Booz Allen offers a variety of products and services to strengthen the security of your cyber operations, from detecting adversaries to creating mitigation strategies.
Booz Allen Adversary Pursuit – Operational and Tactical Intelligence Reporting Feed
The Adversary Pursuit group is a team of world-class malware and intrusion analysts that conducts adversary-focused research, providing discovery and defeat solutions. These analysts discover new adversary malware, then create custom anti-malware analysis and mitigation solutions. Booz Allen’s Advisory Pursuit analysts bring government expertise from intelligence and law enforcement to bear in the commercial market, combatting some of the country’s most challenging cyber adversaries.
Research that includes tracking adversarial tools, infrastructure, and tactics, techniques and procedures (TTP) allows us to deliver operational and tactical intelligence and detection logic to proactively hunt for adversaries in client networks. The results of these analyses are available on a subscription basis that includes direct access to our research team.
Common to most modern cars, trucks, and SUVs, the Controller Area Network (CAN) bus serves as a kind of vehicle central nervous system. The many instances of exploits targeting the CAN bus highlight possible vulnerabilities in the core functionality of millions of vehicles which, if exploited, could have potentially catastrophic results.
Through the combined expertise of cyber research and development efforts, hardware design and refinement teams, and Booz Allen’s Vehicle Cyber Analytics Center, we have created a low-level, real-time vehicle intrusion detection and prevention system. Called CANvert, this system specifically addresses the concerns of automotive security in everyday life. CANvert uses multiple configurable data logging and manipulation tasks alongside hardware interfaces to implement two methodologies of processing: active and passive. In doing so, CANvert provides real-time filtering for the target vehicle’s CAN bus with minimal performance impact. CANvert is United States patent pending.
SensorVision is an analytic capability that detects anomalous behavior in control system or operational technology (OT) networks by identifying threat activity. These networks are inherently vulnerable as the communication priority is on availability, not confidentiality or integrity, due to the critical nature of commands in these systems. Information security for OT networks focuses on defense-in-depth.
The monitor and respond functions are accomplished by:
- Passively monitoring protocol level data (e.g., MODBUS) in real time
- Predicting physical process values with mathematical models
- Creating network baselines
- Visualizing models, data on time axis, and recent events
The major benefits are early detection and prevention. SensorVision uses early detection to identify early cyber kill chain activity (scanning, netmapping, register reading) and thwart an adversary from progressing towards exploit development. The prevention is about identifying exploit deployment and testing prior to the full-blown exploitation.
SnapAttack is a cloud- based software solution that brings together the full security operations lifecycle by unifying threat intelligence with hacker detection. It is a purple teaming platform that combines red and blue techniques enabling security teams to emulate attacks from intelligence, share insights of malicious behavior, and develop vendor-agnostic behavioral detection analytics to stop advanced adversaries.
True-positive labeled cyber data is rare, but by unifying the security lifecycle into a single solution, SnapAttack captures the data essential to unlock artificial intelligence (AI) and machine learning (ML). Over time, SnapAttack’s AI and ML models will improve the accuracy and efficacy of detection logic, and help to identify anomalous behaviors faster. SnapAttack is United States patent pending.