Cyber Security Moves from Detection to Prediction

October 27th, 2016

In the cyber security arms race, many traditional defenses — including firewalls, antivirus software and intrusion detection — are being outpaced by the most advanced threats.

The proof? Consider these notable organizations whose cyberattacks have come to light: Dropbox, the U.S. Democratic National Committee, Yahoo…the list goes on and on.

The sheer number of state-sponsored attacks is shocking. This past summer, Google senior VP Diane Greene told attendees of a Fortune magazine technology conference that the company notifies customers of 4,000 state-sponsored attacks each month.

That’s why several cyber-defense organizations are developing non-traditional techniques for advanced detection. These efforts are shifting the focus from detection to prediction, using techniques such as machine learning and data modeling to create probabilistic warnings.

The new tools being created sense both internal and external indicators of an attack — anything from anomalous network behavior to threatening social media posts. The systems analyze topics of discussion, emotional language and technical communications to name a few of the indicators of potential threats.

A variety of new tools and techniques amass these social and behavioral cues and pass the data to analytics systems that look for patterns indicating when it’s appropriate to generate an early warning or take defensive action.

Cause for Concern

One such system is CAUSE, short for Cyberattack Automated Unconventional Sensor Environment. It’s being developed by the Intelligence Advanced Research Projects Activity, a U.S. government agency. When complete, CAUSE will provide an unconventional early-warning system for cyber attacks.

CAUSE is borrowing techniques developed earlier by IARPA to forecast events such as disease outbreaks and political crises. Those earlier efforts combined publicly available data with forecasting software.

“We are focused on the human aspect of prediction, versus detection,” said Anne Taylor, a group director at CAUSE partner BAE Systems, in a recent interview. BAE’s customers include government agencies in the United States and U.K.

BAE Systems detects otherwise hidden patterns of events that may indicate suspicious behavior or provide warnings of a future cyber attack. To do this, it combines threat-intelligence management, big data analytics and context enrichment.

Spy vs. Spy

Why is advanced detection needed now? In large part, because the very nature of today’s threats has changed so dramatically. Cyber crime is the organized spying of nation states.

“The information revolution fundamentally changes our operating environment,” said Alex Younger, chief of U.K. secret intelligence service MI6 at a recent meeting on national security at the George Washington University Center for Cyber and Homeland Security, in Washington, D.C. “I would go so far as to say that in five years’ time there will be two sorts of intelligence services: those that understand this fact and have prospered, and those that do not and have not.”

Masergy uses machine learning to spot and predict advanced persistent threats in its Unified Enterprise Security solution.

To learn more, download the white paper “Masergy’s Unified Enterprise Security Solution.”

David Venable

David Venable, Vice President of Cyber Security at Masergy Communications, has over 15 years experience in information security, with expertise in cryptography, network and application security, vulnerability assessments, penetration testing, and compliance. David is a former intelligence collector with the National Security Agency, with extensive experience in Computer Network Exploitation, Information Operations, and Digital Network Intelligence. He also served as adjunct faculty at the National Cryptologic School.