7de075aeea7a43ae/1540581315087/ IC_oct2018 https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1540847560542-RQULS0UWIJKYVT5RBLXR/Day+1+AM4+Featured+Speaker_Kurtz.jpg IC_oct2018 - October 2018 Integrated Cyber Day1 Featured Speaker Paul Kurtz Power of Information Sharing with Lessons Learned in the Retail Sector Abstract: Information sharing can be a powerful strategy to security operations and beyond. Learn from real-life case studies on how a cyber intelligence exchange can transform your organization into a more secure, efficient machine. Featured Speaker: Paul Kurtz, CEO and Cofounder, TruSTAR https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1540847581914-65EVWGUTWH6N0N462S1B/Day+1+BS1+Panel+-+HOR+-+Actionable+Information+Sharing.JPG IC_oct2018 - October 2018 Integrated Cyber Day1 Featured Panel Horizontal Integrations Featured Panel - Horizontal Integrations Abstract: As more and more vendors realize the importance of integrating within their product lines and with third-party vendors, many large market players are designing frameworks, platforms, and standards to make their products and product lines accessible. This panel will focus on the importance of horizontal integration across vendors, how it has become a driver for competition in the open market, and its importance for automation and speed of cyber defense. The panel will explore the operational challenges with this type of integration across vendors/products as well as the various models being developed and how they can be used to address these challenges. Moderator: Harley Parkes, Director, IACD Portfolio, JHU/APL Panelists: Efrain Ortiz, Director Market & Technology Innovation, Symantec; Naasief Edross, Senior Technical Leader, Cisco; Jason Mok, IACD Deputy Integration Team Lead, JHU/APL; and Michael Ward, Director, Security Engineering | Federal, Palo Alto Networks https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1540847602781-IY0FDG3XKA98LOLXQTM2/Day+2+AM1+Keynote+Speaker_Howard.jpg IC_oct2018 - October 2018 Integrated Cyber Day2 Keynote Rick Howard Keynote Speaker: Rick Howard, Chief Security Officer, Palo Alto Networks https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1540847626175-9R6KIN7HH3EFOKWEB7B8/Day+2+AM2+Featured+Speaker_Miller.jpg IC_oct2018 - October 2018 Integrated Cyber Day2 Featured Speaker Ben Miller ICS Threat Operations: Responding to Industrial Intrusions Abstract: This presentation will offer thoughts on how to respond to industrial intrusions. One of our biggest challenges as a community is how we are largely untested in our ability to recognize and respond to an industrial intrusion. Making matters worse, the industrial environments often lack the level of logging needed to respond and understand an attack. We must quickly move to a “protection eventually fails” mindset and understand how to “live off the land” to gain the defender’s advantage. This talk will pragmatically step through how our engagements have shaped our thoughts and our technology. Featured Speaker: Ben Miller, Director of Threat Operations, Dragos, Inc. https://www.iacdautomate.com/icoctober2018pdfs daily 0.75 2018-10-31 https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1540592568060-0BILVTL4FLNYKA4Y2D0G/image-asset.png IC_October2018_PDFs - Actionable Information Sharing: Enabling Defenses Abstract: Sharing IOCs is necessary but not sufficient. We need to make processing/usage of IOCs as automated as possible, and we need to evolve what is being shared to be something that organizations can use to more appropriately protect and defend the network. This panel will discuss what makes threat information actionable for network defenders and what type of information (e.g., adversary TTPs) would be valuable to share. Moderator: Sherri Ramsay, Consultant; Former Director, NSA/CSS Threat Operations Center (NTOC) Panelists: Jeff Aboud, Director, Product Marketing, Kenna Security John Jolly, President and CEO, Syncurity Shawn Riley, CDO and CISO, DarkLight Cyber Donnie Wendt, Security Engineer, Mastercard https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1540592596541-BB40O5OEM86ECCQP6IHA/Day+1+BS1+AUD_Actionable+Information+Sharing_Page_2.png IC_October2018_PDFs - Actionable Information Sharing: Enabling Defenses Abstract: Sharing IOCs is necessary but not sufficient. We need to make processing/usage of IOCs as automated as possible, and we need to evolve what is being shared to be something that organizations can use to more appropriately protect and defend the network. This panel will discuss what makes threat information actionable for network defenders and what type of information (e.g., adversary TTPs) would be valuable to share. Moderator: Sherri Ramsay, Consultant; Former Director, NSA/CSS Threat Operations Center (NTOC) Panelists: Jeff Aboud, Director, Product Marketing, Kenna Security John Jolly, President and CEO, Syncurity Shawn Riley, CDO and CISO, DarkLight Cyber Donnie Wendt, Security Engineer, Mastercard READ MORE https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1540592609482-KHJGL0ZEE10SK1RA7T9Y/Day+1+BS1+K3K4+10-2-2018_ManTech+JHU+APL+Brief_v3_Page_01.png IC_October2018_PDFs - Integrator COI: Tales from the Trenches: Use of a Cyber Range to Overcome Obstacles to SOAR/IACD Adoption Abstract: Cyber Ranges offer features that can be used reduce risk and measure performance of the adoption of SOAR/IACD capabilities. A Cyber Range has the ability to recreate “worst day” scenarios that “stress test” SOAR/IACD platforms beyond the ability of limited production pilots or laboratory testing to minimize risk during production implementation and operation. Cyber ranges have tools to instrument and measure system and human activities to model improvements in SOAR/IACD capabilities. A well-engineered Cyber Range allows for high-quality data collection, which increases confidence in automated decision processes and leads to improved response. Host: Cory Hoyssoon, Systems Engineer, JHU/APL Presenter: Tim Schaad, Executive Director, Advanced Cyber Range Environment and Cyber Range Services, ManTech READ MORE https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1540592620353-KTFJ69LM1PCGGH1A0MKN/Day+1+BS1+K5K6+-+Watson_Hancock+-+Low_Regret_Response_Action+%28GH+Adds%29_Page_01.png IC_October2018_PDFs - Low-Regret Response Actions Abstract: Instead of asking IF we should automate cyber defenses, how about if we asked WHEN we should automate? This talk presents a benefit versus regret matrix and discusses the concept of low-regret response actions. Presenters: Kim Watson, IACD Technical Director, JHU/APL Geoff Hancock, Chief Cybersecurity Executive, Advanced Cybersecurity Group READ MORE https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1540592629994-ZX126C0CPKFQJ88RDADZ/Day+1+BS1+K7K8+-+AEIRS+-+What+is+it+-+Part+2_Page_01.png IC_October2018_PDFs - Aetna Entitlement, Identity, and Risk System (AEIRS) Abstract: Many organizations have adopted machine learning and data analytics to help them identify security anomalies. However, mere identification isn’t good enough in a world where Petya and other modern attacks can take down 15,000 servers in a single organization in under two minutes. To combat these new types of malware, organizations need to be looking at Model Driven Security Orchestration where the security responses to emerging threats and attacks are automated and driven at machine speed. In this presentation, Aetna will provide an overview of our security orchestration program, including what worked, what didn’t, and lessons learned. Presenter: Jon Backus, Product Manager for AEIRS, Aetna READ MORE https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1540587401932-AQ7Z0S7E7ZPN3OYAJURF/Day+1+BS1+AUD_Actionable+Information+Sharing_Page_2.png IC_October2018_PDFs - Actionable Information Sharing: Enabling Defenses Abstract: Sharing IOCs is necessary but not sufficient. We need to make processing/usage of IOCs as automated as possible, and we need to evolve what is being shared to be something that organizations can use to more appropriately protect and defend the network. This panel will discuss what makes threat information actionable for network defenders and what type of information (e.g., adversary TTPs) would be valuable to share. Moderator: Sherri Ramsay, Consultant; Former Director, NSA/CSS Threat Operations Center (NTOC) Panelists: Jeff Aboud, Director, Product Marketing, Kenna Security John Jolly, President and CEO, Syncurity Shawn Riley, CDO and CISO, DarkLight Cyber Donnie Wendt, Security Engineer, Mastercard https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1540847792753-EFONRWS1ZXJEFWHZ2HWE/Day+1+BS2+Panel+-+HOR+-+Power+of+Community.JPG IC_October2018_PDFs - Panel: Power of Community Abstract: Cybersecurity has very few absolutes, almost everything is a best practice, and the sharing of tools and techniques is critical to making best practices a reality. There is a lot of interest in building and participating in practitioner communities where you can find individuals like yourself that you relate to and trust. Such communities allow practitioners to learn from each other, share with one another, and generally advance their expertise. This panel discusses the power of community in improving cybersecurity and defining/advancing best practices. Moderator: Geoff Hancock, Chief Cybersecurity Executive, Advanced Cybersecurity Group Panelists: Larry Johnson, CEO, CyberSponse Curt Dukes, Executive Vice President and General Manager, Center for Internet Security Cody Cornell, Cofounder and CEO, Swimlane John Pescatore, Director of Emerging Security Trends, SANS Institute Note: There is no presentation or video recording available for this panel https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1540661547578-AIJ1CT5DLZEFEP073NXJ/Day+1+BS2_K3K4_Reducing+Healthcare+Cyber+Risk+Using+Cooperative+SOAR_Page_01.png IC_October2018_PDFs - Reducing Healthcare Cyber Risk Using a Cooperative SOAR-Enabled Healthcare Community H-SOC Abstract: Healthcare remains the most exposed CI