Skip to main content
Documents

The Tale of Two Sources

Feb. 22, 2017

1/43
Download
Page 1 from The Tale of Two Sources
- -15 ?6 URCES NDIST TWO Derived From: 1-52 Dated: 20070108 Declassify On
- -15 ?6 URCES NDIST TWO Derived From: 1-52 Dated: 20070108 Declassify On
Page 2 from The Tale of Two Sources
Rugby World Cup 2011. For the first time, we are all in it. Last winners: South Africa. (they beat England). Starts 10th September in New Zealand.
Rugby World Cup 2011. For the first time, we are all in it. Last winners: South Africa. (they beat England). Starts 10th September in New Zealand.
Page 3 from The Tale of Two Sources
A Guide to Rugby. This is a rugby ball. Note it looks a bit like American Football
A Guide to Rugby. This is a rugby ball. Note it looks a bit like American Football
Page 4 from The Tale of Two Sources
The Kit.. Protection is allowed. Weaponry isn?t!
The Kit.. Protection is allowed. Weaponry isn?t!
Page 5 from The Tale of Two Sources
om?m 6:..3coxK . .olt ifkmf
om?m 6:..3coxK . .olt ifkmf
Page 6 from The Tale of Two Sources
It?s a game for all 1 H1.-
It?s a game for all 1 H1.-
Page 7 from The Tale of Two Sources
Business isn?t usual! Unlike our agencies, the NZ?ers aren?t small. . And the Australians are successful 50% of the time! And the Chinese are not a threat.
Business isn?t usual! Unlike our agencies, the NZ?ers aren?t small. . And the Australians are successful 50% of the time! And the Chinese are not a threat.
Page 8 from The Tale of Two Sources
The Goal Modus Operandi Tracking/Discovery Maturity Threat Tracking
The Goal Modus Operandi Tracking/Discovery Maturity Threat Tracking
Page 9 from The Tale of Two Sources
The Asymmetr' Attacker Kill-Chain Recon Weaponised Delivery Exploitation Installation Command Control Actions on Objectives Attackers have to get everything right. Henge Victims only have to get it wrong once.
The Asymmetr' Attacker Kill-Chain Recon Weaponised Delivery Exploitation Installation Command Control Actions on Objectives Attackers have to get everything right. Henge Victims only have to get it wrong once.
Page 10 from The Tale of Two Sources
May 2010 At the turn of the new Financial Year we had: Signature HITCH
May 2010 At the turn of the new Financial Year we had: Signature HITCH
Page 11 from The Tale of Two Sources
Sigint Story Mid Started at 13 109 Bearers Presently at 180 x109 Bearers From 1000 Signatures To 2500 Signatures
Sigint Story Mid Started at 13 109 Bearers Presently at 180 x109 Bearers From 1000 Signatures To 2500 Signatures
Page 12 from The Tale of Two Sources
Challenges ahead Good collection, poor analytics. <9 Focused on tracking. No status visualisation for end2end System.
Challenges ahead Good collection, poor analytics. <9 Focused on tracking. No status visualisation for end2end System.
Page 13 from The Tale of Two Sources
What about the Sigint Collection? Event nt'
What about the Sigint Collection? Event nt'
Page 14 from The Tale of Two Sources
What is the state of collection?zvemn. Signature S?mmne
What is the state of collection?zvemn. Signature S?mmne
Page 15 from The Tale of Two Sources
TOP TO USA, AUS, CAN, GBR, NZL nt Knowl Events edge vu? vi b??ruo .. .. .07USA, AUS, CAN, GBR, NZL
TOP TO USA, AUS, CAN, GBR, NZL nt Knowl Events edge vu? vi b??ruo .. .. .07USA, AUS, CAN, GBR, NZL
Page 16 from The Tale of Two Sources
FRACTAL JOKER - Benefitsemm. Wide Vision Sigint (TM, PPF, Blackhole, and XKS statistics) and IA Sources (GORDIAN KNOT and SPAY) <9 Simple to use Everything in it is a statistic! First of it?s kind Simplifying PTC-world and enabling understanding.
FRACTAL JOKER - Benefitsemm. Wide Vision Sigint (TM, PPF, Blackhole, and XKS statistics) and IA Sources (GORDIAN KNOT and SPAY) <9 Simple to use Everything in it is a statistic! First of it?s kind Simplifying PTC-world and enabling understanding.
