Cybersecurity R&D

Managed Security Services: Securing Cyberspace

Whether you are a government entity; a large organization with hundreds of devices, complex regulations, global partners and suppliers, and a full information security staff; or a small company looking to better manage security threats, SAIC can help you become more secure and stay secure. We provide a full portfolio of managed security services (MSS) tailored to your organizational needs.

Working with an end-user, we will develop a proactive arrangement that targets vulnerabilities, prioritizes threats, and refines security policies and processes for better visibility and control of information security risks. We help align our customer's security strategy with their business objectives to enhance performance, agility, and continuity.

Flexible Service Models

SAIC's MSS lets our clients choose an offering in one of three ways — as a completely outsourced service (from our Network Operations and Security Centers [NOSC]), as a completely in-sourced offering (with existing on-site tools and SAIC personnel), or as a hybrid combination of the two, depending on your needs.

What We Offer

We will design, implement, and manage the security systems and provide correlated event management customized to an operational business environment.

Services

Managed Firewall, Router, and VPN — SAIC monitors and manages firewalls, routers, and VPN servers in real time, providing real-time escalations on firewall traffic.

Managed IDS/IPS — Active or passive, in-line intrusion detection and prevention system (IDS/IPS) service with continuous tuning and custom rules correlated with the customer's security technologies further reduce false positives, minimizing true security escalations.

Managed Antivirus (AV) — Using signature updates on gateway solutions or with multithread security appliances, we manage and monitor AV deployments, filtering out viruses before they reach the client's network.

Managed Proxy — We monitor and manage all proxy servers 24/7.

Managed Internet Content Screening — As an add-on proxy server or as a dedicated system, we manage and monitor web access for possible human resource issues.

Enterprise Vulnerability Management (EVM) — Today, compliance and prudent risk management go deep inside networks. Our customers can leverage the leading configuration, policy, and patch management infrastructure with SAIC's 24/7 subject matter experts.

Managed HIDS/HIPS — Protection of the perimeter alone is no longer an option. Host intrusion detection and prevention system (HIDS/HIPS) agents offer an additional layer of security to protect critical servers, applications, or even desktops and to work in conjunction with EVM.

Continuous Web Application Assessment — E-commerce applications are at risk; therefore, we continually assess web applications on development or production systems for code flaws.

MSS Service Features Health and Status With Trend Monitoring — SAIC monitors our customers platforms for health and status, as well as security, and provides system performance trending data.

System Management — We include installation of security patches, hot fixes, and service packs through the native products and tools of our EVM platform. By managing backups, we help ensure that a device can be restored at all times. We review every change request for its potential impact on the customer's overall security posture. When possible, we keep previous versions of rules and policies to enable a rollback in case of problems and to allow auditors to review changes over time. As necessary, SAIC will coordinate replacement of faulty hardware and restoration of services.

Event Management — Logs and alerts generated by security devices are sent to our security information management/security event management (SIM/SEM) platform; analyzed, correlated, and classified in real time; then interpreted by SAIC security analysts to ensure client involvement is warranted. We specialize in root cause analysis and provide proactive recommendations for risk management.

Client Interaction — Each client is provided secure access to our MSS Portal "SOCkets" for ticket and request generation or for status and reporting, which includes automated instant notification for ticket creation and updates.

Defend the Company Network

TeamDefend is a new training model for defending the company network. TeamDefend helps our customer's learn to recognize and defend against cyber attacks. It is a Web-based network management tool that aids in real-time feedback and focused training. TeamDefend will simultaneously exercise our client's IT staff in an environment that emulates their corporate infrastructure to enhance a real-world training experience.

Train In-Place IT Staff

• To identify vulnerabilities and lock down systems (network, server and/or workstation) according to the organization's security policy
• To configure router policies according to the organization's security policy
• To configure and monitor host-based and network-based intrusion detection systems (ids)
• To recognize hacker/computer misuse activity
• To properly respond to hacker exploits and computer misuse activity in accordance with company directives
• To conduct forensics and collect data for prosecution SAIC's Cyber Engineering

Fight as You Train

TeamDefend is core to SAIC's cyber engineering approach.