component and the most under-resourced. Many firms are recognizing the difficulties in keeping pace with the threats to their increasing attack surface (e.g., IoT medical devices, mobile and remote care delivery), meeting regulatory requirements, and finding/retaining qualified security personnel. However, traditional security third-party monitoring models fall short and aren’t optimized to address the volume of alerts that require investigation. In addition, current approaches don’t collectively share the granularity of data necessary to dramatically improve outcomes. As a result, a new, cooperative model is emerging in healthcare, which has been chartered by the State of Michigan and supported by Sequris Group. This session will provide an overview of this new model, highlight the differences from traditional MSS operations, and explain the critical role SOAR technology plays in delivering these services effectively and efficiently. Presenter: Eric Eder, Founder and President, Sequris Group Ryan Winn, CISO and Director of IT, Munson Healthcare John Jolly, President and CEO, Syncurity READ MORE https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1540661571917-XUKDP1AIIFKC6EKY6J5M/Day+1+BS2+K7K8+IACD+Sharable+Workflows+IC+October+2018_Page_01.png IC_October2018_PDFs - Shareable Workflows: Spreading and Adoption of Cyber Workflows through Reuse and Sharing throughout the Community Abstract: Based on Sharable Workflow presentation and demonstration with CyberSponse. A complete life cycle of downloading a workflow, modifying it, exporting it, and importing into a Orchestration Tool will be discussed. Presenters: Paul Laskowski, Senior Systems Engineer, JHU/APL Bharathram Krishnan, Solutions Architect, CyberSponse READ MORE https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1540585804572-ERJ78G9VBKJ82FHFPOAV/Day+1+BS1+K3K4+10-2-2018_ManTech+JHU+APL+Brief_v3_Page_01.png IC_October2018_PDFs - Integrator COI: Tales from the Trenches: Use of a Cyber Range to Overcome Obstacles to SOAR/IACD Adoption Abstract: Cyber Ranges offer features that can be used reduce risk and measure performance of the adoption of SOAR/IACD capabilities. A Cyber Range has the ability to recreate “worst day” scenarios that “stress test” SOAR/IACD platforms beyond the ability of limited production pilots or laboratory testing to minimize risk during production implementation and operation. Cyber ranges have tools to instrument and measure system and human activities to model improvements in SOAR/IACD capabilities. A well-engineered Cyber Range allows for high-quality data collection, which increases confidence in automated decision processes and leads to improved response. Host: Cory Hoyssoon, Systems Engineer, JHU/APL Presenter: Tim Schaad, Executive Director, Advanced Cyber Range Environment and Cyber Range Services, ManTech https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1540661557843-OB7ISCJA018XX6ECXP1K/Day+1+BS2+K5K6+-+Wendt+-+IC+-+Both+Sides+of+the+Equation_sm_Page_01.png IC_October2018_PDFs - Addressing Both Sides of the Equation: Security Automation and Deception Abstract: Security automation and intelligence sharing seek to speed the detection of and response to cyberattacks. Meanwhile, deception and moving-target defenses can slow the attacker by disrupting the attacker’s situational awareness. By addressing both sides of the equation—speeding the response and slowing the attack—we can narrow the gap between attackers’ time to compromise and our time to detect and respond. Security automation allows defenders to accelerate their observe–orient–decide–act (OODA) loop through continuous situational awareness and rapid response. Additionally, defenders can operate within the attacker’s OODA loop by using deception to disrupt the attacker’s situational awareness. This discussion will present the conceptual framework underlying research into the use of security automation and adaptive cyber defense in the financial services industry. Presenter: Donnie Wendt, Security Engineer, Mastercard READ MORE https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1540661581092-MYCSB3BJ1JP1HR5X09B0/Day+1+Lunch+Talk+-+GCAJohnsHopkinsIntegratedcyber+copy.jpg IC_October2018_PDFs - Mary Rahmani, Global Partnership Officer, Global Cyber Alliance - Less Talk and More Action: How the Global Cyber Alliance Is Making a Difference and You Can Too Less Talk and More Action: How the Global Cyber Alliance Is Making a Difference and You Can Too Abstract: Global Cyber Alliance (GCA) is an international nonprofit focused on developing and deploying practical solutions, which we make freely available, that measurably improve our collective cybersecurity. During this lecture, you’ll learn about GCA’s efforts to bring communities together to provide scalable solutions and how those resources can help you address systemic risk. We’ll discuss GCA’s efforts to tackle security challenges associated with IoT devices and technologies as well as a new initiative to help small and medium businesses confront cyber risk. Attendees will learn how they can access GCA’s trusted and globally available resources and become part of a growing movement to eradicate cyber risk. Speaker: Mary Rahmani, Global Partnership Officer, Global Cyber Alliance READ MORE https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1540847821148-UKLCLRGKCOHRM648V16O/Day+2+BS3+Panel+-+HOR+-+Implementer+Insights.JPG IC_October2018_PDFs - Implementer Insights Abstract: An increasing number of organizations are exploring and integrating Security Automation & Orchestration (SA&O)/ Security Orchestration, Automation & Response (SOAR) strategies and platforms in cyber defense. During this panel, experienced organizations share SA&O, with information sharing, lessons learned, best practices, and recommendations. Moderator: Brett Waldman, IACD Adoption, JHU/APL Panelists: John Pescatore, Director of Emerging Security Trends, SANS Institute Matt McFadden, Cyber Director, General Dynamics Information Technology Matt Rodriguez, Cybersecurity Solutions Architect, Phoenix Cybersecurity Lior Kolnik, Head of Security Research, Demisto Piero DePaoli, Senior Director, Security & Risk, ServiceNow Note: There is no presentation or video recording available for this panel https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1540663219107-BYWKJQWEB22UJ67K8M50/Day+2+BS3+K3K4+IntegratedCyber2018_Harbison_full_Page_01.jpg IC_October2018_PDFs - Adversary Playbooks Abstract: When your boss forwards you the latest intelligence report with an urgent flag set and the message reads: “What are we doing about this?” what do you say? To be confident in your answer, you need to understand how that adversary operates, or what’s in their Playbook. In this session, we’ll give you an in-depth report on OilRig, an adversary based in the Middle East that has launched a series of targeted attacks over the past 3 years. We’ll show you how to analyze the threat to build a structured copy of their offensive plays, so you can better prepare your defensive line. Presenter: Mike Harbison, Unit 42 Threat Researcher, Palo Alto Networks READ MORE https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1540661531288-VCC8M92UWUTPSVDUZM1Y/Day+2+Lunch+Talk+-+OpenC2-BCFall2018-Lemire_Page_01.jpg IC_October2018_PDFs - David Lemire, Secretary, OASIS OpenC2 Technical Committee - OpenC2 Update OpenC2 Update Abstract: A community update on OpenC2, to include highlights of this week’s face-to-face meeting and information on how you can get involved. Speaker: David Lemire, Secretary, OASIS OpenC2 Technical Committee READ MORE https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1540663229599-D3TN5UK1KT4V7IIPIYRC/Day+2+BS3+K5K6+-+Understanding+Resiliency+Effects+on+Adversary+Behavior+_Page_01.jpg IC_October2018_PDFs - Understanding Resiliency Effects on Adversary Behaviors Abstract: This talk will explore the intersection of adversary tactics and techniques and defender resiliency effects to help defenders understand their resilience to attack within the context of the IACD observe–orient–decide–act (OODA) loop. This talk will leverage community knowledge from the NIST SP 800-160 Vol. 2 Cyber Resiliency Engineering Framework, the ODNI Cyber Threat Framework, and MITRE’s ATT&CK to give concrete examples of resiliency techniques and approaches mapped to specific adversary objectives. We’ll explore how defender resiliency effects on adversary behavior impact the defender’s risk. We’ll use the Cyber Effects Matrix to show defenders how to measure gaps, map response actions, and determine whether the desired effect on adversary behavior across the cyberattack life cycle has been achieved. Presenter: Shawn Riley, CDO and CISO, DarkLight Cyber READ MORE https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1540663240015-YZ65RLZA9VN8CYNJAGU2/Day+2+BS3+K7K8+-+FY19_IC_MOSAICS_Briefing_20180928_Page_01.jpg IC_October2018_PDFs - More Situational Awareness for ICS (MOSAICS), Functional Requirements Update Abstract: This session will provide an overview of the DoD’s MOSAICS concept demonstration with a focus on the functional requirements definition for the system. MOSAICS will leverage existing commercial technologies and, where applicable, developmental technologies from government laboratories and academia to address gaps in commercial offerings. Integration of these capabilities to automate key aspects of the Advanced Cyber ICS Tactics, Techniques, and Procedures (ACI TTP) will be the primary focus of this concept demonstration. This presentation will provide insights into the technical requirements for the MOSAICS system as decomposed from the ACI TTP and other sources. Presenters: Rich Scalco, Engineer, SPAWAR SYSCEN-ATLANTIC Larry Cox, Engineer, USPACOM (AECOM) READ MORE https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1540847834221-DUH4N1CSBZ7AISE2ZS0T/Day+2+BS4+Panel+-+HOR+-+Second+Order+Benefits.JPG IC_October2018_PDFs - Second Order Benefits of Open Integration Abstract: The evolution of the SOAR market has the potential to