Cybercrime is more organized than ever before. If you are in the industry of Cybersecurity, you see everyday more and more companies that are victims of a highly coordinated DDoS attack or you see highly-targeted data breach, which cost 3.8 million like average. So, if hackers are getting more sophisticated, companies that are want to be protected, need to take a bold approach and to make contracts for a robust security programs for this. Greg Day and Bryce Boland, from FireEye, made a great post explaining how to quanlify the economic return from Cybersecurity solutions; and based in this approach, I think that every serious company with Enterprise customers need to think deeply on this.
But, How could you take this approach? Is any available solution to provide Real-Time detection of attacks? The simple answer is: YES. The not-so-simple answer is a little more complicated: to accomplish this difficult task, a modern Cybersecurity solutions needs to be based in the principles described by Dr. Hossein Eslambolchi (former Head of Research at AT&T Labs and a well known Cybersecurity expert): 3P (Proactive, Preventative and Predictive). Many security solutions could fulfill the first P, but the next two are more complicated, because here is where comes to play Advanced Analytics using Data Mining and Machine Learning techniques in Real-Time. This combinations of techniques and methods, could be something Dr. Eslambolchi defined like: Anomalytics. What is this, and more importantly, who is in the frontline of Anomalytics? Keep reading to find out.
First, What is Anomalytics?
I heard for the first the term reading the post of Dr. Eslambolchi called: Anomalytics & Cyber Security in the 21st Century, where he defined it like:
My current project is focused around “Anomalytics,” an expression we have termed to describe the use of streaming analytics to detect anomalous device behavior in the data center and large scale enterprise networks. While we have made remarkable advances in computer processing, applications and networking in the last decade, our ability to protect and secure these assets has simply not kept pace.
I said: OK, this is very good, but it’s hard to accomplish. So, I began to getting even deeper in this term. I stopped in the site of the Dr. Eslambolchi’s company, which is called CyberFlow Analytics, where there is a deeper explanation of the term:
CyberFlow has developed a new technology innovation called “Anomalytics™”. Anomaly detection through Advanced Analytics that detects the anomalies in your network created by attackers as they attempt to move across your network and steal your data. The product is called FlowScape and has been embraced by many organizations over the last several years. By using a convergence of big data streaming analytics, cyber intelligence, and visualization CyberFlow cuts through the noise and identifies high-risk anomalies in your network. These anomalies are an activity outside the business or industrial process that is machine learned as “normal” and could be insider policy violations, equipment misconfigurations/failure, or a very sophisticated cyber breach. Analytics for anomaly detection (anomalytics) is important to facility operations, network operations and security operations staff, especially for the Industrial IoT environments.
Reading this, you can see that CyberFlow Analytics could cover a lot of use-cases, but I’m particularly interested in the security of one sector: Internet of Things. IoT devices are here among us: from connected cars to thermostats, from air cleaners to smart alarms, and if you see the current state of connectivity stats of these devices, you will see that it’s just growing exponentially.
But there are some concerns about this massive growth: many manufacters are not using good security practices and in many industries, there is a lack of standardization to approach security. FTC released a very good report looking to improve the security of IoT devices, and I think every company interested to develop this kind of devices, should read it. And if I can’t convince you, just read OpenDNS’s 2015 Internet of Things Security in the Enterprise Report, and you will understand that there is a lot of work to do respecting the security of IoT devices.
Now, Why CyberFlow Analytics is a leader in this space?
They are leaders in this space because they are approaching this problem with an unique solution based in complex mathematics models that gather anomalies and give them a potential security risk. I just try to explain this in simple terms but this is one of the hardest problems in Cybersecurity, mainly because in a network, first you have to identify a good behavior and a bad behavior, but how to accomplish this, and how to detect false positives? Based in what Dr. Eslambolchi explained on his post: this could be modeled and detected using maths and analytics; and if they are doing this with more than 75% (just to mention a number, I don’t know the exact statistic) of accuracy, this could be the future of IoT networks protection.
Data Visualization done right
Another good thing about CyberFlow is the chance to show all the detection in a very focused visualization, where Security Managers could see in Real-Time what’s happening in their inside network, and to act immediately according to the involved threat. CyberFlow can detect when an Advanced Persistent Threat is happening, for when a botnet is trying to capture some devices from the network. This is huge for any involved in Security of a corporate network, because with these tools, you could lower two of the most critical metrics in CyberSecurity: Mean-Time-To-Detection (MTTD) and Mean-Time-To-Containment (MTTC). If you want to see all this in action, I recommend you to see this video:
Thinking in integration with the future of Networking
Another critical point why CyberFlow is doing a remarkable work is the possibility to work together with the future of networking technologies like Software Defined Networking (SDN) and Network Function Virtualization (NFV). This is important, because with the current expansion of computational power, data centers installations and a global networking expansion, these technologies comes to play a key role on this expansion, and they are taken the right steps to integrate CyberFlow’s FlowScape to this new kind of technology. Just read what Dr. Eslambolchi said about this:
We are taking further steps to ensure CyberFlow technology is integrated with SDN technologies like Open Flow and Cisco Application Centric Infrastructure (ACI). We see our security analytics as a pervasive technology embedded in every network and data center, especially with the new focus on control of abstracted flows in SDN and NFV.
CyberFlow’s FlowScape embrace Virtualisation and Containers
FlowScape is a completely virtualized solution, which can be used with Vmware ESXi and with Docker-based containers, so it could be expanded quickly and without effort in an easy way. This is important in the current state of IT deployments, because many companies are embracing the benefits to deploy their solutions using Linux containers, and mainly Docker, for the rapid development/deployment cycle it provides for anyone. So, for that reason, I think that this is one of the most powerful features of the product, because it can be installed in almost any Cloud computing platform available today: if you want to use it with Amazon Web Services, you can use Amazon EC2 Container Service for it, or if you can use it with Google Cloud Platform, you could use its Container Engine for it.
CyberFlow Analytics has built a solution for the current state of Cybercrime, ready to use it from anywhere, and I think that they are just starting in this journey, but based in my own perspective of the future of the market, I think they are in the right path. Always I finish this kind of posts with some information if the company is hiring right now, and in fact, they are:
so if you want to be part of this great team, I encourage you to see these two available positions. Thanks for your time.