Richard Biever and Ken Goodwin will present at the 2020 NSF Cybersecurity Summit
By Gregory Moore
Richard Biever is Duke University’s chief information security officer and director of identity management. He and Ken Goodwin, director of networking, Pittsburgh Supercomputing Center, will be presenting Both Sides of the Looking Glass: How Vulnerability Scanning and Honeypots Can Work Together in Proactive Cybersecurity Operations at the upcoming 2020 NSF Cybersecurity Summit for Large Facilities and Cyberinfrastructure hosted by Trusted CI (the NSF Cybersecurity Center of Excellence).
ResearchSOC spoke with Biever about the upcoming summit.
ResearchSOC: Give us a preview of what you’re going to be presenting and what you’d like attendees to get out of it.
R.B.: I think the biggest thing for me is how STINGAR, our shared threat intelligence service, will work with other services in the ResearchSOC portfolio. Ken Goodwin’s team with the Pittsburgh Supercomputing Center is providing the vulnerability scanning service. Each one singularly can do some very cool things and help an organization to mitigate risk. But taken together, we think you get more bang for your buck. We’ll do a very brief recap of the services but focus the discussion around how the two services will work together.
Duke developed STINGAR a few years ago because the threat intelligence products on the market did not meet our needs. We needed something that could detect attacks and react in near real-time, and we figured out a framework that worked for us and others. The STINGAR service can detect attacks using honeypots, block the information in near real-time, and share with other partners. This last point was key because we are a huge proponent of information sharing. If Duke just sees things, that’s good, but wouldn’t it be nice if we could broaden that, and higher ed partners could share the information to collectively protect ourselves better.
Now add this in with the idea of vulnerability scanning. Vulnerability scanning will tell you: Here are which systems that have issues for these types of applications or services, with a risk-rating. Combine this information with data on what is attacking your network, and you can see where you need to spend time protecting certain systems.
The vulnerability scanning can also fingerprint certain systems/services on a research facility’s network. We can then marry that information up with the honey pots to mimic the services, putting them on the network so we can see that what traffic is aimed at those vulnerable services.
The basic idea behind this upcoming session is to say, “here are a two key security services, here’s how they can work together, and here’s what we envision for their coming future with ResearchSOC.”
ResearchSOC: Tell us a little bit about yourself and your background leading up to your current work.
R.B.: I started off in political science and international relations. We lived in Georgia and I got my start at the Board of Regents there. They had built out a research and education network.
I got into security for two reasons. The first was identity theft. I had my identity stolen and that really irritated me. Then along the way I was also working at Hewlett-Packard while they were making a transition to Linux and we started looking at it. How would we build servers in a secure fashion? That got me started down this path.
I’ve done a little bit of everything in the security and IT space. In February, I will have been at Duke for ten years. I was lucky to have gotten involved in other areas such as identity management as we started to do some very cool things there around multi–factor authentication. I’ve also been involved in network engineering and have been involved heavily in the data analytics service that we’ve been building. Which is kind of interesting because when we look at the security space that is one of the big opportunities. How do security teams get better at using data in an automated fashion to do things like dynamically block attacks, identify compromised machines, identify compromised credentials, etc. So, security in my mind is ripe for disruption when it comes to application of data analytics, machine learning, and AI.
ResearchSOC: Tell us the goals and benefits of the summit from your personal perspective.
R.B.: I think for me – and I’ve come to these for several years – it’s a chance to share information and identify partnerships.
I like walking out of the summit with two or three things that I think are what we need to be doing right now and how to deepen relationships we have formed with people through these engagements and others like them. So to me – and this is something where I think higher education and the NSF community at large is doing better than some of the other verticals in the security space – is that there is a coming together and sharing of ideas, approaches, etc., that you sometimes don’t get out of the more corporate environments.
The Research Security Operations Center (ResearchSOC) is a collaborative security response center that addresses the unique cybersecurity concerns of the research community. ResearchSOC helps make scientific computing resilient to cyberattacks and capable of supporting trustworthy, productive research. For more information on the ResearchSOC, visit our website or email email@example.com.