fundamentally change classic business models because of the open integration of products and services. If companies are opening up their APIs, what other support services and opportunities does this open to small/mid-sized business development approaches and integration approaches? Tools that used to be custom-developed for integration are now commercially available and supported. What is your organization’s perspective on how a market of open integration changes for different business partners and operational activities? Moderator: Andy Speirs, Senior Information Security Executive, Booz Allen Hamilton Panelists: Christopher Carsey, Senior Solutions Engineer, CyberSponse Cody Cornell, CEO and Cofounder, Swimlane Vince Crisler, CEO and Cofounder, Dark3 Matt McFadden, Cyber Director, General Dynamics Information Technology Note: There is no presentation or video recording available for this panel https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1540663786071-7ADCM14JU2JDKFPSMG4T/Day+2+BS4+K3K4+-+Taking+a+Modern+Approach+to+Security_sm_Page_01.jpg IC_October2018_PDFs - Taking a Modern Approach to Security: What You’ve Always Done Isn’t Sufficient Anymore Abstract: Security teams are overwhelmed and are increasingly becoming less effective. They’re outnumbered and outgunned, and the problem isn’t getting any better. But it doesn’t have to be that way! Solving the problem and getting the upper hand against the bad guys isn’t a question of how many more resources we need to add— it’s a question of focusing what we already have on what really matters. Taking a modern approach to security means that we need to work smarter, not harder. This session will discuss a modern approach to security to help teams maximize the efficiency of their efforts to maximize their impact on the organization’s risk. Presenter: Jeff Aboud, Director, Product Marketing, Kenna Security READ MORE https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1540663839464-TJBMW4TT1H5X24FDCMG5/Day+2+BS4++K5K6_Experimenting+with+C2+Implementations_sm_Page_01.jpg IC_October2018_PDFs - Experimenting with C2 Implementations Abstract: FIT recently conducted a series of experiments comparing two different implementations of IACD C2 systems: The Systems Behavior Command and Control (SBC2) distributed C2 system based on the MIRA agent framework and a “conventional” C2 system using the Phantom orchestrator and apps connecting to sensors and actuators. The experiments were conducted on an emulated electrical smart grid testbed and focused on the identification and mitigation of attacks targeting the path from the smart meter to the utility data center. The experiments measured: Effectiveness – whether the C2 framework produces the desired result, and to what level of accuracy Efficiency – the computational resources (space, time, messages) required to compute the result Security – the level of security of the orchestration process throughout the communication events Usability – the degree of difficulty in the installation, deployment, and operation of the C2 system Each of these measurements included several different experimental conditions that are reported, along with examples of the tests conducted. Presenters: Thomas Eskridge, Associate Professor, Florida Institute of Technology Marco Carvalho, Dean, College of Engineering and Computing, Florida Institute of Technology Note: Slides will be posted soon. https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1540663848733-592PQ8WYLMPJ4GO2EQ8N/Day+2+BS4+K7K8+-IACDPowerofCommunities_Page_01.jpg IC_October2018_PDFs - Power of Communities for the Evolution of Security Capabilities Abstract: In today’s threat landscape, the only way to disrupt attackers and protect an organization is to unite systems and people, forming a collective defense. There are many opportunities for collaboration on shared goals, allowing security teams to stretch their resources further. This session will discuss the value in leveraging the power of community for the evolution of security capabilities. Presenters: Lior Kolnik, Head of Security Research, Demisto READ MORE https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1540666364181-G7BZG9MI78MKFAVP550L/Day+2+BS5+AUD_IACD+Financial+Pilot+Results+For+Integrated+Cyber+2018_sm_Page_01.jpg IC_October2018_PDFs - Financial Sector Pilot Lessons Learned Abstract: IACD and the FS ISAC have been partnering with Mastercard, Huntington National Bank, and Regions Bank for the last year on an integrated pilot for enhanced information sharing and decision support. This talk will present the initial results of that pilot. Presenters: Charlie Frick, IACD Financial Sector Liaison, JHU/APL Nam Le, IACD Integration Team Lead, Senior Systems Engineer, JHU/APL READ MORE https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1540666375975-Z4VYLAS3XQSHJWG6OSCH/Day+2+BS5+K3K4+Accenture+-+Integrated+Cyber+-+threat+intel_FINAL_sm_Page_01.jpg IC_October2018_PDFs - Stop Chasing Indicators Abstract: Threat intelligence has grown out of a desire to better defend against known threats. Unfortunately, most threat intelligence today consists of a curated list of known malicious indicators. Using principles extracted from proactive threat-hunting methodologies, we propose a better way forward for threat intelligence. Presenters: Josh Day, Senior Threat Hunter, accenture Brad Rhodes, Senior Threat Hunter, accenture READ MORE https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1540666386195-ROSAAB9HR4S1OT2ZJALE/Day+2+BS+5+K7K8_Engineering+Principles+For+Developing+Advanced+Cybersecurity+Automations_Page_01.jpg IC_October2018_PDFs - Engineering Principles for Developing Advanced Cybersecurity Automations Abstract: Learn how adopting modular and decentralized design principles for automation scripts can help you keep up with the rapidly changing cyber landscape. Creating cybersecurity automations that keep up with the rapidly changing cyber landscape is hard. You need to balance the desire to follow a proper development life cycle with the need for rapid turnaround. The solution is adopting modular and decentralized design principles for automation scripts. Presenters: Matt Rodriguez, Cybersecurity Solutions Architect, Phoenix Cybersecurity Tom Goetz, Senior Cybersecurity Engineer, Phoenix Cybersecurity READ MORE https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1540847738669-G0HLBXFPUHYZJSW78X0E/Day+1+AM2+Integrated+Cyber_Parkes.jpg IC_October2018_PDFs https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1540956310890-78HPEM4R1ZS0KEILSUFU/Day+2+PM+Featured+Speaker_Gumtow.jpg IC_October2018_PDFs https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1540956951774-MMGHT325V9OLALA6258S/Day+2+BS5+TT+-+Future+of+Collaborative+Security.JPG IC_October2018_PDFs - The Future of Collaborative Security Abstract: Industry-wide, security teams are duplicating (and wasting) valuable time and resources to complete similar investigations, workflows, and threat responses. This is costly and unnecessary, especially when considering the ever-expanding threat landscape and global skilled staffing shortage. Imagine the alternative: Multiple organizations have investigation teams who agree to collaborate. One does an in-depth investigation, hunt, or mitigation and is able to share that process in real time with another organization. There are now multiple organizations and teams who are leveraging their skills and expertise to increase the efficacy of their collective SOCs. They are armed with the resources to prevent breaches and hunt for other threats while bolstering the security industry as a whole. Welcome to the future of collaborative security. Presenters: Cody Cornell, Cofounder and CEO, Swimlane Pedro Haworth, Head of Technology, Security Innovation Alliance, McAfee Note: There is no presentation available for this panel https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1540847770809-S08BTZLU7R3RZK9W3F2M/Day+1+BS1+Panel+-+HOR+-+Actionable+Information+Sharing.JPG IC_October2018_PDFs https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1540954480904-ZKYXDW5NR35NV0D6PHLL/10_2018+Day+1+-+Main+Stage+Briefing+Final_Harley+Parks_Page_01.jpg IC_October2018_PDFs - Integrated Cyber: Automated Information Sharing and the Power of Community Speaker: Harley Parkes, JHU/APL READ MORE https://www.iacdautomate.com/library daily 0.75 2020-02-28 https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1519845002213-RDB9HAYKJR5542NS086E/Background.jpg Library https://www.iacdautomate.com/iacd101 daily 0.75 2019-05-22 https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1520022321832-KATTAUQ29J87KPEHRSO3/IACD+Fast+Flexible+Sustainable.png IACD 101 Traits for Employing IACD https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1520016150511-WOAGUB0RS8UIG5L7HWQP/IACD+Baseline+Architecture.png IACD 101 IACD Baseline Architecture https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1520015603472-IMZ6Z1FEBL57VZ4EO2U0/IACD+Summary.png IACD 101 IACD One-Page Summary https://www.iacdautomate.com/contact daily 0.75 2022-06-07 https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1520101070346-FAUVF19Q9PHD7V3213ZQ/Background.jpg Contact https://www.iacdautomate.com/faqs daily 0.75 2021-04-01 https://www.iacdautomate.com/orchestration daily 0.75 2019-05-16 https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1552310697547-46KYNTPCTEIICEBQIBHP/IACD+Orchestration+Thin+Spec+20190301_Page_01.png Orchestration Orchestration Thin Specification https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1521125346142-KZYM83VZMU14SIKFLIKR/Basic+IACD+framework.png Orchestration Basic IACD Framework https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1534187850676-3HXJI6F9UVXGMUH2PF06/Low_Regret_Automated_Response_072018_Page_1.png Orchestration High-Benefit/Low-Regret Automated Actions as Common Practice https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1521125772585-E2MHU9TCD0YTBC30DZJR/IACD+Orchestrator+Trends.png Orchestration Trends in Technology