State of the Art technology developed used by NSA and CIA part 2

WALKOFF

WALKOFF is an open source automation platform that enables users to easily integrate, automate and customize their processes enabling their environment to automatically adapt and respond to security threats.
WALKOFF is an automation platform enabling plug and play integration of devices through apps. By employing an app based architecture, integration capabilities only need to be written once and can be swapped in and out as needed.
Capabilities within WALKOFF apps can then be tied together to form Workflows. Workflows are defined in an XML format making them easily sharable across environments and organizations.
Apps can also have custom interfaces enabling app developers to uniquely display information. WALKOFF not only makes it easier for users to automate their work but to also quickly find and visualize information as well.

WaterSlide

WaterSlide is an event-at-a-time architecture for processing metadata. It is
designed to take in a set of streaming events from multiple sources,
process them through a set of modules ("kids"), and return meaningful outputs.
The user specifies a directed processing graph ("pipeline") of kids used to
process data, both raw content (e.g., files, binary structures) and metadata
about content. Kids can be filters, aggregators, annotators, decoders,
translators, and collectors. Code is only executed when data is made available
to a processing operation.
WaterSlide can be used as a streaming MapReduce framework for complex event
processing. It is designed to efficiently process data by minimizing copies,
grouping data, and reusing memory. It contains specially designed data
structures intended to explore event correlation on a massive scale with data
that is fragmented across process and systems. As with most stream processing
frameworks, many WaterSlide processing functions favor efficient approximate
computation over less-efficient exact computations.

Key Features:
* processing graph built at execution via command line or config file
* processing graph can have feedback loops
* zero-copy data processing, multiple "in flight" references to data
* generic processing functions that can work on any datatype
* anything that can be hashed can be used as a key for tracking state
* simple plug-in style development model
* built to handle text and binary metadata types
* expiring data structures for state tracking
* capable of reading from multiple sources
* Graphviz visualization of processing graph
* dynamic by-label sub-selection of data
* data garbage collection/reuse

Mitigation implementations

Mitigation implementations have not traditionally been evaluated or prioritized. NSA Information Assurance recommends mitigation strategies but there are few methods to validate proper implementation and prioritize fixes. The SAMI application was developed to monitor the degree to which specific aspects of the NSA Information Assurance top 10 mitigation strategies have been deployed on Windows endpoints. It monitors data related to the implementation of specific mitigations and returns prioritized recommendations to more completely implement those recommendations. The application can be used to determine a network’s mitigation implementation status and can be monitored over time to demonstrate improvements and identify changes that negatively impact mitigations.
SAMI evaluates several metrics:
Modern Operating System (MOS)
Anti-Virus File Reputation Service (AVFRS)
Host Intrusion Prevention System (HIPS)
Application Whitelisting (AW)
Anti-Exploitation (AE)
Pass-the-Hash (PtH)

REDHAWK

REDHAWK is a software-defined radio (SDR) framework designed to support the development, deployment, and management of real-time software radio applications. To support the design and development of software applications, REDHAWK provides tools that allow development and testing of software modules called "Components" and composition of Components into "Waveform Applications" that can be seamlessly deployed on a single computer or multiple network-enabled computers.

The REDHAWK integrated development environment (IDE) provides tools to support development of REDHAWK software. The development and deployment of REDHAWK Applications are aided by graphical editors and drag-and-drop Waveform construction. The IDE allows users to interact with and control multiple running REDHAWK instances and application

OZONE Widget Framework

The OZONE Widget Framework (OWF) is a framework that allows data from different servers to communicate inside a browser window without sending information back to the respective servers. This unique capability allows the OWF web portal to offer decentralized data manipulation. It includes a secure, in-browser, pub-sub eventing system which allows widgets from different domains to share information. The combination of decentralized content and in-browser messaging makes OWF particularly suited for large distributed enterprises with legacy stovepipes that need to combine capability. Use it to quickly link applications and make composite tools

LOCKLEVEL

LOCKLEVEL was designed as standalone components that can be deployed using existing systems management tools. These independent components leverage Python/PowerShell code for analysis and PowerShell/C/C++ code for system surveys.

GRASSMARLIN

GRASSMARLIN provides IP network situational awareness of industrial control systems (ICS) and Supervisory Control and Data Acquisition (SCADA) networks to support network security. Passively map, and visually display, an ICS/SCADA network topology while safely conducting device discovery, accounting, and reporting on these critical cyber-physical systems.