WACREN CONFERENCE 2018 Togo, Lomè

CYBERSECURITY AS A SERVICE: THE POC TOOL/PLATFORM FOR DESIGN AND IMPLEMENTATION

E L I SA B E T TA Z UA N E L L I

U N I V E RS I T Y O F RO M E “ TO R V E RG ATA”

P R ES I D E N T O F C R ES EC ( W W W.C R ES EC .CO M )

The state of the art  Theoverwhelmingincreaseofcybera-acksinallfieldsofInternetinterac6ons:cloud,ecommerce,IoT,searchengines,appsformobile,etc.

 Amongotherdomains,agrowthof138%inthedomainofonlineresearchandeduca6oninthefirstsemester2017.

ZUANELLIWACREN2018 2

Cybersecurity as a service: a framework  Aframeworkfortheinterpreta6onoftheglobalcybersecuritychallengesdealingwithvulnerabili6esandthreats,ononeside.

 Ontheother,thedefini8onofpropertoolsforpreven8on,detec8onandresilia8onofcyberaOacksbydefininganewapproachtocybersecurity.

 Cybersecurity as a service is here meant as amul8faceted protec8ondesigninthetechnologicalapproachanddevelopmentofonlineservicesinthecyberspacecontext.

ZUANELLIWACREN2018 3

The approach

 Cybersecurity as a service asks for a brand new design andimplementa8on of Internet infrastructures and services to berequiredof vendorsonone side forasset technologies supplied toclients.On the other, cybersecurity as a service implies the capability ofcompanies and ins8tu8ons to manage cyber risks and performassessment and evalua8on according to structured analy8csparametersthatcanmanageconspicuousamountsofdata.

ZUANELLIWACREN2018 4

The content parameters

 Typological lists of cybersecurity variables such as domains ofaOacks,mechanismsofaOack,incidentslists,etc.

 Cybersecurity analy8cs tools such as cybersecurity domainontologies and pragma6c domain plaTorms capable of control oftechnologicalassets,vulnerabili6es,threats,events,incidents,etc.

ZUANELLIWACREN2018 5

A cybersecurity Wacren project

An ASREN/WACREN knowledge cybersecurity pla]orm a synthesis of the state of the art in cybersecurity as a structured data base for collabora^on and

interpreta^on

Ø vendors(cybersecuritybydesigninthedevelopmentofdevices):i.e.OOSS,programs,applica8onsindifferentdomains:i.e.cloud,IoT,plaForms,mobileappsØ IXP,DNS,Routers,etc.;Ø cybersecurityan8malwaresuppliers/vendors:i.e.Kaspersky,Symantec,etc.;Ø cybersecurityassessmentforanalystscompanies(SIEMSOC,Csirts,etc.); andØ asharedontologyofcybersecurityasaserviceimplyingseman8ccontrolledvocabularies,listsandenumera8onsofconceptualen88esofthephenomena,etc.;Ø thesharingknowledgeandautoma8ontoolsforbigdataanaly8csasprovidedbyAIandmachinelearning;

ZUANELLIWACREN2018 6

cybersecurity as a service

predic8veanalysis

tools design

taxonomies/classifica8ons/ontologies

domainontology pragma6contology

threats/vulnerabili8es

aOacks/incidents bigdataanaly6cs/AI

knowledgerepositories

opera6onalexchangetools cybersecuritylists

riskassessmentan8malwareremedia8on

InternetinfrastructureDNS/IXP/Apps

productsservices

designtools

preven6ondetec6onresilia6on

ZUANELLIWACREN2018 7

Cybersecurity ontology: Big data and AI technologies

 “Middle-out”approach:boOom-upandtop-downsources,par6allyusedandfunc6onallyredefinedbythemodelandthetechnologicaldevelopment

 Upperontologyandmid-levelontologyunderlyingthecybersecurityontologyasdomainontology

 Func6onal/pragma6contologyasrelateddevelopmentofthecybersecuritydomain

ZUANELLIWACREN2018 8

ZUANELLIWACREN2018 9

CVE (SR-13/03/2018)/MITRE

 )Incident TXT HTML XML

CVE-2018-7580 Name:CVE-2018-7580Status:CandidateURL:hOp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7580Phase:Assigned(20180301)Category:**RESERVED**Thiscandidatehasbeenreservedbyanorganiza6onorindividualthatwilluseitwhenannouncinganewsecurityproblem.Whenthecandidatehasbeenpublicized,thedetailsforthiscandidatewillbeprovided.CurrentVotes:None(candidatenotyetproposed)