https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1558034275590-7TSG8WGHJB2J8LPWVMT5/IACD+Trust+Paper.png Orchestration IACD Trust in Automation Whitepaper https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1538414919178-O73DZEWHF8AB03N5LOIE/SA%26OImplementerInsights092018_Page_1.png Orchestration Security Automation and Orchestration (SA&O) Implementer Insights https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1558033844905-C0FZ332KY380D21J6IOQ/SAO_to_support_Collaboration_Page_1.png Orchestration Security Automation and Orchestration Capabilities Supporting Intra-Organizational Collaboration https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1558029853090-CDIAMMS33V3YBVGQ68OK/IACD+Trust+Framework.png Orchestration IACD Trust Framework https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1558034091576-UHE14CTPUZHQBHWPBR4O/SAO+for+Actionable+Data_Page_1.png Orchestration Security Automation and Orchestration to Make Data Actionable https://www.iacdautomate.com/iacd-research daily 0.75 2021-08-25 https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1521055063017-83CRFJBKXP5GNSFVKR2T/IACD_logo.png IACD Research https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1520100634577-U23QD7VF5V20Q838AVYZ/WebBanner2.jpg IACD Research https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1521055031023-M3YD5LGA099L9EJNPHEL/IACD_logo.png IACD Research https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1520959404762-NRATF68BV4BOK2YYPZ9G/Ieee_blue.jpg IACD Research https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1521055045671-DRFR5HVGJYZJ8353V8Q2/IACD_logo.png IACD Research https://www.iacdautomate.com/information-sharing daily 0.75 2022-10-26 https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1615291809241-W0KVJ6E1KRTJ1OXILS3J/LowRegret+Cover+Page.png Information Sharing https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1551388011168-KSA3FT0WBZVX0ISX448R/Trends+in+Technology_Threat+Intelligence+Platforms_Approved_final_Page_1.png Information Sharing Trends in Technology: Threat Intelligence Platforms https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1520022751373-0RRU04VJ4JD5D0TMLXG4/AIS+logo.png Information Sharing https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1520023287808-L9HZPK0YP4CEIPEQ0XRE/IACD+Autoimmunity.png Information Sharing IACD Autoimmunity https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1520022841678-CZJDZK8M1AWQIJ8E8GRH/AIS_fact_sheet.png Information Sharing AIS Fact Sheet https://www.iacdautomate.com/national-health-care-workshop daily 0.75 2018-03-16 https://www.iacdautomate.com/past-iacd-events daily 0.75 2021-07-01 https://www.iacdautomate.com/march-2017-iacd-community-day daily 0.75 2018-03-23 https://www.iacdautomate.com/october-2017-integrated-cyber daily 0.75 2018-03-21 https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1521142084255-5OTIWRGSLME057BE7TCK/IACD_WHO.png October 2017 Integrated Cyber https://www.iacdautomate.com/october-2016-iacd-community-day daily 0.75 2018-03-23 https://www.iacdautomate.com/wemoved daily 0.75 2018-03-26 https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1522083076452-RHA73WZV01W99JWMRPEX/Background.jpg WeMoved https://www.iacdautomate.com/iacd-adoption-materials daily 0.75 2020-02-28 https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1525087785530-SPRA67D0EXQ5MIW7E98L/Strategy.png IACD Adoption Materials https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1524549931370-LPZ14G8AK2LTQG67S4BN/evaluate.png IACD Adoption Materials https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1524550223764-QF869E1PJ6UQWRVP78LU/Background.jpg IACD Adoption Materials https://www.iacdautomate.com/piloting-or-evaluating-for-integration daily 0.75 2019-02-07 https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1524856346645-A932LKS2FQEQB8YD2AD0/Fast%2C+Flexible%2C+and+Sustainable%3A+Bringing+%22and%22+to+Cybersecurity Piloting or Evaluating IACD Capabilities for Integration Fast, Flexible, and Sustainable: Bringing "and" to Cybersecurity https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1525091044110-47ZFOA3Q3FGK205PJO2N/Screen+Shot+2018-04-30+at+8.16.03+AM.png Piloting or Evaluating IACD Capabilities for Integration S-PET https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1525115345072-RGY5VKU15DVNTG5VFL2Z/Orchestration+Test+Drive+Guidance+ICON.png Piloting or Evaluating IACD Capabilities for Integration Orchestration Test Drive Guidance https://www.iacdautomate.com/integration-strategies daily 0.75 2021-03-31 https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1525183412972-NYPXY9N082CISNMQF529/Orchestration_Metrics_Page_1.png Integration Strategies for IACD Security Automation & Orchestration (SA&O) Metrics & Measures https://www.iacdautomate.com/may-2018-integrated-cyber daily 0.75 2019-01-22 https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1525979136967-PY2AOJ668UIWJQCO9WXX/day2_breakouts+3b_InsiderThreat_final.png May 2018 Integrated Cyber The FS-ISAC North American Insider Threat Working Group developed a framework to support efforts to manage insider threat to systems, assets, data, and capabilities. IACD partnered with this working group to provide playbooks to support implementation of certain processes identified in the framework. This partnership brought to light the value of automation to support insider threat program processes and activities. In this talk we will describe the framework, highlight the IACD playbooks and their relationship to the framework, and discuss the issues and opportunities related to the inclusion of security automation and orchestration. View Slides https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1526395645484-UMEDXYEJETXLMZJEGXGE/Peters_Wende_00100129.jpg May 2018 Integrated Cyber https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1525977319616-IVTTS2JF7DD2LQWWWPZQ/day1_breakouts+2c_DragosICSInfo_final.png May 2018 Integrated Cyber Threat detection and information sharing in ICD are two components essential to improving a network’s security posture. Mark will identify detection methodologies through threat-based analytics (TBAs) in ICS networks where anomaly detections are not practical. Real case studies will then be leveraged to demonstrate information-sharing programs both internal and external to an organization. View Slides https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1525975966703-5VM15P4NSIAUDR520HPR/day1_breakouts+1c_LLNL+modeling_final.png May 2018 Integrated Cyber Using T&C co-simulation to explore automated cyber threat detection and response strategies at scale, under various cybersecurity scenarios, to avoid or mitigate undesirable grid effects. View Slides (Coming Soon) https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1525979973079-BF564JKBTR5PO2N2827Z/day2_breakouts+4c_RefArchandOpenC2_final.png May 2018 Integrated Cyber Lessons learned from IACD pilots, and the operational realities that they provide, has evolved our understanding of the ecosystem. During this same time, the OpenC2 community has been working on their own pilots and reference implementations in an effort to understand and demonstrate the role of OpenC2 in the ecosystem, as well as highlight gaps. Come and find out what IACD has been doing to refine our architectural perspective and thinking, and understand how OpenC2 and other standards can fit within the evolving ICD Reference Architecture. Also hear about the great work happening in the OpenC2 community and where it is heading. View Slides https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1526401233111-2D0U5H7GKC0RWLSWFAHU/day2_breakouts+5e_AutomationSwimlane_final.png May 2018 Integrated Cyber As organizations invest in security automation and orchestration (SAO), how can they make the most of what they have to get the largest immediate return on that investment? How can organizations that have a limited investment in products and services use automation effectively? This talk will present insights into how to use your base infrastructure to improve your security posture in real time. View Slides (Coming Soon) https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1526400245465-0L9437OLWDGT9F6ISPZP/day2_breakouts+5a_FuturePanel_final.png May 2018 Integrated Cyber The acceptance of security orchestration and a wide variety of interoperable information-sharing products based on standards such as STIX/TAXII has started to create an ecosystem where automation rapidly responds to security indicators. In the near future, wide deployment of these tools and techniques based on shared workflows and recipes will address a number of problems from workforce shortages to automated malware propagation. But this is just an incremental step in the art of the possible. What are the next challenges and our envisioned future where these challenges are addressed by as-yet-uninvented solutions? A battle royal between autonomous attackers and defenders? This panel brings together futurists, policy makers, scientists, vendors, and critical infrastructures to discuss their view of the next set of grand challenges in automated cyber and how we will interact with these technologies. View Slides https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1525965787726-N21FVB5CDK3KQQQLV0N8/AlanPaller.jpg May 2018 Integrated Cyber https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1525978374520-ETG8LD8VYNFCPY53MNW4/day1_breakouts+2e_IACDatDOE_final.png May 2018 Integrated Cyber The Department of Energy implemented a number of automation workflows on their network. Many lessons were learned through the actual application of tools to a live system. View Slides https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1525977054468-S6CJBJV4AULICRNULB03/day1_breakouts+2a_FutureOrchPanel_final.png May 2018 Integrated Cyber There are many new products on the market that have automation at their core, and their goal is to increase the speed and scale of cyber defense. They reflect IACD principles and tenets, and yet, if you buy them and try to integrate with