For years, Lockheed Martin defended its cyber frontiers from sophisticated attacks with an innovative system for cracking open and inspecting incoming data.
Now they’re giving that system, called Laika BOSS, away.
“We’ve built an incredible amount of our tools on top of existing open source frameworks,” says Adam Zollman, a network defender at Lockheed who demonstrated the Laika BOSS system at the Black Hat cybersecurity conference in Las Vegas last week.
“Now, we’re able to contribute back, to share in-kind, because that’s what the security community is built on, this sharing and crowdsourcing of our defenses,” he says. “We say cyber is a team sport. This is our recognition that we want to be – and are – a part of that team.”
The news of Lockheed releasing Laika BOSS was first reported by Dark Reading.
The Laika BOSS system was developed and used internally at Lockheed and then rolled out to commercial clients. Lockheed works with private sector firms in sectors ranging from healthcare and financial services to energy and utilities in addition to government clients.
What makes Laika BOSS unique is its ability to strip away the layers of “obfuscation and obstruction,” as Lockheed cyber intel analyst Matthew Arnao put it in Lockheed’s Black Hat presentation, that hackers and malware purveyors use to slip past cyber defenses.
By drilling down to the individual file level, Mr. Arnao says the system allows analysts to find “badness no matter how many layers you have to go through. Bad guys always find new and interesting ways to hide their malware.”
While there are many malware analysis tools and reverse engineering resources available to analyze malicious code, most work best in one-off, isolated conditions and are not capable of real-time processing, as Lockheed says in a white paper outlining the Laika BOSS system. As a result, most security teams have to manage a disparate set of analysis tools with different capabilities. This inefficient solution presents a frustration for many defenders: being able to detect malware in a lab, but not able to scale that approach to successfully detect malware and defend an enterprise.
Because Laika BOSS can detect malware in the wild and not just in a controlled setting, it empowers security analysts to focus on analyzing and defeating threats rather than just identifying them, says Mr. Zollman.
“We have human adversaries, and that means we need human defenders. There are no shortage of security tools that are black boxes with lights that go ‘bing’ and we all have enough of those and they are of somewhat dubious value,” he says. “We also have network defenders, and network defenders are great -- but the problem is they don’t work at machine speed. Our goal is to enable analysts by providing the power and flexibility at machine speed to actually defeat malware.”
The system, available for download on GitHub, can be used by any organization with a security team. It scales up across hundreds of powerful computers but can also run on a tiny processor like a Raspberry Pi, commonly used for small connected devices.
While Laika BOSS helps defenders defeat threats at the outset, it also helps analysts learn from past security errors. Its model of “exploding” digital objects to look inside them creates reams of metadata, which analysts can use after a digital intrusion to do forensic analysis and see where problems emerged.
By open-sourcing their technology, moreover, Lockheed believes that its internal defenders and clients will benefit from innovations built by outside security researchers and analysts.
“We can all take advantage of crowdsourcing our defenses,” says Zollman. “Our hope is that [Laika BOSS] becomes an integral part of security. It’s key that it’s an enabler for analysts. If you’re looking for set it and forget it security, Laika BOSS isn’t for you. But if you’re looking for flexibility and power in analysis, we think anybody can take advantage of it.”
Read more about Laika BOSS here.