Page 17 from The Tale of Two Sources
nt nom? edge Discovery Prototypes
nt nom? edge Discovery Prototypes
Page 18 from The Tale of Two Sources
Near Space Uplift. Signature anrane 4 GO RDIAN KNOT BUTTERFLY PAY
Near Space Uplift. Signature anrane 4 GO RDIAN KNOT BUTTERFLY PAY
Page 19 from The Tale of Two Sources
Gordian Knot More . 6 Full Take, GSI Logs, Local Input Sensors, and SPAY Faster - Improvements to Snort. . Database improvements for Analysis. Safer . Better Visualisation, Links to XKS. Better 0 Accredited. Linked to FRACTAL JOKER
Gordian Knot More . 6 Full Take, GSI Logs, Local Input Sensors, and SPAY Faster - Improvements to Snort. . Database improvements for Analysis. Safer . Better Visualisation, Links to XKS. Better 0 Accredited. Linked to FRACTAL JOKER
Page 20 from The Tale of Two Sources
SPAY Far Mid hrs"; I ls efe Ge CO ntra to} I?ll:: \Ll'cst': . After OP WAFTER 0 Local ?Near? sensors to be deployed. 0 Locations at UNCLASSIFIED.
SPAY Far Mid hrs"; I ls efe Ge CO ntra to} I?ll:: \Ll'cst': . After OP WAFTER 0 Local ?Near? sensors to be deployed. 0 Locations at UNCLASSIFIED.
Page 21 from The Tale of Two Sources
IA XKS Far Mid GORDIAN KNOT SPAY into XKS. <9 Different Legal Framework. Standard Search Plugins.
IA XKS Far Mid GORDIAN KNOT SPAY into XKS. <9 Different Legal Framework. Standard Search Plugins.
Page 22 from The Tale of Two Sources
Gateways Open Source Crimson Crimson GCNET GCNET Crimson Open Source (SHORTFALL)
Gateways Open Source Crimson Crimson GCNET GCNET Crimson Open Source (SHORTFALL)
Page 23 from The Tale of Two Sources
Knowledge Base Hunt Even. Challenge of finding a Cyber TKB. What are we after? 0 What is out there? 0 Can we do it quickly? Some basic requirements existedknowledge? 0 Do I know where it came from? 0 Can I represent it? And then analyse it?
Knowledge Base Hunt Even. Challenge of finding a Cyber TKB. What are we after? 0 What is out there? 0 Can we do it quickly? Some basic requirements existedknowledge? 0 Do I know where it came from? 0 Can I represent it? And then analyse it?
Page 24 from The Tale of Two Sources
Knowledge Base Hunt Even. TCP conducted a review of 14 different systems that might work. We visited 5 and tested offsite. We did the same test against BroadOak too. Dem? TCP
Knowledge Base Hunt Even. TCP conducted a review of 14 different systems that might work. We visited 5 and tested offsite. We did the same test against BroadOak too. Dem? TCP
Page 25 from The Tale of Two Sources
nt I tS . We learnt that there is no such thing as a TKB on the market (inside and outside). We then decided to try something new. Ed raldl ILII
nt I tS . We learnt that there is no such thing as a TKB on the market (inside and outside). We then decided to try something new. Ed raldl ILII
Page 26 from The Tale of Two Sources
So WHO are Palantir? Eve Palantir was comes from the team that made PayPal and was supported by ln-Q-Tel (CIA Financial Wing) Palantir was built throu iterative collaboration between alantir computer scientists and from various intelligence agencies over the course of nearly three years, through pilots facilitated by ln- 0- Tel Palantir allows human to quickly explore data from many sources in conceptual ways
So WHO are Palantir? Eve Palantir was comes from the team that made PayPal and was supported by ln-Q-Tel (CIA Financial Wing) Palantir was built throu iterative collaboration between alantir computer scientists and from various intelligence agencies over the course of nearly three years, through pilots facilitated by ln- 0- Tel Palantir allows human to quickly explore data from many sources in conceptual ways
Page 27 from The Tale of Two Sources
Normal Analyst Workflow Eve 9 This is our usual model. Access gets us Data. We do Analytics on that Data. Target Knowledge is the result. Each is done in it?s own tool, not brought together.
Normal Analyst Workflow Eve 9 This is our usual model. Access gets us Data. We do Analytics on that Data. Target Knowledge is the result. Each is done in it?s own tool, not brought together.
Page 28 from The Tale of Two Sources
Why is Palantir different? Eve This is the Palantir Model. Data can come from anywhere, asked whatever the analyst wants, and it will enrich from the sum of the Target Knowledge Palantir itself.
Why is Palantir different? Eve This is the Palantir Model. Data can come from anywhere, asked whatever the analyst wants, and it will enrich from the sum of the Target Knowledge Palantir itself.
