Page 6 - GCN, June/July 2018
P. 6

                                [BrieFing]
  National Guard team builds open-source cyber toolkit
BY SARA FRIEDMAN
WHEN THE MISSOURI National Guard’s Cyber Team was called in to respond to security incidents, it used to take two days to collect information from compromised servers.
ability to collect information without needing administrative access to sensi- tive networks.
“If you have to run vulnerability scans or try to do things that systems aren’t designed for, those systems can crash, and it could be significant be-
Ditch and his team have added new features that make it scalable and im- prove its ability to provide analytics.
The platform is generating inter-
est from the Air Force and the Navy, which want to incorporate the solution into their cybersecurity teams. “By the
 To gain better, faster insight into at- tempted breaches and overall network health, the team built the Response Operations Collections Kit for Network Security Monitoring, a scalable and secure open-source sensor platform that automates network monitoring and makes it easier to navigate.
RockNSM combines several open- source tools in a single platform. The combination allows the Cyber Team to set up data collection for security monitoring and incident response in 20 minutes.
Part of the appeal of RockNSM is the
cause the network could stop running,” Derek Ditch, a Cyber Team member and RockNSM’s core developer, told GCN. “Using the RockNSM approach, we can plug in at the network switch or use a network tab, which provides a one-way layer that data can come into our equipment but we can’t impact the network.”
He added that using the network tab to detect malicious traffic is particular- ly important for avoiding disruptions to sensitive networks on hydroelectric dams or military aircraft and ships.
Since RockNSM launched in 2015,
nature of creating a new open-source platform, anyone has the ability to take the main project and add value for their specific missions,” Ditch said.
In the platform’s upcoming Version 3.0, the Air Force is contributing code to make RockNSM more of turnkey solution so it can be deployed faster.
“The latest version will be container- based, which allows us to scale the platform,” Ditch said. “We want to provide an environment where ana- lysts can...look at the data with the flexibility to change the visualizations to suit mission needs.” •
6 GCN JUNE/JULY 2018 • GCN.COM
 MOCYBER
   4   5   6   7   8