How could ordering a pizza take down a bank?
It’s frighteningly easy—and illustrates the need for faster, more-sophisticated technology to block the even more-pernicious cyber-security threats targeting big companies today.
In the pizza example, a bank employee orders a pizza online, using his company email address to complete the transaction. And, like many people, he uses the same password for the pizza site as he does to log in to his bank’s workstation or intranet. Bad move: Clever hackers now automate cyber-attacks on some businesses with weaker security, like pizza parlors. They can easily snare the employee’s information, then try those login credentials on the bank’s website or employee VPN– and, if they work, tap into the bank’s internal networks.
More sophisticated hackers automate this process, intercepting millions of individual logins until they find someone working at a prime corporate target, whose login unlocks the company network for them. Boom: easy as that.
Welcome to a new era of cyber-security threats, where bad guys are retiring their old, ultra-sophisticated exploits and instead targeting the weakest link in the cyber-chain–humans. In this new era, the simplest attacks can be most effective, especially when cyber-criminals can automate such techniques en masse. It means companies have to move much more quickly—and deploy faster-moving detection techniques, using big data and even artificial intelligence—to keep up.
In the past, cyber-thugs preferred to attack a company externally, attempting to penetrate a well-fortified perimeter. But as perimeter security products have matured, the thieves have switched up the game. Instead of breaching the perimeter, cyber-thieves aim for boring, everyday network activity inside a company’s walls. It’s activity so dull that most companies don’t bother to store or analyze any data about it. Instead of overtly resembling bad guys, hammering at a firewall, cyber-criminals now impersonate the good guys: an ordinary bank employee, logging in as usual and going about his business at work.
How did this happen? And why does speed matter more than ever in terms of fighting these attacks?
Traditionally, most cybersecurity tools have focused on detecting external threats with signatures. A “signature” is code that identifies and blocks known, malicious code patterns. If a company sees a new threat, they’d write a signature against that threat and share it with other companies. You can imagine the cat-and-mouse game this creates: cyber-criminals innovate new perimeter threats, and corporate security defenders respond with more signatures. It’s a relatively slow process.
But the new trend of good-guy impersonation creates a conundrum for security executives, who are ill-equipped to detect cyber-thieves walking in the front door with stolen information. Signature, or rule-based approaches to security, don’t help. Instead, they now need to dive into mountains of data, analyzing millions of logs daily to detect minute anomalies in an employee’s behavior. Behavior-based security requires combing internal data in real-time, yielding prioritized “signals” for investigation. Behavior-based cyber-security is rapidly becoming the new normal, yet established players like IBM, McAfee and H-P are unequipped to offer it – thus fueling a VC gold rush to fund startups in this hot new area.
Here’s where the need for speed kicks in. To analyze all the traffic inside your network, as well as attacks from the outside, you need a ton more processing power than most companies deploy now. You need not just big data – a darling tech-concept throughout the last few years – but fast data, the concept we expect to hear tons more about in 2016.
Fast data is big data analyzed at lightning speed. You could even say it’s big data rendered useful, in real-time. To gain such computing speed and power, most companies are turning to the cloud, which can provide computing power way more cheaply and efficiently than on-the-ground data centers.
Yet many cyber-security execs have long been wary of the cloud. Moving sensitive data outside of a firewall, particularly for companies in finance and healthcare, feels too risky. But the need for greater computing power makes moving to the cloud imperative. New, behavior-based security threats mean the volume of traffic firms need to analyze fast is growing exponentially.
You can only crunch data as fast as the servers available to you. Cloud-based services like Amazon Web Services, by contrast, provide almost infinite computing power, and they can scale up instantly, on demand. Once you’ve got enough computing power to crunch your internal big-data, what should you look for? Here’s where artificial-intelligence technologies enter the security game, seeking out tell-tale deviations from normal patterns of network activity. Many deviations prove harmless upon deeper investigation – but a handful will not. AI makes this process of investigation both faster and more efficient.
The threats organizations face today are far more difficult to spot than a frontal assault on a firewall. Take Juniper Networks, which recently discovered a back-door vulnerability in its VPN product that was probably hacked by a sophisticated player like a nation-state. This vulnerability may have left U.S. government servers open to hackers for four years. Recognizing such threats rapidly requires fast-data processing muscle that the cloud is built to provide.
Cybersecurity threats evolve fast. Shouldn’t your response evolve just as quickly?
Greg Martin is the CEO of Silicon Valley cybersecurity startup JASK. He previously led the professional services practice for ArcSight, an H-P company, and founded ThreatStream
This article was written by Frontline from Forbes and was legally licensed through the NewsCred publisher network.