the current IACD framework using existing security orchestration methodologies, you may find it hard to realize their full value. This should not be the case. How does security orchestration need to evolve to optimally support the inclusion of an advancing market in automated defenses, analysis, decision-making, and information integration? View Slides https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1525980465106-37ML8XRROMHJO90PEX0Q/day2_breakouts+4e_IndLangNewContext_final.png May 2018 Integrated Cyber Automated remediation is a key technology for CES-21 research. New Context has led the research for the indicator remediation language using STIX. Standards like STIX, TAXII, and OpenC2 are examples that provide a foundation for infrastructure to perform machine speed threat detection, sharing, and response. Due to the sensitivity of the content, this presentation cannot be posted. https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1525979250487-69ML7XOLN95XDOY40C37/day2_breakouts+3a_STIX_final.png May 2018 Integrated Cyber With the release of STIX 2.0 last year and the new features being added in STIX 2.1, the security community now has a simple and powerful means of expressing potentially complex but actionable cyber threat intelligence. This presentation will present an overview of STIX 2.0/2.1 with an emphasis on how these new capabilities can be employed in sharing ecosystems to achieve operational goals. View Slides https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1525977203263-UUFVX0BRCZJWEPV466WV/day1_breakouts+2b_BirdsPilots_final.png May 2018 Integrated Cyber Pilot efforts foster adoption by demonstrating how to deploy the IACD framework and strategy on actual production networks. The financial sector is an ideal candidate due to the sophistication of its security teams and processes. An integrated pilot helps identify gaps and best practices for information sharing to drive automated defense. This presentation will cover the completed Discovery and Design phases and the plans for the Execution phase. Hear how differences in organizations, structures, policies, environments, and tolerances translate into different solutions able to utilize the common IACD framework. See a demonstration of the process, hear insights into technical and overall implementations, and discuss a list of metrics of success. View Slides https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1525976372047-TKKBIQ875NNME0ZFKMA5/day1_breakouts+1e_AreYouReady_final.png May 2018 Integrated Cyber Organizations often move too quickly to pilot an SA&O product without considering and planning for all the essential steps that need to happen first. And as a result, they may not achieve the success they were expecting, will quickly grow frustrated, and give up on the idea of implementing IACD altogether! But there’s no need for that to happen! This session introduces the Draft IACD Readiness Framework and identifies the key areas that your organization should address for long-term success. The Framework progresses through the readiness stages of Adoption, Piloting, Initial Deployment, Improvement, and Long-term Sustainment. View Slides https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1526396583096-C8Q9T93C8OBNQS56YFZM/Jasper_Scott.jpg May 2018 Integrated Cyber https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1525979886137-7W9JQG1QA793QL2B81VP/day2_breakouts+4b_automating+ThreatIntelDonnie_final.png May 2018 Integrated Cyber This session gives an overview of the challenges a financial institution faces in vetting, applying, and responding to threat intelligence. The volume of threat indicators puts a strain on resources to filter through the noise and discover credible, actionable threat indicators in a timely fashion. Security analysts are spending too much time enriching indicators and responding to alerts. After examining the current-state process, a future-state process, leveraging security automation, is presented. View Slides https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1526396645821-JKH4ZZVAEJ3NM8IBGUFA/Pincever_Natalio_PAN.jpg May 2018 Integrated Cyber https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1525979606940-9YCYBXFMSXOU0LOSNHV8/day2_breakouts+4a_metricspanel_final.png May 2018 Integrated Cyber How do metrics and measures aid organizations in recognizing SAO benefits, value, and effects? View Slides https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1526396961832-VUVC3HLFQOEKH7UW4ZPU/Fitzgerald_Shawn_PaloAltoNetworks.png May 2018 Integrated Cyber https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1525976165340-IDVEGDAI88FTXZH4CRHO/day1_breakouts+1d_AdvDecMaking_Darklight_final.png May 2018 Integrated Cyber This talk will provide an overview of the knowledge engineering and science of security scientific knowledge management that is needed to support advanced decision-making augmentation and automation in a future integrated cyber defense ecosystem with AI-driven cyber defenses. We’ll explore a cyber effects matrix visualization to discuss cybersecurity decision patterns centered on adversary TTPs (problems) and what “effect/effects” (solutions) the defender can have on the adversary’s activity (TTPs) across the cyber attack life-cycle and the context from IACD sense-making needed for advanced decision-making support, augmentation, and automation in the future ecosystem. View Slides https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1525964453236-FJQ14OVAWR8Y0S93N1Q8/RickDriggers.jpg May 2018 Integrated Cyber https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1527091009798-FNGDEJAWNZCV90D8HY03/Day2_Breakout_Session03_ReversingWorkflows.png May 2018 Integrated Cyber Whenever an organization creates a workflow that enacts actions that can negatively impact their environment, they must think about how to monitor for such impacts, and how to reverse the action or mitigate the impact. In this session, we present some thoughts on different shades of reversibility in the context of security automation and orchestration, as well as some generic ways to achieve reversibility. Finally, we report some initial observations from experimental implementations of selected, fully automated, reversible workflows. View Slides https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1525977997599-4B3JZZ2CWXQGENNGDLNT/day1_breakouts+2d_AIS2_final.png May 2018 Integrated Cyber What are key focus areas for AIS in the near future? Making indicators more operationally relevant by increasing context and confidence scoring • Properly measuring indicator timeliness, quality, and value • Continuing to be seen as a technology leader in CTI sharing standards View Slides (Coming Soon) https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1525980125177-SGJ101X4RAF31G61103Q/day2_breakouts+4d_IACDCommofInterest_final.png May 2018 Integrated Cyber This session will be the third, quarterly meeting of the IACD Integrator’s Community of Interest (COI). The focus of the COI is to facilitate discussions around how we can advance the “adoption” of IACD concepts across a broad range of customer operational environments. The meeting’s agenda topics will consist of an overview of the COI purpose and goals, presentations by IBM Resilient’s use of automation for Incident Response, lessons learned from an orchestration pilot with U.S. Bank and the future focus of the COI. View Slides https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1525978842691-R274PYT6Q4DZXGB0GBO1/day2_02_main_Jasper.png May 2018 Integrated Cyber View Slides https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1526400825931-VKQ6EH642RPHRLG7B4EA/image-asset.png May 2018 Integrated Cyber The term “middlebox” includes any device between user end points other than a transparent switch. Middleboxes are essential to the operation of all telecommunication and ICT networks today, and large infrastructures will typically have thousands of ubiquitously deployed middleboxes. The current standards effort in ETSI is to specify protocols to enable trusted, secure communication sessions between network end points and one or more middleboxes using encryption. The specification is intended to facilitate implementation profiles for a wide array of implementations and applications. This talk will describe current efforts and how you can get involved. View Slides (Coming Soon) https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1526401294955-H3HQFDORPIXIIQZRO6VY/day2_breakouts+5d_QKDandSSP_final.png May 2018 Integrated Cyber Quantum key distribution is a new tool for generating shared random keys that can be securely distributed between devices for simplified authentication and encryption. When used with the new Secure SCADA Protocol for the 21st Century (SSP-21) protocol, this new technology is being integrated into industrial control systems associated with the electrical power industry. This joint presentation will describe the technology, the protocol, and its most recent applications. View Slides https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1526401526989-9W9B91Q07X7C4E8LO5HT/image-asset.png May 2018 Integrated Cyber A recommendation on how to get to where the sector needs to be related to information sharing. View Slides https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1525979045961-DLEU0UE1YSQM21XJ3K2K/day2_breakouts+3c_BlueSkySOCAuto_final.png May 2018 Integrated Cyber IT O&A research has been applied to ICS cyber research and adapted to a utility SOC environment. Today’s research topic areas and the current data science toolbox are relevant to future ICS research. View Slides (Coming Soon) https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1525975666586-MXXYJVBTNYUJ52IHI8KT/day1_breakouts+1b_MOSAICS_final.png May 2018 Integrated Cyber This session will discuss the current threat against Industrial Control Systems (ICS) and will provide an overview of the DoD’s proposed MOSAICS concept demonstration. MOSAICS will leverage and integrate existing and developmental technologies