Time is of the Essence for Cyber Security

Time is of the Essence for Cyber Security

Fourth of a four-part series

Time is an important dimension of data analysis and one that can be used to keep your networks safe from intrusions.

A communication network is, among other things, a temporal environment. In this context, the network is comprised of layers of timed events. Often, these timed events are mutually synchronized. That is, certain events must occur in a specific sequence to allow further communications.

Even complete communications occur in sequences of time. For example, a website cannot be connected unless the website’s name is first resolved to an address. This, in turn, activates connections to different locations in order to gather up all the components required to be displayed on the page. Even the user’s website visit is part of a larger temporal pattern, one that’s made up of typing, clicking and scrolling. All these actions occur over a span of time.

In addition, these activities can be observed for time-based analysis. Let’s say you determine through time-based observation that your staff does nearly all its Web browsing during normal, Monday-through-Friday work hours. On weekends and late evenings, you’d find, Web browsing is almost nonexistent. In this example, these are time-based observations, and they can help with all sorts of network planning, processing and protection.

Time Machine

Unfortunately, time is also a dimension of long-term storage that most analysis methods ignore.

That’s why Masergy’s Unified Enterprise Security (UES) platform uses long-term storage and behavioral profiles to analyze data over very long periods of time. Masergy understands the importance of time to security. In our approach, every given piece of data that operates on a temporal system is analyzed, and that analysis is done with appropriately temporal techniques.

Adding the dimension of time to analysis provides context for events, helping to reduce false positives. It also discovers events that are out of order, out of time, or missing—all of which can become candidates for further analysis. This broader scope adds context to analysis engines, letting them watch events that occur over long periods of time while still being able to map these to their learning models.

Masergy’s UES starts by using regression testing to verify learning models. Then it clusters the data into various time periods, such as hour of the day, day of the week or month, and week of the year. In this way, UES views events over multiple time frames. This enables the system to build a prediction matrix based on all pertinent dimensions and to gain the full context of all events.

Masergy’s technology platform also performs feature extraction using associated rules-based learning. This occurs in the pairing subsystem, which learns patterns in the sequences of events that each system experiences over multiple time periods. These sequences may become predictable using the data-prediction gradient; then they can be directly checked in all applicable time dimensions.

In this approach, time is your network security’s new best friend.

Learn about the many ways that Masergy’s Unified Enterprise Security analytics can protect your network and valuable data assets.

About Mike Stute

Chief Scientist, Masergy
Mike Stute is Chief Scientist at Masergy Communications and is the chief architect of the Unified Enterprise Security network behavioral analysis system. As a data scientist, he is responsible for the research and development of deep analysis methods using machine learning, probability engines, and complex system analysis in big data environments. Mike has over 22 years experience in information systems security and has developed analysis systems in fields such as power generation, educational institutions, biotechnology, and electronic communication networks.