• Conducted over 450 commercial and government penetration testing (Pen Test) vulnerability assessments
• Internal 4-day Pen Test certification curriculum includes assessment process, code of ethics and use of SAIC exploitation (Red Team) toolkit, as well as hands-on, profi ciency demonstration by successfully attacking test targets
• Up-to-date Pen Test lab that encompasses over 30 diff erent operating system versions, including MS Windows®, BSD®, Linux®, SCO®, CITRIX®, Macintosh™, Novell®, Plan 9™ and QNX®, as well as routers, switches, fi rewalls and wireless targets
• Our proprietary toolkit includes over 2000 open-source exploits and more than 20 proprietary exploits, all of which have been code-walked for trojans and tested for interoperability; plus other resources
• Initiated CyberPatriot to foster routine Cyber Defense training between Academia and State, Federal and Department of Defense organizations
• Participated in five DefCon Rootwars
• Conducted the 2003 Toorcon Rootwars Tournament

Web-Centric Geospatial Collaboration™

GeoViz is a leading-edge technology provider for geospatial collaboration. Our WebCentric GeoSpatial Collaboration tool suite is a Web-based, Service-Oriented Architecture (SOA)- enabled, Commercial Off-The-Shelf (COTS) product that offers 2-D and 3-D geospatial visualization for government and commercial customers to facilitate planning and decision making. This unique collaboration tool enables multiple users to work in the same geospatial model with an identical view. Using intuitive drawing tools, users can annotate the map with text and symbols to illustrate and convey information.

Multiple Users Can Work in the Same Geospatial Model

• Connect disparate technologies and systems through an industry-standard Web architecture
• Share data from multiple content providers including systems, sensors, simulations, instruments and other data sources within a secure environment
• Enable dynamic collaboration of geospatial data representations within a Web-centric presentation environment

Plug-In Modules Provide Additional Capabilities

GeoSpatial Collaboration Service

This service enables users to share geospatial displays instantly, with a click of the mouse. All participants in the COI instantly see the same geospatial view. Users can annotate the display using familiar drawing tools to insert arrows, boxes, spheres, polygons and lines, and to color and shade them as well. Additionally, users can drag and drop documents, imagery, video and audio files that are shared with each participant in the collaborative session. The WebCentric GeoSpatial Collaboration service is augmented with COTS instant messaging and VoIP services.

Record and Play Back

This "train-as-you-fight" module has a user-friendly, intuitive interface that enables users to record a collaborative session and then replay it for instant rehearsal and after-action review. User selection of a particular calendar date (year, month, day) will recall the stored collaborative session and present it in a graphical timeline interface. The timeline control enables run, pause, fast forward, and reverse functions, and enables users to view bookmarks and search critical events and tracks.

Commander Station

This module implements a command and control room paradigm that enables a commander to instantly see thumbnail views of all participants using the tool suite. By clicking the thumbnail, the commander can join a collaborative online session to share actionable knowledge. Options include observing participants by COI (project level), client name (who) or operational subject matter (what). The module provides time history summations for course-of-action review.

Benefits

The entire GeoViz user interface is accessable via a Web browser. Web services technologies are fully integrated in an SOA to make data visible, accessible, understandable, trusted, interoperable and responsive. The benefits of GeoViz include:

• Improved Communications: Implemented using industry-standard web services technologies, the tool enables users to collaborate with team members in real-time with Voice-over-Internet Protocol (VoIP), Instant Messaging (IM) and shared maps
• Increased Productivity: Enables users to instantly view and react to results
• Enhanced Decision Making: Shares data from multiple sources providing decision quality information
• Cost-Effective: Participants can join in sessions from different locations and time zones, eliminating the need to travel

The Solution to Inadequate Real World Representation

Due to the vast array of complex technologies involved in cyberspace, compounded by the magnitude of global networks, cyber security solutions are currently developed on a limited representation of the real world. This limitation obstructs development of effective real world solutions and must be resolved to enable development of next-generation cyber security solutions. The solution to inadequate real world representation in cyber security development is modeling and simulation of cyberspace.

