Professional Documents
Culture Documents
ZeroDayNetDefense
RonaldNielson
TechnicalDirector
SHARKSEER
CORRELATION ShellCode
File
Obfuscation
IPAddress
Port/Protocol
URL
FileMismatch
C2 CodeInjection
Session SleepCall
SQLInjection
SHARKSEER Zero Day Net
Defense
PROBLEM
Adversaries Attempt to
Current defenses rely heavily on
Send Malicious Content
signature-based tools Across Internet
Signatures are generated after
threat is identified
DAT files are updated manually
taking weeks or months
If/When An Adversary
Penetrates A Gateway(s),
Prevent Outbound Callbacks
And/Or Exfiltration
Targeting All
Shared
Domains
Inbound Malicious
Global Threat Data
Traffic At The
Cross Domains
Gateways,
Components, Host
SHARKSEER
Operational Space
LoadBalancedTraffic
IAP Vendor 2
Sandbox
WP
GTI
IA Sensor
DataPlane
DPI/Mitigation
Router
WCF
Storage
UPE
SIEM
TCSO
C2
Analysis
Management
Controlled
Unclassified
Infrastructure
Deep Packet Inspection Automated Automated 24/7 Ops
Rule Enforcement Analysis Triage Center
Tear-Line Reporting
UniqueIP,PIIAttribution=Yes
DeepDive,FullContentResponse Event EventResponse
Ontology(TranslationTool) Proposed
Trusted
Level 2/3 User Access/Code Submission
Guard
Solution
Top Secret
BoundaryCyberDefense
Cyber Analyst CommandandControl
GIG-Earth
Top Secret AnalysisEnvironment
Level 2/3 User Access/Code Submission SandboxingEnvironment
Secret
Cyber Analyst
METAWORKS MALWORKS
Machine
Reports Readable
GIG-Earth
Secret Data
Trusted
Level 2/3 User Access/Code Submission
Unclassified Guard
Cyber Analyst Solution
Enhanced Comprehensive
Shared National
Situational Cybersecurity
Awareness Initiative
Federal (CNCI)
(ESSA)
CIO
COCOMs
Intel
Community
Power Of Partnership
MALWORKS
CADS
Sandboxing
Trusted Trusted
U Guard S S Guard TS
Solution Solution
ATO ATO ATO