Reducing Bandwidth Requirements for Cybersecurity Information Exchanges

Period of Performance: 04/17/2013 - 08/16/2013

$77.1K

Phase 1 SBIR

Recipient Firm

Promia, Inc.
101 The Embarcadero, Ste 200
San Francisco, CA 94105
Principal Investigator

Abstract

The Reducing Bandwidth using a Lightweight Analytic Discovery Environment (RBLADE) research and development effort will explore techniques for improving the ability of a Cyber Incident Response Team (CIRT) Analyst to conduct full, in-place, forensic analysis of remote networks and hosts in spite of greatly reduced network bandwidth. Two complementary approaches will be explored. The first approach is to reduce the bandwidth required to transfer information already collected by CND products that are local to the incident. The RBLADE intends to accomplish this reduction by eliminating the need to transfer context information in each log message. The second approach is to develop a remote code deployment and execution infrastructure, supported by command and control messages in the RBLADE protocol, which allows detailed automated forensic analysis to be conducted local to the detailed incident data, with only summary results being returned to the CIRT Analyst.