As many have noted,
current security products are struggling to protect the enterprise from Cyber
Espionage attacks and the loss of intellectual property. Cyber Criminals have
attacked more than 90% of companies and are ciphering intellectual property (IP)
back into nation states or into organized crime. There are more traditional
approaches to security such as the distribution of signature files to detect
malware (malicious or malevolent software), however these are less than 5%
effective because the malware software morphs quickly making it very difficult
to keep the signature files distributed and up to date. Other security vendors
ask you to place "security agents" on all your enterprise endpoints
such as PCs, workstations, mobile devices, and servers. With the growing number
of devices, especially mobile devices with enterprise trends such as
"Bring Your Own Device" (BYOD), it is very difficult to manage these
agents and keep them up to date. As we enter the age of Machine-to-Machine
(M2M) where cloud connected automobiles or a city full of sensors and internet
connected cameras emerge, providing agents to protect the billions of Internet
things will be impossible.In addition, the new BYOD mobile trend now brings the cyber attacks from the inside-out,
rather than through the perimeters that traditional firewalls used to
secure.
Thanks to a new
innovation in Cyber Security, a new breed of Big Data streaming analytic companies will enter
the market with a new breed of anomaly-based products and services. The new
software will be able to listen to abstracted "flows" of network
traffic of speeds beyond 100Gb and then machine-learn what the "normal
behavior" of enterprise devices, applications, and the packets they
generate. It will take "Cloud to fight Cloud", meaning you need a
cloud architecture for Cyber Security to scale to the massive Big Data found in
Cloud architectures. Flows will be the new abstraction for Software
Defined Networks (SDN) found in next-generation enterprise cloud
architectures. Abstracted flow-based cyber security solutions will be the only solution for tracking "persistent threats" (breaches that occur over a longer period of time such as months) securing the emerging new hybrid cloud
architectures using OpenFlow-based
technology.
Once you have a
baseline footprint of normal enterprise behavior (e.g communication behavior between devices), you can sift through the
mountain of Big Data packet information to find the needle in the haystack.
Meaning the analytics software will detect the presence of threat actors
because their activity is not always similar to "normal employee
behavior". Innovative and scalable advanced analytical techniques will use
similar methods found at the center for disease control to detect outbreaks of
diseases coming at a city, this is known as syndromic
surveillance. But that is not enough, other analytical techniques such as
those used in estimating crop yields from satellite images can also come into
play for detection of anomalies (changes over time in your network). Once the
anomaly is detected, advanced ontology engines (methods) can be deployed to
start building a timeline for an Advanced
Persistent Threat (APT).
Ontology
has been used in information science by security companies such as Semantic
Research to tie together
relationships of data across a multitude of data sources to create an
"inference" (or to infer) on how you are being attacked, how the
anomalies tie to security incidents and then tie to APT phases of an attack. in
addition these techniques can serve to discover who the perpetrators are and to
identify the intellectual property they are after. The end result is that you
have now sifted through petabytes of data, turned that data into
"information" as it relates to suspicious activity, then turned the
information into a rich set of "actionable knowledge" for your
enterprise to protect core assets and IP. For industrial solutions, this same
Cyber Security innovation and approach can also be applied to industrial
control systems or SCADA.
This includes oil fields, water treatment plants, nuclear facilities, or even planes in flight!
CyberFlow Analytics is
a new startup based in San Diego that will realize the
vision of a new breed of effective Cyber Intelligence-as-a-Service innovation.
With a focus on a variety of Bit Data Analytical Streaming Engines combined with Ontology
mapping back-end processing, this new SaaS offering will enable the enterprise
or service provider to rapidly plug in our partner hardware probes and be up
and running quickly. No security experts or IT experts will be required for
installation and configuration. The system will use machine learning techniques
to understand the normal activity and behavior of the enterprise and rapidly
accelerate the detection and tracking of Advanced Persistent Threats in your
business.
By using a
multi-tenant CyberIntelligence-as-a-Service (CyberIaaS) cloud, CyberFlow
Analytics will become the next information center of Cyber Security to intelligently inform
you of Cyber attack trending activity across the industry and across the
tenants of the cloud SaaS service. For example, when armies of Botnet attacks
happen, you want to know whether this is a widespread industry attack or just
an attack on your organization. Botnets are patient and subtle, but can wreak
widespread havoc. News headlines speak to their trophies: Hackers Take Down the
Most Wired Country in Europe; DDOS Attacks Crush Twitter, Hobble Facebook; How
a basic attack crippled Yahoo; DDoS attack strikes UltraDNS, affects Amazon,
Wal-Mart. With a cloud-based security solution there is strength in numbers. If
one company detects and solves an attack, with a SaaS-based service all other
tenants of the cloud will benefit. In fact ontology engines and Big Data
analytics in the CyberIaaS cloud can begin to provide even a richer set of
actionable knowledge based on the intelligence across a collective group of
tenants of a security service.