The Teksouth Enterprise Consulting (TEC) Group

By definition, a ‘security incident’ represents a single point in time event, which may or may not have any relevant context. A security event could be a denial of service attack, a perimeter access breach, infection of a network by a specific virus like a Trojan or any number of dozens of activities deemed to be suspicious in nature. So, what do these incidents really mean? How do we determine which events or incidents are truly dangerous in nature? How do we correlate our interpretation of what they mean against the interpretations of dozens of other Cyber Security organizations who may be assessing the same or similar incidents? Well, this is exactly the challenge we’ve been handed under programs such as the Comprehensive National Cyber Security Initiative or AF Cyber. The CCS practice is Teksouth’s response to this challenge.

Patterns are context, patterns provide meaning, patterns allow for proactive, predictive CyberSecurity. Just as on the battlefield, where the actions of discrete units aggregate into coordinated maneuvers and campaigns, the actions of Cyber Terrorists or rogue nations consist of many pieces that when combined deal a synergistic blow to their intended targets. Team SRA’s industry-leading Cyber Security solution begins and ends with patterns. Until recently, the ability to operate at the “pattern-level” was severely restricted, Computer Network Defense (CND) instead focused on guarding discreet networks. When viewing the US Cyber Infrastructure today, individual networks or vulnerabilities add up to a network of networks (NoN) perspective – and threats needs to be weighed against the entire NoN.

Our CCS methodology builds upon defined threat patterns and supports a dynamic pattern-management framework that allows us to grow our knowledgebase, coalition participation and anticipate threat evolution. Patterns are built both from a top-down analytical perspective and a bottom-up referential knowledge base of previously uncoordinated events. Together, these perspectives are meshed into a unified view that provides context for events in real-time and give planners time to prepare for likely Cyber Security threats.