Intelligence agencies and research groups are investing a significant effort in order to develop methods that could allow to identify and mitigate malicious codes that are able to exploit zero-day vulnerabilities.
The US Government has published the slides related to the NSA SHARKSEER Program, a project that aims to detect and mitigate web-based malware Zero-Day and Advanced Persistent Threats using the COTS technology.
The approach leverages global threat knowledge to rapidly protect the targeted networks.
“Program Definition: Detects and mitigates web-based malware Zero-Day and Advanced Persistent Threats using COTS technology by leveraging, dynamically producing, and enhancing global threat knowledge to rapidly protect the networks.” states the description provided for the NSA SHARKSEER Program.
The goals of the SHARKSEER program are the IAP protection and the Cyber Situational Awareness and Data Sharing, below the description provided in the slides.
The principal problem when dealing with malware detection is that current defenses rely heavily on a signature based approach, this means that it is possible to analyze the threat only after its detection. Another problem highlighted by the experts participating to the SHARKSEER is that DAT files are usually updated manually taking weeks or months.
The NSA SHARKSEER provided an Automated Community Cyber Analysis Environment that will allow the production of Alerts, Reports and Machine Redeable Data that could be managed by Top Secret Cyber Analyst such as Unclassified Cyber Analysts.
The NSA SHARKSEE program was mentioned for the first time last year, when highlights from the Senate Armed Services Committee’s new defense policy bill reported that lawmakers would like assign $30 million to a National Security Agency cyber security program called Sharkseer.
“Provides $30 million to the National Security Agency for deployment of advanced commercial cybersecurity products to defend Department of Defense networks from previously unknown threats under the Sharkseer program.” reported a document issued by the SENATE COMMITTEE ON ARMED SERVICES.
(Security Affairs – SHARKSEER NSA Program , cyber security)