Wave Systems Corp. (fka WAVXQ)

[Genz2]

First framework to score the agility of cyber attackers and defenders

https://www.helpnetsecurity.com/2019/06/12/framework-agility-cyber-attackers-and-defenders/

To help train government and industry organizations on how to prevent cyberattacks, as part of a research project for the U.S. Army, scientists at The University of Texas at San Antonio, developed the first framework to score the agility of cyber attackers and defenders.

“The DOD and U.S. Army recognize that the cyber domain is as important a battlefront as ground, air and sea,” said Dr. Purush Iyer, division chief, network sciences at Army Research Office, an element of the Army Futures Command’s Army Research Laboratory. “Being able to predict what the adversaries will likely do provides opportunities to protect and to launch countermeasures. This work is a testament to successful collaboration between academia and government.”

The framework developed by the researchers will help government and industry organizations visualize how well they out-maneuver attacks.

The importance of cyber agility

“Cyber agility isn’t just about patching a security hole, it’s about understanding what happens over time. Sometimes when you protect one vulnerability, you expose yourself to 10 others,” said Jose Mireles, who works for the DOD and co-developed this first-known framework as part of his UTSA master’s thesis.

“In car crashes, we understand how to test for safety using the rules of physics. It is much harder to quantify cybersecurity because scientists have yet to figure out what are the ‘rules of cybersecurity.’ Having formal metrics and measurement to understand the attacks that occur will benefit a wide range of cyber professionals.”

Developing quantifiable metrics

To develop quantifiable metrics, Mireles collaborated with a fellow UTSA student Eric Ficke, researchers at Virginia Tech, and a researcher at CCDC ARL and the U.S. Air Force Research Laboratory.

The project under the supervision of UTSA Professor Shouhuai Xu, who serves as the director of the UTSA Laboratory for Cybersecurity Dynamics. Together, they used a honeypota computer system that lures real cyber-attacksto attract and analyze malicious traffic according to time and effectiveness. As both attackers and defenders created new techniques, the researchers were able to better understand how a series of engagements transformed into a new adaptive and responsive agile pattern or what they called an evolution generation.

“The cyber agility framework is the first of its kind and allows cyber defenders to test out numerous and varied responses to an attack,” Xu said. “This is an outstanding piece of work as it will shape the investigation and practice of cyber agility for the many years to come.”

Mireles added, “A picture or graph in this case is really worth more than 1,000 words. Using our framework, security professionals will recognize if they’re getting beaten or doing a good job against an attacker.”
==================================================================
With Wave ERAS and Wave VSC 2.0, the DOD wouldn't have to test the attackers agility, they'd keep them off the network. It's a better defense so they don't have to launch 'countermeasures'!! Using Wave solutions would be more successful than having to try to figure out the enemy, they'd be able to keep them off the network (as an unknown and unapproved device)!! Wave should have a salesperson like Bill Solms to enhance the way of thinking of the DOD and Army on this very effective technology below so they could have a better defense!! Is the contents of this article and the status quo truly going to help create a great cyber defense like Wave solutions could?!
=================================================================
https://www.wavesys.com/products/embassy%C2%AE-remote-administration-server-tpm-management

Excerpts:

Secure device & user authentication

Sometimes it feels like security is more effective at deterring your users than hackers. But you still have to protect your enterprise resources, and we’re here to help. We take pride in securing your network, data, and resources to an unprecedented level, without causing a revolt from either IT or your users. In fact, your users probably won’t even know we’re there.

Here’s how it works:

Trusted Platform Module (TPM) + Wave’s ERAS for TPM Management = hardware-secured, fully-managed authentication

Most of your devices already come with TPMs (check out our “What is a TPM?” brochure if you’re not sure why this is exciting). This security chip comes attached to the motherboard of most enterprise-class PCs. There’s nothing “add-on” about it. The TPM provides a verifiable, unique identity for each machine.

Wave’s ERAS for TPM Management gives IT remote, centralized management of all TPMs on enterprise computers and tablets.

With this control, IT can set policies and dictate which machines and users have authority to access which resources. IT can ensure that only known and approved devices are accessing your network. And what’s more, IT can prove it with detailed activity logs.
==================================================================
https://www.wavesys.com/products/wave-virtual-smart-card

https://www.wavesys.com/contact-information