You are here

NOMAD: A Cyber Operations Fly-away Kit

Award Information
Agency: Department of Defense
Branch: Air Force
Contract: FA8649-23-P-0271
Agency Tracking Number: FX224-OCSO1-0009
Amount: $46,556.00
Phase: Phase I
Program: SBIR
Solicitation Topic Code: X224-OCSO1
Solicitation Number: X22.4
Timeline
Solicitation Year: 2022
Award Year: 2023
Award Start Date (Proposal Award Date): 2022-11-01
Award End Date (Contract End Date): 2023-02-03
Small Business Information
1936 Larson Ct
Erie, CO 80516-7578
United States
DUNS: 080986167
HUBZone Owned: No
Woman Owned: No
Socially and Economically Disadvantaged: No
Principal Investigator
 John Grigg
 (720) 943-4568
 theteam@cyberwinterstudios.com
Business Contact
 John Grigg
Phone: (720) 943-4568
Email: theteam@cyberwinterstudios.com
Research Institution
N/A
Abstract

The complex nature of cyber incidents, combined with the sophistication of threat actors makes it nearly impossible for security teams to identify and fully understand all the details of a compromise before, during, or even after a breach. This is because security teams struggle to find and react to even a single incident amongst a sea of data across an entire infrastructure and an attackers seemingly un-related malicious activity goes unnoticed until they are embedded deep within a companies infrastructure. For teams in the field, such as Incident Response, the likelihood that they can quickly spot a threat actor on a network with the tools provided is slim to none; It’s like trying to find a grain of sand on the beach. The heart of the problem is that field deployed cyber teams are given 2 choices: bring monumental amounts of hardware with them to deploy an enterprise grade solution, or pack light but lose capabilities. And the current AF platform for deployable cyber teams relies heavily on open source software, broad and signature-based alerting, and tools that don’t integrate well. So CyberWinter Studios had an idea...the Nomad. A lightweight, portable, and immensely powerful cyber operations platform that can offer all the capabilities of an enterprise solution, but deployed on mini servers and laptops. We offer the defender a chance for complete visibility of malicious activity, regardless of the network and conditions. Our custom offering of the NetWitness suite (aka Nomad) is based on the principle that deployed cyber operators need as much (if not more power) than a SOC or INFOSEC analyst. Our platform will allow us to deploy NOMAD on high capacity, portable servers, all of which will meets AF requirements. Additionally the system will provide easy memory expansion to support operations (ie, evidence collection) as mission requires; this is ideal for immediate and ad-hoc investigation requirements. It allows for complete visibility through the collection of data across physical, virtual, and cloud platforms and across packets, logs, endpoint, and netflow data as well as threat intel from multiple intelligence sources. The system lets analysts detect and monitor emerging, targeted and unknown threats as they traverse the network as well as allowing users to reconstruct entire network sessions for forensic investigations. NOMAD also utilizes machine learning, behavioral analysis, and data science techniques. This allows responders to quickly understand the true nature and scope of the attack in time to identify and eradicate it. And with flexible integration options, our fly-away kit works easily with other security tools that are already in place in a network to increase a security teams effectiveness.

* Information listed above is at the time of submission. *

US Flag An Official Website of the United States Government