from government labs, academia, and industry to provide robust situational awareness and defense of critical infrastructure. By extending advanced sensing and visualization solutions into ICS networks and even to some embedded systems, MOSAICS will provide the data feeds and situational awareness necessary to enable automated analysis, course of action development, and response actions required for timely defense of these critical systems. View Slides https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1525975347098-7K6AJN4S445VRVB8SBVH/day1_breakouts+1A_ISAC+Pilot_final.png May 2018 Integrated Cyber The partnership with the Financial Sector was a perfect opportunity for an integrated pilot – one which includes both the generation and distribution of the information to be acted upon as well as the actions taken by the organizations receiving this information. An integrated pilot provides the opportunity to identify capability gaps and best practices for information sharing that drives automated defense. This talk will present the motivation and accomplishments to date of the FS-ISAC portion of our financial sector integrated pilot, as well as highlight key insights and what they imply for information sharing organizations. We will also identify some characteristics of the future ecosystem derived from lessons learned during the design phase of the pilot. View Slides https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1526401019961-Y033MHXKZMWVKIYT98V3/day2_breakouts+5c_SharingWorkflows_final.png May 2018 Integrated Cyber In an effort to advance the sharing of orchestration workflows, JHU/APL identified a level of detail that seemed appropriate for cross organizational sharing and created a reference implementation. The reference implementation uses BPMN with data objects representing variables and OpenC2-like commands. Cybersponse, a key supporter of the extended cyber defense community and associated standards, partnered with APL to refine the reference implementation. This refinement is based on the perspective of how an orchestrator could ingest and represent the imported workflow in a manner that simplified tailoring for a specific environment, adding in automation as desired. This session provides a demonstration of the reference implementation and discusses how it can be ingested and used within Cybersponse. View Slides https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1525979431534-LA9JM5ZLRDBIXB2BRUP6/day2_breakouts+3e_AreYouReady2_final.png May 2018 Integrated Cyber Organizations often move too quickly to pilot an SA&O product without considering and planning for all the essential steps that need to happen first. And as a result, they may not achieve the success they were expecting, will quickly grow frustrated, and give up on the idea of implementing IACD altogether! But there’s no need for that to happen! This session introduces the Draft IACD Readiness Framework and identifies the key areas that your organization should address for long-term success. The Framework progresses through the readiness stages of Adoption, Piloting, Initial Deployment, Improvement, and Long-term Sustainment. View Slides https://www.iacdautomate.com/upcoming-events daily 0.75 2021-07-01 https://www.iacdautomate.com/playbook-and-workflow-examples daily 0.75 2020-08-12 https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1545157219975-VWHRAB8U0E6E7KWOZIV4/potential+malicious+indicator+identified Playbook and Workflow Examples https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1597237681657-R90C5IMU9OEWFGWAP9VS/ReportPictureSmall.png Playbook and Workflow Examples https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1547500442410-6SZSQ15KNTO081DSQ08U/localInstanceExample Playbook and Workflow Examples https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1545157115519-GDDQ30BNF7390PLBQTNR/Suspicious_Email_Screen_Shot.png Playbook and Workflow Examples https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1539649287565-CQVLFW8SY45NC8PFHC3U/playbooksArrow.png Playbook and Workflow Examples Detail at the Three Levels of Orchestration Abstraction https://www.iacdautomate.com/intro-to-playbooks-and-workflows daily 0.75 2019-03-18 https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1521721684082-RUAPYS164IYHZIKWG95J/PlaybookThinSpec.png Intro to Playbooks and Workflows IACD Playbook Thin Specification https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1552943665243-1G96D41AH58U73K1YG78/How+to+build+IACD+Playbooks.png Intro to Playbooks and Workflows How to build an IACD Playbook https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1521721977202-SO9A2TA4XY86NJW02DHO/image-asset.png Intro to Playbooks and Workflows Introduction to IACD Playbooks https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1521722073578-35TBWB7Z9T0DMXJIJBST/IACD+Playbook++Content+Types.png Intro to Playbooks and Workflows Types of Content in an IACD Playbook https://www.iacdautomate.com/october-2018-integrated-cyber daily 0.75 2018-11-02 https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1539187443840-W7EOQ8M5P7CX39K7K9YP/Sponsor%2B-%2BPlatinum%2BGeneral%2BDynamics%2BIT.jpg October 2018 Integrated Cyber https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1539187458976-OTFZNQ6DO4ZCLLI1CW3M/Sponsor%2B-%2BGold%2BSponsor_DarkLight.jpg October 2018 Integrated Cyber https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1539187468615-H37QX17956OMB6VYDS7S/Sponsor%2B-%2BSilver%2BCyberSponse_NewLogo_AdaptiveSecurity-HighRes.jpg October 2018 Integrated Cyber https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1539187481778-B5P2DZEW1V3KHA4NDD5C/Sponsor%2B-%2BSilver%2BSwimlane.jpg October 2018 Integrated Cyber https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1539187490922-54IQ83JZHXKKYKARVI5S/Sponsor%2B-%2BNonProfit%2BCSI.jpg October 2018 Integrated Cyber https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1539187500157-FZXB2B6I1Z90HKJG5LJZ/Sponsor%2B-%2BNonProfit%2BGlobal%2BCyber.jpg October 2018 Integrated Cyber https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1539187510018-BBANYZPCLKFL9YIREN8V/Sponsor%2B-%2BNonProfit%2BIncidentResponse.jpg October 2018 Integrated Cyber https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1540869753125-D46FOVKHJESX2EZYD8IK/Day+1+AM1+Keynote+Speaker_Ziring.jpg October 2018 Integrated Cyber Presentation is not available for this talk. https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1540870679917-WO5I4FVWEJFB1Z7QPR37/Day+2+PM+Featured+Speaker_Gumtow.jpg October 2018 Integrated Cyber Presentation is not available for this talk at this time. https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1540955049501-019AIQ7W8NPTMDHS44DB/10_2018+Day+1+-+Main+Stage+Briefing+Final_Harley+Parks_Page_01.jpg October 2018 Integrated Cyber Click here to view this presentation. https://www.iacdautomate.com/adopt daily 0.75 2019-07-22 https://www.iacdautomate.com/getting-ready-for-soar daily 0.75 2019-02-27 https://www.iacdautomate.com/deploy daily 0.75 2019-07-22 https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1550207479312-W1Y41FPEERQXLEHWL9XE/pilot_deploy.png Deploy From Pilot to Initial Deployment - View full size image Select the links below for more detailed guidance and other resources to help you: Execute Pilot Evaluate Pilot Results Select Focus for Initial Deployment Evaluate and Acquire Resources Prepare Environment and Personnel Ready to Initially Deploy SOAR https://www.iacdautomate.com/sustain daily 0.75 2019-07-22 https://www.iacdautomate.com/upgrade daily 0.75 2019-07-22 https://www.iacdautomate.com/pilot daily 0.75 2019-07-22 https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1550206442438-DORS2W3V0IDVOS6S3LLO/adopt_pilot.png Pilot From Business Case to Pilot - View full size image Select the links below for more detailed guidance and other resources to help you: Take Stock of Your Environment Define Processes and Workflows Select the Right SOAR Tool Select Pilot Products and Data Plan Pilot Ready to Pilot https://www.iacdautomate.com/iacd-feedback-form daily 0.75 2019-03-22 https://www.iacdautomate.com/conceptual-reference-models daily 0.75 2019-03-11 https://www.iacdautomate.com/call-for-webinar daily 0.75 2019-06-21 https://www.iacdautomate.com/may-2019-integrated-cyber daily 0.75 2019-06-21 https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1557457618193-UCWAJ1G6S9D2WME4Z10G/The+Evolution+of+IACD+Presentation May 2019 Integrated Cyber Click here to view this presentation. https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1557551219102-6EFWSLC8JPN8JUBPKIT9/3+KYNT+Barnes.PNG May 2019 Integrated Cyber https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1558117707174-7QDFQTPXE8F9Q6KCY8IC/Peters_Wende_00100129.jpg May 2019 Integrated Cyber Speaker: Wende Peters https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1557457372976-YTTYIOVBTYWVM8GB2OJY/Parkes_Harley_APL.jpg May 2019 Integrated Cyber Speaker: Harley Parks https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1557468355867-95UXYS15WM8QULRXG3FE/2+Keynote+Gordon.png May 2019 Integrated Cyber * Note: Slides were not used for this presentation. https://www.iacdautomate.com/videos daily 0.75 2019-07-24 https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1564001375442-MWOS37XQWS9282SPRAKN/YouTubePlaylistIcon.png Videos Click on the playlist icon on any video to view a list of videos for that playlist. https://www.iacdautomate.com/the-evolution-of-the-cybersecurity-ecosystem-journal daily 0.75 2021-06-14 https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1570506192098-FIFZUG9VQM0GS5EY454D/Charles_Schmidt__Mitre.png The Evolution of the Cybersecurity Ecosystem Journal https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1570496072369-P53DKQCKG7RCV6QIWBNO/bannerOption2.png The Evolution of the Cybersecurity Ecosystem Journal https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1570507530343-DJ4I7HR5FYIE3PNRJN1C/Philip_Reitinger__GCA.png The Evolution of the Cybersecurity Ecosystem Journal