Sense and Security

Credit: fotogestoeber/Shutterstock.com

Credit: fotogestoeber/Shutterstock.com

Cyber is a word now synonymous with information security, and whilst its origins hark back to Norbert Wiener’s book (1948) ‘Cybernetics or Control and Communication in the Animal and the Machine’, its meaning gained a more relevant theme when promoted by William Gibson in his book ‘Neuromancer’ (1984). Gibson promoted the cyber theme as a world within computers, and all things associated to this activity, although security of data and information was a key theme at the heart of the concept.In essence cyber security is information security and the processes, tools, mechanisms, and practices enlisted to ensure the integrity of data and information is maintained. The terms information security and cyber security are often used interchangeably, and it is only when we talk explicitly about a breach of security that we align with past definitions of this term. In today’s modern digital world, what does this mean for the average corporation? To understand this clearly it helps to review where we have come from.

Looking back fifteen years to the start of the present millennia, corporate security was about preventing the latest variant of a virus like Melissa from causing temporary damage to your computer’s operating system and disrupting your work. At the time defence was all about perimeter security, and localised installations of anti-virus software on PCs and servers. These virus intrusions became a regular occurrence and required a great deal of reactive work to contain, protect, and disinfect the environment post-identification. The code was, by today’s standards, relatively straight forward, with the primary intent to disrupt and cause annoyance.

Fast forward to today, and the world is dealing with a very different animal. Modern security attacks are complicated, ingenious, and often laser-sharp in their targeting, with the objective no longer simply disruption, but all manner of specific goals. Some breaches are to gain access to private intel to generate revenue, some are for competitive advantage through corporate espionage, whilst others are more sinister in their end-game, to collapse particular infrastructures ranging from public utilities to emergency services. Whatever the objective, the cybercriminals of the modern era have advanced beyond the capabilities of historic perimeter and anti-virus measures. A different approach is necessitated to tackle this intellectual cyber threat.

A new breed of security organisation has emerged over the past few years, amongst which are established companies such as Darktrace and Vectra, working in the field of machine learning and artificial intelligence. By utilising advanced data analytics and mathematics to establish a known good base-line, as undertaken during a polygraph test, an AI based security system understands how a corporate network functions on a daily basis, what occurrences are routine, and what likely scenarios are to be encountered. By building this picture it is able to identify abnormal activity as it occurs, flag the incident for intervention, and perform automated actions to mitigate or minimise the threat of the abnormality being tracked.

These intelligent systems work on the premise of a ‘known good’ state, rather than a reactive AV model, that relies on a malicious piece of code being encountered so preventative measures can be created and distributed. This reduces the exposed risk of an organisation to a minimal plane, as the AI is watching for extraordinary activity rather than known viruses. Effectively the security services on the network become a living entity watching for unusual activity, and acting as a first line of defence against early intrusion. This removes the inherent latency of standard defensive models, eliminates the noise that can be dealt with automatically, and allows the security team to hone in and focus on actual threats that need human attention.

This new approach to intrusion detection is one of many gaining a following in the market. Others include solutions from companies like Bromium, who isolate key components and target assets to protect the underlying OS, and Spikes, who provide web browser isolation through their ‘Isla’ solution, thereby securing one of the key targets intrusion points.

With all of these new technologies on the market it would be understandable to feel that maintaining  a secure corporate environment is becoming a complicated task. The truth is that yes it is, but we live in a complex world that becomes more digitally focussed each day. We need a comprehensive arsenal of tools that specifically aim to monitor, detect, respond to, and eradicate threats and intrusions as and when they occur. The only way to achieve this is to integrate many tools that focus on specific weak points within our infrastructures.  The good news is there are security specialist organisations whose sole purpose is to understand these technologies, the threat landscape, and how to piece together the jigsaw that best fits each company. We need to trust in these specialists to help defend our orgnisations.

Heuristic scanning and modern AV techniques got us this far, but they are reaching limitations that cannot address the threats we are now facing. We need to look to the future, and integration of machine based analytics, pattern recognition, and intelligent diagnosis to help protect our corporations. Cyber-criminals have evolved – so should corporations!