Who remembers the 1983 movie starring Matthew Broderick titled “War Games”? This was one of the first movies that piqued my interest in computer security. In those days it was the use of acoustic couplers to dial a remote computer and we could actually communicate with a remote pc which was fascinating for me. Before long it was dial-up modems where I could literally dial anywhere I wanted to because it was attached via a serial cable to my pc. And yes such power at my fingertips meant I did perform some ethical hacking as a form of learning the inner workings of computer security and also the fact that I thought I was Matthew Broderick too!
Fast forward 30 years and I am still involved in computer security albeit from a different angle. Firstly through my ever continuing research on computer security topics as part of my PhD program and also secondly through the application of data analytical capabilities to detect and counter threats.
But let’s take a step back first to understand today’s cyber security threat and what it means to you. The proliferation of device connectivity onto the internet over the past 20 years has given rise to huge volumes of information that is accessible from one device to another. It’s a very simple concept; a device connects to another to exchange bits of data across a communications link. In the today’s modern form however the availability of data is what attracts the cyber criminals.
Protect your data, but also understand the data protection policies of your trading partners.
We heard last month from the US Department of Justice on the case of charging several Chinese Nationals who have been identified as stealing trade secrets from US companies and feeding this back into Chinese corporations. This however is not your backyard group of ragtag coders though. This is a sophisticated state backed group using techniques that are developed in-house. Their targets are not the military missile silos either like they depicted in wargames, they are corporate organisations.
Their targets are patent designs and any other corporate information that can be used as an advantage. And they don’t discriminate on organisation size either. I recently spoke to a CEO of a Funds management organisation based in Canberra that specialises in rural properties. I asked him what his organisation is doing in regards to protection of corporate secrets and his response was very sobering. His view was that they weren’t a target. “What do we have that would be of interest to them?” After pointing out the value of any form of data to foreign organisations, he got the picture.
A survey by Ponemon institute about cyber-attacks highlighted the state of cyber readiness. In this report I note the following figure:
Less than half agreed that their organisation is vigilant in detecting attacks and slightly less agreed that they were preventing attacks. I thoroughly recommend reading this report as it highlights some fascinating insights into the state of the art of cyber attack prevention. Download the report here.
And attacks may not come directly into your organisation either. On a local note here in Canberra, we witnessed the accessing of building design plans of the new ASIO HQ not directly against ASIO but via a 3rd party contractor. Therefore we see that access comes in many forms, shapes and sizes. Protect your data, but also understand the data protection policies of your trading partners.
So in understanding the context of cyber-attacks on our society, how does the use of data analytics play a role in defending against these attacks? The obvious answer lies in the vast amounts of information that we have at our fingertips and analysing this data to figure out what is happening. There are a number of key requirements that a data analytical system to combat cyber attacks should have and I have outlined a few below:
Speed– Obviously the quicker we can analyse the data, the quicker we can detect the threat and put in place counter measures. But traditionally, data analytics has taken on a historical view of the data. It was ok to send the data off to somewhere to be processed and have a result come back a few hours later, but that’s not how we handle cyber security data. We now must develop processes whereby we can collect, analyse and take action in a fraction of a second. Any longer and the attack would be deemed to be successful. To do this we have to design environments that collect data instantly and process the data “in-flight”. Therefore analytical functions have to be performed at the point of capture in real-time.
Volume– Imagine if we had to walk around our house constantly monitoring every fence line to stop burglars coming over. As soon as we turn our backs, one could slip over in an instant. Well the same applies to the volume of data we need to keep watch over. Analytics plays a role in analysing web logs, firewall logs, change logs, application logs, packet information and user activity all in one place. Organisations need to centralise security information into one place to analyse it all as a single entity and not in isolation. Miss one bit of information and sure enough the attack will come through that crack.
Convert to an intelligence driven security model- Just like the hackers out there evolve quickly, so to must our security models adapt. As organisations, we are far too slow and rigid in our security approaches to be able to adapt quickly to the multiple threats that appear every day. Therefore we must move towards an intelligence driven security model. This approach relies on security-related information from both internal and external sources being combined to deliver a comprehensive picture of risk and security vulnerabilities. Current security models rely too much on detecting what’s already known and protecting the enterprise against those threats. Instead an intelligence driven security model will help us to detect the unknowns and predict the threats. As a result we can strengthen our defences where the attacks are going to come from. Predictive analytics certainly has a role to play in this space and Teradata leads the way with our Aster platform.
Know the unknowns and be more effective in protecting your organisation through the use of predictive analytics.
On a final note, I recommend you visit a news release from last year that highlighted the next big wave in partnerships on combating cyber-attacks. Teradata has formed a partnership with Novetta to develop next generation cyber security solutions. Combining the benefits of proven Teradata technology with Novetta advanced cyber security solutions is a no brainer. Especially when you consider that if the US military can trust Novetta for their cyber security needs, then surely you can too!
Ben Bor is a Senior Solutions Architect at Teradata ANZ, specialist in maximising the value of enterprise data. He gained international experience on projects in Europe, America, Asia and Australia. Ben has over 30 years’ experience in the IT industry. Prior to joining Teradata, Ben worked for international consultancies for about 15 years and for international banks before that. Connect with Ben Bor via Linkedin.