https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1570507476331-KS17GUK13VA2ZFZJ7QV3/Tony_Sager__CIS.png The Evolution of the Cybersecurity Ecosystem Journal https://www.iacdautomate.com/journal-authors daily 0.75 2019-10-09 https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1570510052948-D152LQY7V2G85LN134KE/Bret_Bergman__PIPAmerica.png Journal Authors https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1570513892097-JJN800ZK36BU8MPXF69Z/Phillipe_Langlois__Verizon.png Journal Authors https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1570514907342-CP53P3OUDXLMRN5IRQ4C/Charles_Schmidt__Mitre.png Journal Authors https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1570514762473-7QYJY91M7NHUUA7RISHL/Kumar_Saurabh_LogicHub.png Journal Authors - Kumar Saurabh https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1570515262455-HCFHUO4F24MB7QKV9RV0/Donnie_Wendt__Mastercard.png Journal Authors https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1570511383601-NHKKZ9AFFM4T125GNIP2/joe_brule__OASIS.png Journal Authors https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1570515136446-I48SM2OMBTLL3JMAIRW5/Kim_Watson__JHUAPL.png Journal Authors https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1570510391626-0HW593TWMK8L462S27CV/image-asset.png Journal Authors - Shawn Riley Executive Vice President, The Center for Strategic Cyberspace and Security Science A recognized thought leader in the defense and intelligence communities, Shawn Riley, Executive Vice President at The Center for Strategic Cyberspace and Security Science, brings over 25 years of cyber security, all source cyber threat intelligence, and artificial intelligence experience with an unparalleled understanding of the pitfalls that overtake modern security teams. https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1570508789408-K8RVWIV4FA09B25JJSLR/TheEvolutionOfTheCybersecurityEcosystem_Banner.png Journal Authors https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1570514047457-CDZ3DWTG2BOLR1IANGZR/Kathy_Lee_Simunich_ANL.png Journal Authors https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1570513682119-P8KV5211E4OCJUZXJGQW/Geoff_Hancock__AdvancedCybersecurityGroup.png Journal Authors https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1570514176073-S9XNL7ZWPG5TTQPOEL92/Aubrey_Merchant_Dest__Symantec.png Journal Authors https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1570509680927-7KI56JUT9QT3ICKJRZFW/TK_Keanini_Cisco.png Journal Authors https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1570510290771-QKE6MJLVHUOEMTRWYH6R/Philip_Reitinger__GCA.png Journal Authors - Philip R. Reitinger President and CEO, Global Cyber Alliance Philip Reitinger has served as the President and CEO of the Global Cyber Alliance since December 2015. GCA is a non-profit organization focused on eradicating cybersecurity risks – risk by risk. Formerly he filled senior cybersecurity roles at VisionSpear LLC, Sony and Microsoft. In 2009 Mr. Reitinger was appointed as the Deputy Under Secretary for the National Protection and Programs Directorate at DHS. He also served as the first Executive Director of the DoD’s Cyber Crime Center, and as Deputy Chief of the Computer Crime and Intellectual Property Section at DOJ. Mr. Reitinger has been awarded the Secretary of Homeland Security’s Distinguished Service Medal and the Attorney General’s John Marshall Award. https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1570510445395-GOIRU8EDPO33BBJ9JR0B/Tony_Sager__CIS.png Journal Authors - Tony Sager Senior Vice President and Chief Evangelist, CIS Tony Sager is a Senior Vice President and Chief Evangelist for CIS (The Center for Internet Security). In this role, he leads the development of the CIS Controls, a worldwide consensus project to find and support technical best practices in cybersecurity. Tony also serves as the Director of the SANS Innovation Center, a subsidiary of The SANS Institute. Tony retired from the National Security Agency (NSA) after 34 years as an Information Assurance professional. He started his career in the Communications Security (COMSEC) Intern Program, and worked as a mathematical cryptographer and a software vulnerability analyst. In 2001, Tony led the release of NSA security guidance to the public. He also expanded the NSA’s role in the development of open standards for security. Mr. Sager holds a B.A. in Mathematics from Western Maryland College and an M.S. in Computer Science from The Johns Hopkins University. https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1570514269463-KSKE3XFGQ273UNHEC6BG/Kathleen_Moriarity_EMC.png Journal Authors https://www.iacdautomate.com/state-of-machine-learning daily 0.75 2019-10-09 https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1570502526260-F0Q0ZVLIWPVPXNS8GJNN/ArtificialIntelligenceBanner.png State of Machine Learning https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1570502579978-04IVC0B2D6CKMMAF62UI/TK_Keanini_Cisco.png State of Machine Learning https://www.iacdautomate.com/the-state-of-the-operational-ecosystem daily 0.75 2019-10-08 https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1570507223522-E0ULOL1MIA2EBFJRQVS4/Philip_Reitinger__GCA.png The State of the Operational Ecosystem https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1570507420644-HPEZ9B6KUQ2Z8NO5LO16/TheEvolutionOfTheCybersecurityEcosystem_Banner.png The State of the Operational Ecosystem https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1570507286027-47JM0ABV0EY0S49DMQSN/Tony_Sager__CIS.png The State of the Operational Ecosystem https://www.iacdautomate.com/conversational-topic-artificial-intelligence daily 0.75 2019-10-08 https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1570496591332-G75U59N1TGM57NN7WPFP/ArtificialIntelligenceBanner.png Conversational Topic: Artificial Intelligence Home https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1570422021730-ATBMI7G9TP6ATT11K7XM/ShawnRiley+-+DarkLight.PNG Conversational Topic: Artificial Intelligence Home https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1570423824944-QGEUER7J2EM1I6D0S3WN/cisco-transparent.png Conversational Topic: Artificial Intelligence Home https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1570422041082-119KL12THXKXJHUYMU22/image-asset.png Conversational Topic: Artificial Intelligence Home https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1570423743456-JZXI7TURQ1KWCTPWHVDB/image-asset.jpeg Conversational Topic: Artificial Intelligence Home https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1570420883685-0AIRG85D7KF98MYFG3R9/Kumar+Saurabh+Logichub.jpeg Conversational Topic: Artificial Intelligence Home https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1570420930251-0IWQ38ULQYYN6RFTLZCV/logichub+logo.png Conversational Topic: Artificial Intelligence Home https://www.iacdautomate.com/how-to-measure-and-improve-decision-automation-for-cybersecurity-next-gen-soar daily 0.75 2019-10-08 https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1570501166053-ARIR71DB3OSDQUYUINAH/ArtificialIntelligenceBanner.png How to Measure and Improve Decision Automation for Cybersecurity (Next Gen SOAR) https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1570501089452-JWQAOLPAHXJIQANC571A/Kumar_Saurabh_LogicHub.png How to Measure and Improve Decision Automation for Cybersecurity (Next Gen SOAR) https://www.iacdautomate.com/thoughts-about-ai-in-cybersecurity daily 0.75 2019-10-08 https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1570502378135-MXO98DH9UODSJ21TAR6H/ArtificialIntelligenceBanner.png Thoughts about AI in Cybersecurity https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1570423421584-3Q36ZH7R6UKZAQCZCQH9/AI_In_CyberSecurity_image-1.png Thoughts about AI in Cybersecurity https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1570502240505-ZEYRL1XBXB901N1XNQH2/Shawn_Riley_DarkLight.png Thoughts about AI in Cybersecurity https://www.iacdautomate.com/spotlight-on-standards-lessons-learned-from-scap daily 0.75 2019-10-08 https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1570508225319-A6EHVY8G6RBPBHFI81LI/Charles_Schmidt__Mitre.png Spotlight on Standards: Lessons Learned from SCAP https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1570508166626-BCV35D4WM1249HM8FD4C/TheEvolutionOfTheCybersecurityEcosystem_Banner.png Spotlight on Standards: Lessons Learned from SCAP https://www.iacdautomate.com/conversational-topic-operations daily 0.75 2019-10-08 https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1570522162635-GRBYKL078A3MQRK1A24E/OperationsBanner.png Conversational Topic: Operations https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1570521874881-DQWH4REKXL6SNFZY2TXJ/Donnie_Wendt__Mastercard.png Conversational Topic: Operations https://www.iacdautomate.com/driving-forces-for-security-automation daily 0.75 2019-10-08 https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1570516052505-CWAPYZQJ9L0PU63YENQN/BusinessBanner.png Driving Forces for Security Automation https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1570522335058-MEKM79LQU4444F177W41/Donnie_Wendt__Mastercard.png Driving Forces for Security Automation https://www.iacdautomate.com/conversational-topic-ecosystem daily 0.75 2019-10-09 https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1570527227415-AFI92JL39VB7EXPSNAZ3/joe_brule__OASIS.png Conversational Topic: Ecosystem https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1570526417356-Z5IEWHAWF7H7QEOILQX8/Aubrey_Merchant_Dest__Symantec.png Conversational Topic: Ecosystem https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1570526845695-PHNT1CSNHJ5M9YP4MLB9/Kathleen_Moriarity_EMC.png Conversational Topic: Ecosystem https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1570526325913-FM4EIKCYQBBUC0R7SNJO/EcosystemBanner.png Conversational Topic: Ecosystem https://www.iacdautomate.com/industry-insights-crossing-the-great-divide daily 0.75 2019-10-08 https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1570520841670-SG6WSUMY0CT5M37HSGSU/Bret_Bergman__PIPAmerica.png