Cybersecurity that thinks

Uploaded on 2015-03-02 in NEWS-Cybersecurity News, FREE TO VIEW, TECHNOLOGY--Resilience

Until recently, using the terms “data science” and “cybersecurity” in the same sentence would have seemed odd. Cybersecurity solutions have traditionally been based on signatures – relying on matches to patterns identified with previously identified malware to capture attacks in real time. In this context, the use of advanced analytical techniques, big data and all the traditional components that have become representative of “data science” have not been at the center of cybersecurity solutions focused on identification and prevention of cyber attacks.
LEARN MORE
This is not surprising. In a signature-based solution, any given malware or new flavor of it needs to be identified, sometimes reverse-engineered and have a matching signature deployed in an update of the product in order to be “detectable.” For this reason, signature-based solutions are not able to prevent zero-day attacks and provide very limited benefit compared to the predictive power offered by data science.
Among the many definitions of data science that have emerged in the last few years, “gaining knowledge from data using a scientific approach” best captures some of the different components that characterize it.
An unprecedented number of companies that have reported breaches in 2014; evidence that existing cybersecurity solutions are not effective at identifying malware or detecting attackers inside an organization’s network. 
Three technological advances enable data science to deliver new innovative cybersecurity solutions:
    Storage – the ease of collecting and storing large amount of data on which analytics techniques can be applied (distributed systems as cluster deployments).
    Computing – the prompt availability of large computing power allows easy use of sophisticated machine learning techniques to build models for malware identification.
    Behavior – the fundamental transition from identifying malware with signatures to identifying the particular behaviors an infected computer will exhibit.

Let's discuss more in depth how each of the items above can be used for a rigorous application of data science techniques to solve today's cybersecurity problems. 
Having a large amount of data is of paramount importance in building analytical models that identify cyber attacks. For either a heuristic or refined model based on machine learning, large numbers of data samples need to be analyzed to identify the relevant set of characteristics and aspects that will be part of the model – this is usually referred to as “feature engineering”. Then data needs to be used to cross check and evaluate the performance of the model – this should be thought of as a process of training, cross validation and testing a given “machine learning” approach.
One of the reasons for the recent increase in machine learning’s popularity is the prompt availability of large computing resources: Moore’s law holds that the processing power and storage capacity of computer chips double approximately every 24 months.
These advances have enabled the introduction of many off-the-shelf ‘machine learning’ packages that allow training and testing of machine learning algorithms of increasing complexity on large data samples. These two factors make the use of machine learning practical for use in cybersecurity solutions.
There is a distinction between data science and machine learning, and we will discuss in a dedicated post how machine learning can be used in cybersecurity solutions, and how it fits into the more generic solution of applying data science in malware identification and attack detection.
The fundamental transition from signatures to behavior for malware identification is the most important enabler of applying data science to cybersecurity. Intrusion Prevention System (IPS) and Next-generation Firewall (NGFW) perimeter security solutions inspect network traffic for matches with a signature that has been created in response to analysis of specific malware samples. Minor changes to malware reduce the IPS and NGFW efficacy. However, machines infected with malware can be identified through the observation of their abnormal, post-infection, behavior. Identifying abnormal behavior requires primarily the capability of first identifying what's normal and the use rigorous analytical methods – data science – to identify anomalies.
http://www.computerworld.com/article/2881551/creating-cyber-security-that-thinks.html?phint=newt=computerworld_security&phint=idg_eid=2bb689d07643a520469baa93e05ca014#tk.CTWNLE_nlt_security_2015-02-23

« New weapons offer hope against advanced cyber-attacks
CAUSE: Predictive Software to Counter Cyber Attacks »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Radiant Logic

Radiant Logic

Radiant Logic is a market-leading provider of federated identity solutions based on virtualization, and delivers simple, logical, and standards-based access to all identities within an organization.

Security Industry Association (SIA)

Security Industry Association (SIA)

The SIA's mission is to be a catalyst for success​ within the global security industry through information, insight and influence.

Holm Security

Holm Security

Holm Security are taking vulnerability assessment into the next generation as a cloud service.

NEC

NEC

NEC offers a complete array of solutions to governments and enterprises to protect themselves from the threats of digital disruption.

Trustlook

Trustlook

Trustlook's SECUREai engine delivers the performance and scalability needed to provide total threat protection against malware and other forms of attack.

Mnemonica

Mnemonica

Mnemonica specializes in providing data protection system, information security compliance solutions, cloud and managed services.

Lirex

Lirex

Lirex offer consulting and outsourcing services, complete design, construction and maintenance of ICT solutions and systems including cybersecurity.

Cybersec Infohub

Cybersec Infohub

Cybersec Infohub is a Hong Kong government programme to enhance the exchange of cyber security information with industry and enterprises to jointly defend against cyber attacks.

Basque Digital Innovation Hub (BDIH)

Basque Digital Innovation Hub (BDIH)

The aim of the BDIH initiative is to provide industrial enterprises, especially SMEs, with the technological capabilities needed to meet the challenges of industry 4.0.

Mphasis

Mphasis

Mphasis is a leading applied technology services company applying next-generation technology to help enterprises transform businesses globally.

Kape Technologies

Kape Technologies

Kape Technologies is a cybersecurity company focused on helping consumers around the world have a better digital experience with greater privacy and protection.

PolySwarm

PolySwarm

PolySwarm is a crowdsourced threat intelligence marketplace that provides a more effective way to detect, analyze and respond to the latest threats.

Lodestone

Lodestone

Lodestone partners with clients to help them mitigate business and reputational risk, through our human-based, approach to cyber security, digital forensics and incident response.

Internet Watch Foundation (IWF)

Internet Watch Foundation (IWF)

Since the early days of the internet, our job has been to help child victims of sexual abuse by hunting down and removing any online record of the abuse.

CyberSG TIG Centre

CyberSG TIG Centre

CyberSG TIG Centre aims to propel Singapore as the world’s premier cybersecurity innovation hub for economic growth.

Redinent Innovations

Redinent Innovations

Redinent is a cutting-edge IoT Security platform that offers precise security posture analysis and delivers actionable intelligence, empowering businesses to operate with unrivaled resilience.