Protecting the Enterprise from Cyber Espionage

As many have noted, current security products are struggling to protect the enterprise from Cyber Espionage attacks and the loss of intellectual property. Cyber Criminals have attacked more than 90% of companies and are ciphering intellectual property (IP) back into nation states or into organized crime. There are more traditional approaches to security such as the distribution of signature files to detect malware (malicious or malevolent software), however these are less than 5% effective because the malware software morphs quickly making it very difficult to keep the signature files distributed and up to date. Other security vendors ask you to place "security agents" on all your enterprise endpoints such as PCs, workstations, mobile devices, and servers. With the growing number of devices, especially mobile devices with enterprise trends such as "Bring Your Own Device" (BYOD), it is very difficult to manage these agents and keep them up to date. As we enter the age of Machine-to-Machine (M2M) where cloud connected automobiles or a city full of sensors and internet connected cameras emerge, providing agents to protect the billions of Internet things will be impossible.In addition, the new BYOD mobile trend now brings the cyber attacks from the inside-out, rather than through the perimeters that traditional firewalls used to secure.

Thanks to a new innovation in Cyber Security, a new breed of Big Data streaming analytic companies will enter the market with a new breed of anomaly-based products and services. The new software will be able to listen to abstracted "flows" of network traffic of speeds beyond 100Gb and then machine-learn what the "normal behavior" of enterprise devices, applications, and the packets they generate. It will take "Cloud to fight Cloud", meaning you need a cloud architecture for Cyber Security to scale to the massive Big Data found in Cloud architectures. Flows will be the new abstraction for Software Defined Networks (SDN) found in next-generation enterprise cloud architectures. Abstracted flow-based cyber security solutions will be the only solution for tracking "persistent threats" (breaches that occur over a longer period of time such as months) securing the emerging new hybrid cloud architectures using OpenFlow-based technology.

Once you have a baseline footprint of normal enterprise behavior (e.g communication behavior between devices), you can sift through the mountain of Big Data packet information to find the needle in the haystack. Meaning the analytics software will detect the presence of threat actors because their activity is not always similar to "normal employee behavior". Innovative and scalable advanced analytical techniques will use similar methods found at the center for disease control to detect outbreaks of diseases coming at a city, this is known as syndromic surveillance. But that is not enough, other analytical techniques such as those used in estimating crop yields from satellite images can also come into play for detection of anomalies (changes over time in your network). Once the anomaly is detected, advanced ontology engines (methods) can be deployed to start building a timeline for an Advanced Persistent Threat (APT). 

Ontology has been used in information science by security companies such as Semantic Research to tie together relationships of data across a multitude of data sources to create an "inference" (or to infer) on how you are being attacked, how the anomalies tie to security incidents and then tie to APT phases of an attack. in addition these techniques can serve to discover who the perpetrators are and to identify the intellectual property they are after. The end result is that you have now sifted through petabytes of data, turned that data into "information" as it relates to suspicious activity, then turned the information into a rich set of "actionable knowledge" for your enterprise to protect core assets and IP. For industrial solutions, this same Cyber Security innovation and approach can also be applied to industrial control systems or SCADA. This includes oil fields, water treatment plants, nuclear facilities, or even planes in flight!

CyberFlow Analytics is a new startup based in San Diego that will realize the vision of a new breed of effective Cyber Intelligence-as-a-Service innovation. With a focus on a variety of Bit Data Analytical Streaming Engines combined with Ontology mapping back-end processing, this new SaaS offering will enable the enterprise or service provider to rapidly plug in our partner hardware probes and be up and running quickly. No security experts or IT experts will be required for installation and configuration. The system will use machine learning techniques to understand the normal activity and behavior of the enterprise and rapidly accelerate the detection and tracking of Advanced Persistent Threats in your business. 

By using a multi-tenant CyberIntelligence-as-a-Service (CyberIaaS) cloud, CyberFlow Analytics will become the next information center of Cyber Security to intelligently inform you of Cyber attack trending activity across the industry and across the tenants of the cloud SaaS service. For example, when armies of Botnet attacks happen, you want to know whether this is a widespread industry attack or just an attack on your organization. Botnets are patient and subtle, but can wreak widespread havoc. News headlines speak to their trophies: Hackers Take Down the Most Wired Country in Europe; DDOS Attacks Crush Twitter, Hobble Facebook; How a basic attack crippled Yahoo; DDoS attack strikes UltraDNS, affects Amazon, Wal-Mart. With a cloud-based security solution there is strength in numbers. If one company detects and solves an attack, with a SaaS-based service all other tenants of the cloud will benefit. In fact ontology engines and Big Data analytics in the CyberIaaS cloud can begin to provide even a richer set of actionable knowledge based on the intelligence across a collective group of tenants of a security service.