25-50253_OT-Cybersecurity-Capabilities-Catalog_R10

b'0 1 1 0 0 1 1 0 0 1 0 0 1 1 0 0 0 0 1 1 0 0 0 0 1 0 0 1 1 0 1 0 0 0 0 1 1 0 0 1 1 0 1 0 0 0 0 1 1 0 1 0 0 1 1 0 00 1 0 0 1 1 0 0 0 1 0 1 1 0 1 1 0 0 0 1 1 0 1 0 1 1 0 0 1 0 1 1 0 0 1 0 0 1 1 0 0 1 1 0 1 0 0 0 0 1 1 0 0 1 1 0 1 0 01 0 1 0 1 0 0 0 1 0 1 1 0 1 0 1 1 0 1 0 0 0 0 1 1 1 0 0 0 1 1 0 0 1 1 0 1 0 0 1 1 0 0 1 0 1 1 0 0 1 0 0 1 1 0 1 1 0 00 0 0 1 0 0 1 1 0 1 1 0 1 0 0 0 1 1 0 0 0 1 1 0 0 1 1 0 1 0 0 1 1 1 0 0 0 1 1 0 0 1 1 0 1 0 0 1 1 0 1 0 0 0 0 1 1 0 01 0 1 1 0 0 0 1 0 1 1 0 1 1 0 0 0 0 1 0 1 I N T E L L I G E N C E 1 1 0 1 0 1 1 0 0 0 1 0 1 1 0 M A C H I N E 0 1 0 11 0 1 0 1 0 0 0 1 L 0 1 0 1 1 0 1 0 0 0 1 1 0 0 1 1 0 0 D E F E N S E 0 1 1 1 1 0 1 0 0 0 L E A R N I N G 1 1 0 1 00 1 1 0 0 1 1 0 0 0 0 1 1 0 0 1 R E S I L I E N C E 1 0 1 0 0 0 0 1 1 1 0 0 0 1 1 0 0 1 1 0 1 0 1 1 0 1 0 0 0 1 1 0 0 10 1 1 0 0 1 C Y B E R S E C U R I T Y 1 1 0 0 1 1 0 1 0 0 0 0 1 1 0 0 1 S A F E T Y 1 1 0 1 0 0 1 1 0 0 1 1 0 1 00 1 1 0 0 1 1 0 0 1 0 2 0 HUNT AND1 0 0 0 0 1 1 0 0 1 1 0 1 0 0 0 0 1 1 0 1 0 0 1 1 0 0 0 00 1 1 0 0 0 1 1 0 0 0 0 1 0 0 1 1 00 1 0 0 1 1 0 0 0 1 0 1 1 0 1 1 0 0 0 1 1 0 1 0 1 1 0 0 1 0 1 1 0 0 1 0 0 1 1 0 0 1 1 0 1 0 0 0 0 1 1 0 0 1 1 0 11 0 1 0 1 0 0 0 1 0 1 1 0 1 0 1 INCIDENT RESPONSE 0 0 1 0 1 1 0 0 1 0 0 1 1 0 1 1 0 01 0 1 0 0 0 0 1 1 1 0 0 0 1 1 0 0 1 1 0 1 0 0 1 10 0 0 1 0 0 1 1 0 1 1 0 1 0 0 0 1 1 0 0 0 1 1 0 0 1 1 0 1 0 0 1 1 1 0 0 0 1 1 0 0 1 1 0 1 0 0 1 1 0 1 0 0 0 0 1 1 0 0OT hunt and incident response involves both host and network forensic activities to identify and trackthreats against critical infrastructure. OT networks instrumentation, OT host memory and disk driveanalysis, and user behavior pattern analysis allows INL experts to root out threats against the nationscritical infrastructure and provides methodological guidance to harden each OT environment. Host and network instrumentation and forensic analysisCyber incident response and threat hunting uses includes monitoring and analyzing data from computer systemsintelligence from adversary tactics, techniques and procedures and OT networks to detect and investigate security incidents. against critical infrastructure to perform hypotheses-based threat hunting and incident response through network OT targeted malware reverse engineering deconstructstraffic and host forensics. Instruments are deployed to and analyzes malware designed to attack OT systems toOT partner sites to perform forensic analysis and guide understand its behavior and develop countermeasures. them in what is being observed in their environment.Advanced detection techniques and machine learningOT protocol analysis and deep packet inspection for OT network traffic analysis involves using sophisticatedinvolves developing OT protocol parsers through algorithms and machine learning methods to identifyeither reverse engineering or translating protocol anomalies and threats within OT network traffic. specifications. These are employed to critical infrastructure locations that rely on these parsers to determine Cyber incident response planning and preparednesswhat is occurring within their environment.uses the techniques built during incident response and hunt engagements throughout the last 15-plus years to provide guidance and planning techniques to help partners harden their environments and prepare for potential breaches. Malcolm is a hunt and incident response tool that analyzes OT traffic as it flows throughout a network. R E L A T E DMalcolm This tool suite is open source and released to the I N L T O O L S public to assist the community in further securing their infrastructure and assist incident response teams when arriving with logs and artifacts.For more info, contact: [email protected] Capabilities Catalog'