Better Intelligence – A Key for Better Cyber Defence

Cybertech 2014 held this week in Israel provides an excellent opportunity to scan a wide range of cyber security solutions. Attending the event, Tamir Eshel reports:

Organisations today are facing an unprecedented wave of targeted cyber attacks that, by nature, are smart enough to exploit their unique vulnerabilities. Cyber criminals and rough nations are using multiple attack vectors including zero day exploits and unknown malware to breech security measures implemented to protect networks and information systems. Existing rule/signature based solutions and perimeter defences are no longer sufficient to deal with such attacks, known as Advanced Persistent Threats (APT).

In fact, all security experts already admit that – NO NETWORK IS SAFE TODAY, since undetected APTs have already penetrated and are resident in critical networks, regardless of their connection or isolation to the ‘outer world’. Facing those new threats require a different kind of protection, based on intelligence, rapid response, damage control, and rapid recovery, enabling the organisation to protect its most valuable assets, control potential damages by minimising vulnerability, and prevent the enemy from gaining meaningful achievements.

“Better security and protection begins with readiness – knowing what to expect. By getting to know the evolving threat landscape you are better prepared for emergency, ready for preemptive action and quickly respond in real-time alert to cyber attacks.” Yotam Gutman, SenseCy director of sales and marketing told CyberThreat. SenseCy, a young israeli startup is specialising in Cyber Intelligence. As the cyber threat landscape continues to evolve, traditional security mechanisms are failing time and again, providing inadequate in mitigating cyber threats. There is an ever-increasing need for better intelligence and understanding of current, relevant threats. SenseCy, a young cyber security specialist is offering such cyber intel, collected through the integration of ‘virtual human intelligence’ (Virtual HUMINT) and open sources intelligence (OSINT) methodology developed by the company. “This Virtual HUMINT method enables our agents to infiltrate deep web platforms and password-protected forums and exclusive social media groups, including underground and darknet.” Gutman added, “The information we collect is processed with linguistic expertise in many relevant languages, including Russian, Persian, Arabic, Chinese, or Turkish, turning raw data into meaningful information. SenseCy also provides malware analysis, to provide cyber incident lifecycle mitigation, covering the planning, attack and post event.” Gutman added.

While SenseCy is sending its cyber agents deep into the web, other services are focusing at the protected perimeter, where Cyberintel, another Israeli startup, is maintaining silent agents protecting the organisation’s end points. These agents automatically intercept suspicious codes, and extract valuable information from them. Cyberintel’s analysis server runs five separate threat analysis engines, by stripping the code of its camouflage, running it in a controlled environment, detect behaviour, interaction and communications. Through this analysis process Cyberintel can learn about the patterns, models and mathematical structure of the code, and by cross-referencing with other information sources, and, through reverse engineering, discover their behaviour, targets, strategies and suspected operators. This service is already protecting commercial organisations in the financial, infrastructure, logistics, aerospace and retail, as well as government agencies.

Not every user requires an in-house security system to guard its cyber premisses. Some organisations are more likely to outsource such services to a service provider, to enable them to focus on their regular businesses. Seculert has introduces a cloud-based advanced threat protection that provides immediate protection from advanced malware and APT. The system identifies existing infections and continues to detect unknown malware both inside and outside the protected network, serving the intranet, remote sites, remote-access employees or users accessing the network through smartphones, enabling organisations to securely implement modern ‘Bring Your Own Device’ (BYOD) culture. Seculert combines several detection and protection methods, including proactive botnet interception, and traffic log analysis, or maintaining  ‘elastic sandbox’ to handle suspicious files. To process this information the system interfaces with the protected and employs automatic Big-Data Analytics to process to uncover APTs.

Big Data Analytics is key to the implementation of effective detection of APT. But BDA requires extensive processing that isn’t always available. Designing a server tailored specifically for such processes, SQREAM Technologies developed new servers based on their patent pending technology that boosts analytics performance through massive parallel computing, using Graphic Processing Units (GPU). This technique enables the processing and analysis of bid data sets significantly faster than traditional database management systems, or analytics solutions.

Protection of critical infrastructure and industrial systems is becoming more acute, as networks are becoming increasingly connected and exposed, calling for new security paradigm. Continuation and data integrity are critical in those networks, where any potential failure can have extensive financial, operational or even life threatening implications. Such infrastructure include various industrial SCADA and critical manufacturing networks, financial payment systems, communications service infrastructure and other strategic installations.

Another Big-Data Analytics based solution is provided by ThetaRay, offering a system optimised for the industrial and infrastructure protection solutions. Theta-Ray protects against unknown zero-day threats and APT attacks that target critical infrastructure. According to the company, these rule-free algorithms are optimally built to deal with unknown threats, thus identifying cyber attacks and operational anomalies that are undetectable by other means of security. The ‘Hyper-dimensional Big Data Analytics’ process provides a comprehensive view of the entire organisational anomalies across multiple operations, systems and protocols, to detect hidden signs of unknown threats in minutes, rather than months. Through this ongoing analysis ThetaRay detects the signs of unknown threats and cyber attacks but also provides alerts of malfunctions or power shortages, which can impact SCADA network performance and result in critical network downtime.

We’ll continue our report from Cybertech later today

Leave a Reply

Your email address will not be published. Required fields are marked *


Google Analytics Alternative