Next-Generation Defensive Cyber Operations (DCO) Platform

摘要

The frequency and complexity of recent cyber intrusions have made the job of defending networks a daunting task. Signs of suspicious or malicious activity can be found in one of many data sources within the network. Local network defenders are held accountable for preventing cyber intrusions but generally are not provided with adequate tools to aid in prevention and detection. With the variety of local network-defense data sources (for example, log files, network traffic, endpoint artifacts) that must be analyzed for suspicious activity, a network defender's responsibility has evolved from finding a needle in a haystack to finding parts of a needle from among multiple haystacks. The National Security Agency's (NSA) next-generation Defensive Cyber Operations (DCO) sensor platform, known as CHUCK (Comprehensive Hunt & Ultimate Cyber Kit), is an initiative to provide a platform for local network defenders to collect large volumes of network-defense data from multiple sources within an environment, thereby enabling detection and discovery of new threats in a secure and timely manner.