Industry Insights: Crossing the Great Divide https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1570516052505-CWAPYZQJ9L0PU63YENQN/BusinessBanner.png Industry Insights: Crossing the Great Divide https://www.iacdautomate.com/shared-ecosystem-push-from-evolving-standards daily 0.75 2019-10-08 https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1570528015849-7NFWLEY5SZEBQTFFALX8/CommunityBanner.png Shared Ecosystem Push from Evolving Standards https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1570528798452-4T0W714B4LQ8YZAH3CFZ/Kathleen_Moriarity_EMC.png Shared Ecosystem Push from Evolving Standards https://www.iacdautomate.com/conversational-topic-community daily 0.75 2019-10-08 https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1570523655924-ZQ9LPM87ZFIILFX1JJHO/CommunityBanner.png Conversational Topic: Community https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1570525115420-F45T5UTJO2BB8BTDVCPA/Kim_Watson__JHUAPL.png Conversational Topic: Community https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1570525858024-SQNQJABESZZAF12LTSXP/Kathy_Lee_Simunich_ANL.png Conversational Topic: Community https://www.iacdautomate.com/evolution-of-cybersecurity-communities daily 0.75 2019-10-08 https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1570524118976-D0RG2G7NSV7JN0T4ZYCU/CommunityBanner.png Evolution of Cybersecurity Communities https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1570524719308-WPLB1PK22U4DNNYIX1KF/Kim_Watson__JHUAPL.png Evolution of Cybersecurity Communities https://www.iacdautomate.com/conversational-topic-business daily 0.75 2019-10-08 https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1570522055986-IDPOF8CK6PT4JKAY23MC/BusinessBanner.png Conversational Topic: Business https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1570520091815-LZZJRP3HC13AWPX1QWYL/Philippe_Langlois__Verizon.png Conversational Topic: Business https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1570520388906-QUQ5BSC1355QAPJ7H9BE/Bret_Bergman__PIPAmerica.png Conversational Topic: Business https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1570519503512-RP02OP27B4NK65PEP0R7/Geoff_Hancock__AdvancedCybersecurityGroup.png Conversational Topic: Business https://www.iacdautomate.com/building-business-resilience-through-cyber-automation daily 0.75 2019-10-08 https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1570517366634-4O8FKH5JDSEIGFNT2TYM/Geoff_Hancock__AdvancedCybersecurityGroup.png Building Business Resilience Through Cyber Automation https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1570516052505-CWAPYZQJ9L0PU63YENQN/BusinessBanner.png Building Business Resilience Through Cyber Automation https://www.iacdautomate.com/the-cyber-fed-model-creating-communities-of-trust-lessons-learned daily 0.75 2019-10-08 https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1570524118976-D0RG2G7NSV7JN0T4ZYCU/CommunityBanner.png The Cyber Fed Model: Creating Communities of Trust – Lessons Learned https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1570524231294-QHC3D960VKNNV5G12O3Z/Kathy_Lee_Simunich_ANL.png The Cyber Fed Model: Creating Communities of Trust – Lessons Learned https://www.iacdautomate.com/a-case-for-standardizing-tooling-capabilities-language daily 0.75 2019-10-09 https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1570518988412-NUKJJ3M7YL4YWZH1HX99/Philippe_Langlois__Verizon.png A Case for Standardizing Tooling Capabilities Language https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1570516052505-CWAPYZQJ9L0PU63YENQN/BusinessBanner.png A Case for Standardizing Tooling Capabilities Language https://www.iacdautomate.com/a-shared-ecosystem daily 0.75 2019-10-09 https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1570528450659-JBZHBH2D5ZONNXXQAVA9/Aubrey_Merchant_Dest__Symantec.png A Shared Ecosystem https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1570527986448-ZE4D5F8794CWY13VLI7K/CommunityBanner.png A Shared Ecosystem https://www.iacdautomate.com/industry-insights-shared-standards-openc2 daily 0.75 2019-10-08 https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1570528043341-9MUI9OBG1FCRJ2G4GYZX/EcosystemBanner.png Industry Insights: Shared Standards - OpenC2 https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1570528131335-RBXL0REMWG7887WWJDM0/joe_brule__OASIS.png Industry Insights: Shared Standards - OpenC2 https://www.iacdautomate.com/home daily 1.0 2021-01-25 https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1575909306871-TA99G8A7WGDSFQPD6BK8/PlaybooksAndWorkflows_icon.png Home https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1575909150134-85QPIOGMVQUTWCTPKTYS/QuickStartGuice_icon.png Home https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1575909386696-IXJEKVDVWUQ1H5JYGXHY/image-asset.png Home https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1584465873675-SSD02AHSQ9ZV7RX6HM8O/homepageBanner.png Home https://www.iacdautomate.com/aboutiacd daily 0.75 2020-02-21 https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1581684017624-EG17TSC4G6RNYZI022HP/JHU_DHS_NSA.png About IACD https://www.iacdautomate.com/join-our-technical-community-for-soar-applications daily 0.75 2020-03-27 https://www.iacdautomate.com/sltt-pilot-shareable-workflows daily 0.75 2020-12-03 https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1607019571559-R7YSPCMVTSQ1WWLO9RDL/Pilot+Overview.png SLTT Pilot Shareable Workflows https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1597236642701-IEQ1XDU8MDEP5FHLHFD8/ReportPictureSmall.png SLTT Pilot Shareable Workflows Get the Report https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1597236990205-SPHBZ8VFEH0TCZQVEYJI/BPMN+Folder+IconSmall.png SLTT Pilot Shareable Workflows Download BPMN (XML) versions of the workflows https://www.iacdautomate.com/iacd-updates-archive daily 0.75 2021-01-05 https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1607017060427-05X7XMKIIKC3CC6P54EY/MOSAICS-LOGO-1.jpg IACD Updates Archive https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1575911553969-V4YG7IT8KNPH2SRPH8UW/TheEvolutionOfTheCybersecurityEcosystem_Banner.png IACD Updates Archive https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1584465851606-Q2NQT5YY9LUE4Z1OFPSM/IACD+Community.png IACD Updates Archive https://www.iacdautomate.com/iacd-community-conversations daily 0.75 2020-12-16 https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1605702960130-GU658F2B7EQM83K32P6J/image-asset.png IACD Community Conversations https://www.iacdautomate.com/soar-security-considerations daily 0.75 2021-05-04 https://www.iacdautomate.com/soar-cti-best-practices daily 0.75 2021-10-27 https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1622808975612-P0CLRHXOR1YYO1ZUDH79/Thumbnail+Preserve+Content.png Best Practices for SOAR and CTI Sharing - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1622817695933-LLL0T057DABZJRXO60FU/BPMN_Workflow_Dependency_Map.png Best Practices for SOAR and CTI Sharing - Sample SOAR Workflow Repository A set of shareable workflow templates in Business Process Modeling Notation (BPMN) aligned to the NIST Cybersecurity Framework. Use these to help you design your own SOAR workflows for various security use cases. https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1622809021026-3MUEF1TIDAFHAGWWB9ZB/Thumbnail+Automation+Potential.png Best Practices for SOAR and CTI Sharing - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1622808934454-2WOEJT46B8VGN3F0KD6G/Thumbnail+Assessing+CTI+Feeds.png Best Practices for SOAR and CTI Sharing - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1624553505798-G9OAP4FQB7LTWE74IQVJ/Thumbnail+Assessing+Automation+Potential.png Best Practices for SOAR and CTI Sharing - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1622808908864-8FS1U2J9GA48RHK8RCR8/Thumbnail+OpValue.png Best Practices for SOAR and CTI Sharing - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1624553621318-1E6I8ERKU9RPDFFZVSZM/Thumbnail+Efficient+Process+Automation.png Best Practices for SOAR and CTI Sharing - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1622818353906-IN4OJ9Y5PYLAQYJLPDYG/Low+Regret+Thumbnail.png Best Practices for SOAR and CTI Sharing - “Low-Regret” Methodology Detail Detailed description of the “Low-Regret” methodology and sample workflows to implement it for the evaluation of Cyber Threat Intelligence https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1622809054772-G6T6RF89BH5M2ZMB4JZE/Thumbnail+Low+Regret+Triage.png Best Practices for SOAR and CTI Sharing - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1622809123452-D5WJELIXZ13TPRIZS5SJ/Thumbnail+Low+Regret+Response.png Best Practices for SOAR and CTI Sharing - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1622816958691-TLT17VC1JYGWW28WVJWJ/Thumbnail+Info+Centric.png Best Practices for SOAR and CTI Sharing - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1622808953828-89PM3DOPZSKT9PME7RBU/Thumbnail+Service+Models.png Best Practices for SOAR and CTI Sharing - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1622807633812-DCVOQTY8U4C3WX7JKIHS/IACD_Community.png Best Practices for SOAR and CTI Sharing - Best Practices and Guides for Security Automation and Cyber Threat Intelligence Sharing A collection of resources to help you and your organization protect your networks against cyber attack. https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1622809138302-SRGJRZJSVP4P7GPO60R3/Thumbnail+Orch+of+IT.png Best Practices for SOAR and CTI Sharing - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://www.iacdautomate.com/mosaics-industry-day daily 0.75 2021-07-01 https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1625139643283-ON8AUB4W4RVC6BJ2286S/MOSAICS_graph-copy-1.jpg MOSAICS Industry Day - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5a94b67ff93fd440f0516297/1625139631642-DFAZU4P3DWUG1KBH186R/MOSAICS-LOGO-1.jpg MOSAICS Industry Day - Make it stand out Whatever it is, the way you tell your story online can make all the difference.