Skip to main content
SHARE
Publication

Akatosh: Automated Cyber Incident Verification and Impact Analysis

by Jared M Smith, Elliot D Greenlee, Aaron E Ferber
Publication Type
Conference Paper
Journal Name
Proceedings of the ACM Conference on Computer and Communications Security
Book Title
CCS '17 Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security
Publication Date
Page Numbers
2463 to 2465
Conference Name
ACM Conference on Computer and Communications Security (CCS)
Conference Location
Dallas, Texas, United States of America
Conference Sponsor
ACM
Conference Date
-

Akatosh, a U.S. Department of Homeland Security Transition to Practice Program (TTP) project developed by Oak Ridge National Laboratory with industry and academic partnership, enables automated, real-time forensic analysis of endpoints after malware-attacks and other cyber security incidents by automatically maintaining detailed snapshots of host-level activity on endpoints over time. It achieves this by integrating intrusion detection systems (IDS) with forensic tools. The combination allows Akatosh to collect vast amounts of endpoint data and assists in verifying, tracking, and analyzing endpoints in real time. This provides operations personnel and analysts as well as managers and executives with continuous feedback on the impact of malicious software and other security incidents on endpoints in their network.