Date: Jan 01, 2010 Source: DARPA Success Stories (
click here to go to the source)
Technical Challenge Addressed:
Mobile cyber assets and wireless networks present unique security challenges since wireless signals can be intercepted and unauthorized signals can be injected into networks. Tools that locate wireless activity generate massive amounts of data requiring special expertise and considerable time to correlate and interpret for threat detection. Security teams conduct wireless security audits, called "wardrives," to locate wireless emitters, but detection tools have limited capability to combine, analyze rapidly and depict collected data beyond a single time/location.
The DARPA SBIR project addressed the need for an analysis and visualization tool to correlate collections from open-source and Department of Defense (DoD) wardriving tools and wireless intrusion detection systems. The tool allows security teams to identify, evaluate, and counter suspicious, unauthorized access near networks and facilities by showing wireless device activities. This extends available wireless security methods by adding an ability to analyze large data volumes, visually depict threats by their temporal and spatial patterns, and efficiently report results.
Technology Description:
MeerCAT is an integrated set of visualization tools that helps analyze risks to critical assets from mobile threats by presenting a unified picture of the location, security state, behavior patterns, temporal patterns, channel usage and mission of both authorized and unauthorized wireless devices. It provides a 3D geographic fly-through visualization showing satellite imagery and color-coded graphic views of wireless devices and their attributes and relationships. It then links these views to provide multiple, simultaneous perspectives of the data—such as before and after remediation—in an intuitive, interactive visual environment where highlighting or filtering in one view is reflected in all other views.
MeerCAT visualizes data collected from a variety of sources, including wireless discovery "wardriving" tools like Kismet, NetStumbler, and Flying Squirrel; wireless intrusion detection system sensors and communication sources like AirPcap. It may also be used with other applications needing analysis and spatial visualization to manage resources or characterize threats, including those for wired and wireless networks, intelligence teams tracking blue and red forces, mobile asset tracking and personnel security.
MeerCAT is a modular system that can be extracted and incorporated into larger systems. MeerCAT can also be used as a stand-alone system interfaced to external data sources. It is implemented in Java using the Eclipse Rich Client Platform (RCP) and Standard Widget Toolkit (SWT) for cross-platform support with native look and feel.
Lessons Learned & Best Practices:
• Identify users early, and enlist them to describe requirements and major challenges.
• Work with government laboratories for greater exposure to users and access to the latest technology.
• Select a project name that people will remember and associate with its use.
• Use commercial scenarios for demonstrations to show benefits without revealing government locations.
Economic Impact:
SBIR programs account for approximately 30% of the company's annual revenue. Expansion of MeerCAT supported by Phase III investments contributed to the company's 20% year-over-year growth.
The deployment of MeerCAT to DoD Flying Squirrel users helps establish MeerCAT as a commercial-quality product and facilitates its sale to commercial customers. A patent application has been submitted for MeerCAT, and the product has been cleared through the U.S. Department of Commerce for export.
Applications:
A version of MeerCAT, called MeerCAT-Flying Squirrel, is being integrated as a GOTS application with the Naval Research Laboratory-developed Flying Squirrel (FS) Wireless Discovery Tool Suite for use across the Department of Defense. In the 4th quarter of fiscal year 2010, MeerCAT will be available to more than 3,000 current DoD analysts who use Flying Squirrel to identify suspicious wireless access points in or near government facilities. DoD and intelligence community blue teams use MeerCAT to assess vulnerabilities while red teams use MeerCAT for penetration testing to locate wireless vectors.
Certified security engineers from Crimson Security, Inc. use MeerCAT during compliance audits to identify wireless networks, locate access points (APs), and analyze data flowing over those APs. Crimson's Chief Security Officer noted that MeerCAT "allows us to verify with the organization we are auditing that all wireless APs are accounted for", that an "analysis of an organization's wireless environment is also more thorough", and that this time-consuming process "has been reduced sharply with the addition of MeerCAT to the toolkit".
Partnering & Collaboration:
Secure Decisions has worked closely with NRL, developers of the Flying Squirrel collection tool, and Air Force Research laboratory (AFRL) to incorporate MeerCAT into a system for detecting and tracking suspicious insiders who might be using wireless devices within government buildings. As a result, MeerCAT is able to depict the location and movement of wireless devices both outside and inside a building.
Several of MeerCAT's beta testers were DoD wireless security analysts experienced in collecting data with a variety of tools, but who were looking for a method of performing post hoc analysis of the collected data. Two large systems integrators have provided funding to customize MeerCAT.
About the Company:
Applied Visions, Inc. (AVI) develops visual software solutions to help solve complex defense, national security, information security, infrastructure protection, financial, and business problems.
