Abstract of Statement of Work Internal Use Only
Abstract of Statement of Work [Internal Use Only] Call in number: Conference Number(s): (469) 941 -0740 Participant Code: 6977859293 Black. Ridge Technology Risk Reduction Effort 31 Oct 2010 Version 4. 0 8 Nov 2010 v 6 Black. Ridge Technology Proprietary Information 1
Near Term Actions • HB Gary library delivery to Black. Ridge 15 Nov • BR to start Integration activity 15 Nov in Nevada • Start planning for demo “Con Ops” including developing chart deck for presentation to customer • Need 4 notebook PCs with XP on them for demo 8 Nov 2010 v 6 Black. Ridge Technology Proprietary Information 2
Comments from Mark Johnson Met with NII, good meetings Happy about CID effort to date Political turmoil, power grab reporting at issue in Government Akamai meeting Locked them down…proposal in progress Wednesday SOWs go out They are figuring out how to support ete demo Resolved filtering and selectino scenarios 8 Nov 2010 v 6 Black. Ridge Technology Proprietary Information 3
Top Level Schedule Tasks/Milestones Oct Nov Dec Contract Period of Performance CDRL Deliveries • A 001 Progress/Cost Report • A 002 TIM/Meeting Minutes • A 003 Risk Reduction Report System Engineering Milestones • API Defined • Demo Requirements • Demo Supporting Material Engineering Milestones • Test Stub Development • Code Integration Demo Integration and Test • Final Integration/Dry Run • Customer TIMDemo Issues Needing Resolution 8 Nov 2010 v 6 Black. Ridge Technology Proprietary Information 4
Risk Reduction Demonstration Primary Server Client HB Gary Client Black. Ridge TAC Client Driver Microsoft XP O/S TAC Gateway • Verifies authenticity of sender • Extracts security posture indication Trust Traffic No-Trust Traffic Ethernet Switch Black. Ridge Gateway Ethernet Switch HB Gary Client Black. Ridge TAC Client Driver Microsoft XP O/S Back-up Server Client
Back-up Charts for Reference 8 Nov 2010 v 6 Black. Ridge Technology Proprietary Information 6
CID 1 Overview Risk Reduction Phase Demo § § § HBGary and Blackridge currently on-contract Objective: HB Gary/Black. Ridge product integration risk reduction Demo week of 13 Dec to demonstrate initial integration of HB Gary end point client with a Black. Ridge TAC client driver and gateway CID 1 Demo § § Farallon already on-contract Contract negotiations soon with Black. Ridge, HB Gary, and Akamai § Need to negotiate values and payment schedules § Need to discuss POP – nominally it it through 31 September 2011 but it might make sense to accelerate § Front loaded cost curve § Objective: HB Gary/Black. Ridge/Akamai product integration risk reduction § Demo in CY 2011 demonstrate a secure End Point Chain of Trust to client using a secure and stealthy communication channel. 8 Nov 2010 v 6 Black. Ridge Technology Proprietary Information 7
Critical Task Overview Refine API interface definition between HB Gary and Black. Ridge (Draft already provided by John) Develop interface test code to independently test respective APIs Integrate products remotely via Internet by 15 Nov Conduct final demo integration at either Farallon or Black. Ridge facility in San Jose area Develop materials supporting customer demo in DC § § § Demo concept Supporting graphics and Powerpoint charts Demo script Demo in unclassified DC facility (Black. Ridge Reston location available) 8 Nov 2010 v 6 Black. Ridge Technology Proprietary Information 8
CDRL Requirements A 001 Monthly Progress/Cost Report § § § Due to Farallon 5 days after month-end No cost reporting/only progress report Subcontractor format acceptable, one page also acceptable, bullets OK A 002 TIM Presentations/Meeting Minutes § § Only TIM is demo per Mark Peterson See below for requirements A 003 Risk Reduction Report § § § Draft written jointly by HB Gary and Black. Ridge Due to end customer 31 Dec 2010 Content: § Project Objective § Risk Reduction Results § Lesson’s learned § Recommendations for further risk reduction efforts and new technology partners (This section is an opportunity for marketing to secure added FY 11 year end money or FY 12 money to expand content and technology partners 8 Nov 2010 v 6 Black. Ridge Technology Proprietary Information 9
Top Level Demonstration Objectives Demonstrate an integrated product suite including HB Gary’s End Point Agent and Black. Ridge Technology’s Transport Access Control (TAC) technology § § § Demonstrate Black. Ridge’s TAC driver integrated with an HB Gary agent Demonstrate the HB Gary end point agent’s ability to execute a trust assessment on an end point and detect a trust breach Demonstrate a remote chain of trust assessment utilizing the HB Gary and Black. Ridge technologies over a stealthy, remote and secure communication channel Demonstration Locations § § Integration: TBD Customer Demonstration: Black. Ridge office in Reston, VA (Library facility) 8 Nov 2010 v 6 Black. Ridge Technology Proprietary Information 10
Technology Overview Endpoint Cloud Services First packet, steganographic hash of endpoint identity and trust level Protected User Data Endpoint Identity Situational Awareness Internet NIPRNet SIPRNet Endpoint Trust Compromises and unknown endpoints across enterprise Policy Engine Protected Web Services Known endpoint, high trust Establish identity and trust prior to TCP/IP session Validation & Remediation Known endpoint, low trust Continuous assessment of endpoint compromise and trust level 8 Nov 2010 v 6 Black. Ridge Technology Controlled Unclassified Information Proprietary Information 11 11
Risk Reduction Demo Client PC Malware injected into client PC Windows XP O/S HB Gary Digital Client security posture agent communicates security posture assessment metric to Black. Ridge TAC client driver HB Gary Client Security Posture Agent Black. Ridge TAC Client Driver Requests containing a good security posture assessment sent to Server A Black. Ridge Gateway Appliance TAC Client Driver inserts modal token into every session request, Modal token communicates both identity and security posture derived from HBGary security posture assessment metric TAC Gateway verifies authenticity of sender and extracts security posture indication. TAC Gateway uses security posture to apply client security posture based request handling Requests containing a bad security posture assessment sent to Server B Server A - Good Security Posture 9/9/2020 Server B - Bad Security Posture 12
Demo Configuration Requirements Demonstration configuration requirements confirmed at next meeting: § Hardware requirements § Software requirements § Development environment/tools/versions § Demo architecture 8 Nov 2010 v 6 Black. Ridge Technology Proprietary Information 13
Demo Non Technical Requirements § Briefing deck for customer: § Emphasizes messages to be conveyed (Why demo important to customer, risks reduced. . ) § Includes supporting graphics to aid in comprehending what is shown § Given just prior to demo explaining what is shown and why important § Script for demo principals based on messages to be conveyed § Ensures smooth, polished presentation to customer § Risk Reduction Final report explaining what was achieved § Suggestions for added future efforts with this team supplemented by other interesting technologies § May want to convey these orally… 8 Nov 2010 v 6 Black. Ridge Technology Proprietary Information 14
- Slides: 14