Virtually Replicate the Real World Cyberspace Environment

SAIC is pursuing advanced modeling and simulation solutions to virtually replicate the extremely complex real world cyberspace environment. This environment includes high-fidelity simulation of networks, from the emulation of network protocols, to the physics of indoor and outdoor wireless network transmission in urban areas.

Additionally, high-fidelity simulation of systems, networked devices, network users, and network attackers are included. As elements of the high-fidelity simulation environment are computationally intensive, the latest acceleration technologies are being leveraged.

Timely Analysis and Testing of Next-Generation Cybersecurity Solutions

Cyberspace simulation provides a real world environment for timely analysis, development, and testing of next-generation cyber security solutions. The flexibility of simulation provides a feasible solution to keep up with the ever-changing cyber environment through simulation of new technologies.

Enables Development of Next-Generation Urban Capabilities

Additionally, cyberspace simulation provides an essential element for advanced cyber operational capabilities provided by intelligent cyber systems that must reliably estimate cyber effects for coarse-of-action analysis, mission planning and rehearsal, network vulnerability testing, and autonomous task generation. The high-fidelity simulation of indoor and outdoor urban area wireless environments is a critical cyber representational element that also enables development of next-generation urban capabilities such as geolocation of transmitters and optimal sensor placement.

IPv6 Network Security: Securing Cyberspace

Hackers never sleep. They dedicate immeasurable hours to cracking today's Internet Protocol (IP) networks, and they are furiously working on ways to infiltrate the next-generation Internet. To counter that threat, SAIC is developing tools to help our customers design, implement and secure their IP version 6 (IPv6) enterprise architectures.

Honing Next-Generation Expertise

Through our efforts in IPv6 Network Security, we are establishing our credentials in next-generation network and platform security. We are developing an intrusion detection system (IDS) that addresses IPv6 vulnerabilities, and creating penetration tools to discover unknown weaknesses.

SAIC is developing:

A Security Technical Implementation Guide (STIG) with level-of-assurance options

IPv6-specific certification and accreditation (C&A) procedures

Training materials to extend our expertise throughout SAIC Information Technology and Security Centers of Excellence

New Tools to Help Protect IPv6 Networks

SAIC is creating new tools that will help our customers protect their IPv6 networks. These include:

Ultra6 Configuration Settings

Our new Ultra6 is a collection of IPv6-specific security architecture/configuration settings. Based on the SAIC-developed Threat Matrix and STIG, the Ultra6 settings help maximize the level of assurance for IPv6-capable systems. We have applied these hardening techniques across 15 IPv6 security applications, including operating systems and services, to help protect against known weaknesses in the IPv6 protocol and vendor implementation flaws.

6AM Attack Monitor

Our IPv6 attack monitor, known as 6AM, helps address a significant vulnerability that exists in IPv6 security. 6AM is designed to recognize and alert network administrators to attacks against IPv6 Neighbor and Router discovery protocols allowing unauthorized control of a system by a hacker. 6AM also helps provide the capability to neutralize those attacks.

The VIRAZ-6-Powered Fuzzing Engine

Our VIRAZ-6 algorithm is an attack tool that helps reveal IPv6 potential vendorimplemented flaws. Using fuzzing technology, VIRAZ-6 helps generate extension header permutations that pose a threat to a device’s internal packet processing, helping to enable more rigorous vulnerability testing in less time.

By devoting resources to IPv6 research before its widespread implementation, SAIC can be better able to help customers deploy and protect their mission-critical enterprise networks.