1 00:00:00,860 --> 00:00:04,443 (suspenseful violin music) 2 00:00:06,401 --> 00:00:09,568 (dramatic bass music) 3 00:00:10,800 --> 00:00:14,420 - So, DCO has the ability to deep dive into pieces of data, 4 00:00:14,420 --> 00:00:16,690 conducting home operations against adversaries' 5 00:00:16,690 --> 00:00:17,960 unfriendly networks. 6 00:00:17,960 --> 00:00:21,040 Unlike cyber security, we have the intelligence analysts 7 00:00:21,040 --> 00:00:23,450 and technical operators ready to engage the enemy 8 00:00:23,450 --> 00:00:25,530 on any network around the world. 9 00:00:25,530 --> 00:00:27,460 We take it one more step beyond building the wall. 10 00:00:27,460 --> 00:00:28,763 We actually defend it. 11 00:00:28,763 --> 00:00:31,930 (dramatic bass music) 12 00:00:34,020 --> 00:00:36,380 - Cyber protection, readiness and support team 13 00:00:36,380 --> 00:00:39,520 is responsible for building an accurate network baseline 14 00:00:39,520 --> 00:00:41,860 to identify any anomalies 15 00:00:41,860 --> 00:00:43,900 or malicious activity on the network. 16 00:00:43,900 --> 00:00:46,310 Once we have that baseline, we can also start identifying 17 00:00:46,310 --> 00:00:49,240 key mission terrain to focus on that cyber domain. 18 00:00:49,240 --> 00:00:52,407 (dramatic bass music) 19 00:00:54,890 --> 00:00:56,950 - Network analysts see how systems are communicating 20 00:00:56,950 --> 00:01:01,090 on the network, from baselines and maps provided by CPRS. 21 00:01:01,090 --> 00:01:03,340 We collect and monitor all network logs 22 00:01:03,340 --> 00:01:05,380 by tapping physical connections 23 00:01:05,380 --> 00:01:07,550 in order to identify anomalous traffic. 24 00:01:07,550 --> 00:01:10,112 From analyzed traffic, information is gathered 25 00:01:10,112 --> 00:01:12,915 and passed to the host team for further investigation. 26 00:01:12,915 --> 00:01:16,870 (dramatic bass music) 27 00:01:16,870 --> 00:01:18,950 - Hosts are any device connected to a network. 28 00:01:18,950 --> 00:01:20,770 By collecting and monitoring host activity, 29 00:01:20,770 --> 00:01:22,430 we can see user actions and processes 30 00:01:22,430 --> 00:01:24,200 executing across the network. 31 00:01:24,200 --> 00:01:26,330 We conduct both pattern and behavioral analysis 32 00:01:26,330 --> 00:01:29,780 to go a step beyond what enterprise security tools can see. 33 00:01:29,780 --> 00:01:32,120 By knowing who's on our network and what they're doing, 34 00:01:32,120 --> 00:01:34,010 we can conduct targeted ton operations 35 00:01:34,010 --> 00:01:35,500 and feed indicators compromised 36 00:01:35,500 --> 00:01:37,150 back into the intelligence cycle. 37 00:01:39,930 --> 00:01:42,040 - The intelligence analog does both intelligence community 38 00:01:42,040 --> 00:01:43,870 and commercial databases to better understand 39 00:01:43,870 --> 00:01:46,270 cyber-based threats, immersion technologies, 40 00:01:46,270 --> 00:01:48,080 and third actor exploit methods. 41 00:01:48,080 --> 00:01:49,700 We also have the ability to analyze 42 00:01:49,700 --> 00:01:51,040 and determine potential threats 43 00:01:51,040 --> 00:01:53,010 and ongoing malicious activity on our network, 44 00:01:53,010 --> 00:01:54,460 potentially linking this activity 45 00:01:54,460 --> 00:01:56,905 to state sponsored or non-state actors. 46 00:01:56,905 --> 00:01:59,370 (phone ringing) 47 00:01:59,370 --> 00:02:01,250 - Commanders depend on us to ensure control 48 00:02:01,250 --> 00:02:02,910 of the cyber domain, 49 00:02:02,910 --> 00:02:04,130 but our successes and failures 50 00:02:04,130 --> 00:02:05,802 have kinetic effects on the battlefield. 51 00:02:05,802 --> 00:02:06,792 (explosions) 52 00:02:06,792 --> 00:02:08,280 A compromised computer can make a difference 53 00:02:08,280 --> 00:02:10,570 from targeting and being a target. 54 00:02:10,570 --> 00:02:12,940 And DCO IDM is committed to gaining the advantage 55 00:02:12,940 --> 00:02:14,230 for future battles. 56 00:02:14,230 --> 00:02:16,313 (typing)