<fontsize=+2><b>Name:CVE-2018-7580</b></font><p><p><b>Descrip6on:</b><br>**RESERVED**Thiscandidatehasbeenreservedbyanorganiza6onorindividualthatwilluseitwhenannouncinganewsecurityproblem.Whenthecandidatehasbeenpublicized,thedetailsforthiscandidatewillbeprovided.<p><b>Status:</b>Candidate<br><b>Phase:</b>Assigned(20180301)<br><p><b>Votes:</b><pre></pre>

<itemseq="2018-7580"name="CVE-2018-7580"type="CAN"><status>Candidate</status><phasedate="20180301">Assigned</phase><desc>**RESERVED**Thiscandidatehasbeenreservedbyanorganiza6onorindividualthatwilluseitwhenannouncinganewsecurityproblem.Whenthecandidatehasbeenpublicized,thedetailsforthiscandidatewillbeprovided.</desc><refs></refs><votes></votes><comments></comments></item>

CVE-2018-7581 Name:CVE-2018-7581Status:CandidateURL:hOp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7581Phase:Assigned(20180301)Category:**RESERVED**Thiscandidatehasbeenreservedbyanorganiza6onorindividualthatwilluseitwhenannouncinganewsecurityproblem.Whenthecandidatehasbeenpublicized,thedetailsforthiscandidatewillbeprovided.CurrentVotes:None(candidatenotyetproposed)

<fontsize=+2><b>Name:CVE-2018-7581</b></font><p><p><b>Descrip6on:</b><br>**RESERVED**Thiscandidatehasbeenreservedbyanorganiza6onorindividualthatwilluseitwhenannouncinganewsecurityproblem.Whenthecandidatehasbeenpublicized,thedetailsforthiscandidatewillbeprovided.<p><b>Status:</b>Candidate<br><b>Phase:</b>Assigned(20180301)<br><p><b>Votes:</b><pre></pre>

<itemseq="2018-7581"name="CVE-2018-7581"type="CAN"><status>Candidate</status><phasedate="20180301">Assigned</phase><desc>\ProgramData\WebLogExpert\WebServer\WebServer.cfginWebLogExpertWebServerEnterprise9.4hasweakpermissions(BUILTIN\Users:(ID)C),whichallowslocaluserstosetacleartextpasswordandloginasadmin.</desc><refs><refurl="hOps://www.exploit-db.com/exploits/44270/"source="EXPLOIT-DB">44270</ref><refurl="hOp://hyp3rlinx.altervista.org/advisories/WEBLOG-EXPERT-WEB-SERVER-ENTERPRISE-v9.4-AUTHENTICATION-BYPASS.txt"source="MISC">hOp://hyp3rlinx.altervista.org/advisories/WEBLOG-EXPERT-WEB-SERVER-ENTERPRISE-v9.4-AUTHENTICATION-BYPASS.txt</ref><refurl="hOp://packetstormsecurity.com/files/146697/WebLog-Expert-Web-Server-Enterprise-9.4-Weak-Permissions.html"source="MISC">hOp://packetstormsecurity.com/files/146697/WebLog-Expert-Web-Server-Enterprise-9.4-Weak-Permissions.html</ref></refs><votes></votes><comments></comments></item>

ZUANELLIWACREN2018 10

The Pragmema cybersecurity ontology: POC

Ø theunivocalapplica8onoftherepresenta6onconcepts,en66esandrela6onsasconceivedinupperandmid-levelontologyØ cons8tuents:cybersecuritydomainontology,cybersecuritypragma6contology,cybersecurityknowledge,seman6cvocabularyØ differentlevelen88es,seman8candpragma8crela8ons

ZUANELLIWACREN2018 11

ZUANELLIWACREN2018 12

The logical seman^c rela^ons network: cybersecurity domain ontology and pragma^c ontology

ZUANELLIWACREN2018 13

The POC PLATFORM: a cybersecurity ontology for big data analy^cs and services

ZUANELLIWACREN2018 14

The integra^on of knowledge and applica^ons in the cybersecurity domain

 Cybersecurityasaservice

 Alongwaytogo…

ZUANELLIWACREN2018 15