Page 29 from The Tale of Two Sources
TOP TO USA, AUS, CAN, GBR, NZL TOP TO USA, AUS, CAN, GBR, NZL I
TOP TO USA, AUS, CAN, GBR, NZL TOP TO USA, AUS, CAN, GBR, NZL I
Page 30 from The Tale of Two Sources
TOP TO USA, AUS, CAN, GBR, NZL aw ?1 JMIMM an!) 0-USA, AUS, CAN, GBR, NZL
TOP TO USA, AUS, CAN, GBR, NZL aw ?1 JMIMM an!) 0-USA, AUS, CAN, GBR, NZL
Page 31 from The Tale of Two Sources
MUGSHOT Integration [Hum ?nu-.0 Mn 'u ?sure; f'OJtu anus? "nan; Mum nun-J f'nul unnw sun" ?nu. ?ltl.7.'d E'n1'c 11:31). ?nan - \l Iv, FOXTRAIL enrichment Out-ho. - u. . d-v?n-o 'iv
MUGSHOT Integration [Hum ?nu-.0 Mn 'u ?sure; f'OJtu anus? "nan; Mum nun-J f'nul unnw sun" ?nu. ?ltl.7.'d E'n1'c 11:31). ?nan - \l Iv, FOXTRAIL enrichment Out-ho. - u. . d-v?n-o 'iv
Page 32 from The Tale of Two Sources
TOP TO USA, AUS, CAN, GBR, NZL V?s. TOP TO USA, AUS, CAN, GBR, NZL
TOP TO USA, AUS, CAN, GBR, NZL V?s. TOP TO USA, AUS, CAN, GBR, NZL
Page 33 from The Tale of Two Sources
TOP TO USA, AUS, CAN, GBR, NZL TOP TO USA, AUS, CAN, GBR, NZL I
TOP TO USA, AUS, CAN, GBR, NZL TOP TO USA, AUS, CAN, GBR, NZL I
Page 34 from The Tale of Two Sources
Palantir - Benefits. Eve Faster Analytics- Eorime team can find ORBs faster, just by ingesting files. Target Knowledge Storage Fanner have already run OP DEVICE on it. The sharing of ?knowledge? got results. Easy Development ?A ready 3 helpers not steered by NDIST. GLOBAL TAPIR.
Palantir - Benefits. Eve Faster Analytics- Eorime team can find ORBs faster, just by ingesting files. Target Knowledge Storage Fanner have already run OP DEVICE on it. The sharing of ?knowledge? got results. Easy Development ?A ready 3 helpers not steered by NDIST. GLOBAL TAPIR.
Page 35 from The Tale of Two Sources
Comments from Eve?
Comments from Eve?
Page 36 from The Tale of Two Sources
Where does it sit? Signature S?mrane
Where does it sit? Signature S?mrane
Page 37 from The Tale of Two Sources
cm? >Cm. Own. . . . mmowmdimr cm? >Cm_ 0mm.
cm? >Cm. Own. . . . mmowmdimr cm? >Cm_ 0mm.
Page 38 from The Tale of Two Sources
The Goal. End to End tracing. From Warrant to Signature; Signature to Events/Content; to End Product or But also do the reverse! From Vulnerability to Malware, from Malware to Actor, from Actor to Modus Operandi.
The Goal. End to End tracing. From Warrant to Signature; Signature to Events/Content; to End Product or But also do the reverse! From Vulnerability to Malware, from Malware to Actor, from Actor to Modus Operandi.
Page 39 from The Tale of Two Sources
Status an t'
Status an t'
Page 40 from The Tale of Two Sources
Unexpected Benefits Eve 6) Nexus Peering We can link our Palantir, to the BSD version, or maybe Special Forces? Interacts with anything! DISTILLERY, Hadoop, Google Earth (Incl. DSLive!) Security Model is core to the system Exploit system, enabling Prototypes! Legal Audit/Training/CapDev is easier You can even use it on a iphone or laptop
Unexpected Benefits Eve 6) Nexus Peering We can link our Palantir, to the BSD version, or maybe Special Forces? Interacts with anything! DISTILLERY, Hadoop, Google Earth (Incl. DSLive!) Security Model is core to the system Exploit system, enabling Prototypes! Legal Audit/Training/CapDev is easier You can even use it on a iphone or laptop
Page 41 from The Tale of Two Sources
Potential Downsides Eve Looks Expensive! Well not really. That depends on your Data size, not users. Development Servers are free. Live isn?t as expensive as expected Is it scalable? Well seems to work for us, have much bigger implementations. <9 What can?t it do? Well it isn?t perfect! However we ask, Palantir answer.
Potential Downsides Eve Looks Expensive! Well not really. That depends on your Data size, not users. Development Servers are free. Live isn?t as expensive as expected Is it scalable? Well seems to work for us, have much bigger implementations. <9 What can?t it do? Well it isn?t perfect! However we ask, Palantir answer.
Page 42 from The Tale of Two Sources
What is next? Standard Targeting/Testing system Evolved Targeting. ar Cloud Analytics. Discovery Behavioural Analysis Active Defence options Mid Data Acquisition (Open Source?). Near More SPAY deployments Optimising of GK More advanced heuristics.
What is next? Standard Targeting/Testing system Evolved Targeting. ar Cloud Analytics. Discovery Behavioural Analysis Active Defence options Mid Data Acquisition (Open Source?). Near More SPAY deployments Optimising of GK More advanced heuristics.
Page 43 from The Tale of Two Sources