Consensus Theory Machine Learning reduces "Cyber Ghostbuster" Missions

[fa icon="calendar"] Aug 20, 2017 2:06:23 PM / by Rob Scholl CISO @RISK

Rob Scholl CISO @RISK

As a CISO, my challenge has been to reduce the number of alerts by filtering out the noise generated by a myriad of data sources.  I have to balance the latest "good idea" checklists and frameworks with the budget and staff that I have already.  As an Information Security expert, I have discovered that it is costly both financially and organizationally in staff morale to constantly having to conduct "Ghostbuster" missions that end like bad comedy through chasing ghosts in a machine that alerts us constantly and points us to a dead end.

Whether your organization is in the Mid Market or in the enterprise, the idea for building a security operations center (SOC) is based upon a kind of Cyber Quick Reaction Force (CQRF) that is able to respond quickly to identified threats.

Conceptually, the idea is to leverage the telemetry from many different data sources and look for cognitive cues that forensically limit the number of "ghostbuster" dead end remediation tasks by Information Security Staff.

Unfortunately the cyber data sprawl generates an estimated 200,000 pieces of security event data per day, according to IBM research. However, only a tiny percentage of those events require immediate action. Because alerts lack context, security teams must treat each equally. That means the average enterprise "wastes more than 20,000 hours per year on malware containment alone," according to a Ponemon Institute report.

Network Consensus solves 2 big problems

Without automating digital forensic investigation, there aren't enough people to accomplish the tasks required for effective Cyber Security remediation. This is due to 2 reasons:

  • Cyber Stove Pipes due to fragmented Industry appliances
  • Shortage of skilled analysts

Cyber Stove Pipes and Chemistry??

The cybersecurity industry remains fragmented, creating integration problems, orphaned products and training overhead.  The problem is the potential to share data or functionality with other cyber systems is immense.  If we could calculate the Potentials of creating a "cyber covalent bond" between appliances then the very nature of sharing cyber data electron pairs between their appliance "atoms" would transform our current constrainsts into opportunity.  With this apporach we are able to forecast the balance of the attractive and repulsive forces between appliances generating the current data sprawl.  As Information Security experts we need to build or buy a better system that can transform the systems we've procured (or what we've inherited) that were

  1. Developed by their vendors to only solve a specific problem characterized by a limited focus and functionality
  2. Designed to contain data that cannot be easily shared with other systems
  3. Deployed with little integration

@RISK has built a technology that provides an organization with a thinking and adaptive Cyber Security Power House that is graphically displayed in what it calls InVictus:

 consensus_input_Fig_1.png

Solving the hiring problem??

For an industry that already faces a shortage of skilled worker — a gap that’s estimated to reach 1.5 million professionals by 2020 we need automation to offset our budgetary challenges.  Even if we do have the budget there aren't enough people to respond to the problem, adding to the problem is the increased percentage of organized efforts to place insider threats.

The effective approach to a next generation Cyber Security Product is to use automation to enhance an analysts’ ability to fill gaps in intelligence and act with speed and accuracy. Automating Digital Forensic Investigation using Machine Learning based on Consensus Theory finds connections between seemlingly unrelated events and hidden intersections amongst massive data sprawl generated by appliances and netflow allows humans to more quickly and confidently tackle cyberthreats.
consensus_staff_automation.png

A cognitive assembly of best human-in-the-loop processes built on IBM technology and a cognitive architecture integrates advanced cognitive technologies with leading security industry appliances with advanced analytics to forecast and reduce the likelihood and impact of sophisticated threats across cloud, networks, endpoints and users.

@RISK Technologies leverages Big Data Analytics and IBM Watson to enable:

  • data to find the data and the Cyber Analyst to find the relevance

Context helps to find threats that were previously bypassing organizational defenses and relevance makes the discovery actinoable by placing these insights, patterns and security incidents into crayola crayon simple context.

@RISK's InVictus hybrid cloud and its distributed cognitive systems theory approach to security uses intelligent technologies such as machine learning and natural language processing.  Hardware and Software is fused to mimic the way the human brain functions, because of Machine learning, InVictus  gets stronger over time, learning with each interaction, and getting better at proactively stopping threats. 

The Power of Network Consensus is real

The centerpiece of @RISK's Hybrid Cloud approach combines industry’s leading security analytics platforms, with the cognitive capabilities of its Invictus technology to automatically forecast, investigate and isolate security incidents through Network Consensus. InVictus augments security analysts’ expertise stored as cognitive maps in a cognitive library to uncover hidden threats and automate only the actionable insights. Security analysts, armed with this collective knowledge and instinct, can respond to threats with unprecedented speed and accuracy.

InVictus is based on using cognitive computing to automate Digital Forensic Investigation (DFI). In simple terms, it is designed to simulate the human thought processes normally associated with experts performing DFI. These processes are stored in a computerized model and surfaced through algorithms configured in the right order and logic to defend Privacy using next generation Cyber Security. 

InVictus also relies on other proven principles, it uses what organizations already own. The @RISK Network Consensus approach collects individual appliance and network element telemetry data using its Invictus Collect and Connect Big Data technologies. In the @RISK solution, enterprise technologies and cyber appliances provide data data feeds for continuous monitoring while specific A.I. is able to automate digital forensic investigation in the background and enable a singular view of threat while making responses timely and actionable thereby reducing risk. It pinpoints malicious behavior and delivers targeted remediation to the compromised endpoints within minutes, cutting off attacks before they have a chance to spread.

When tied to Industry proven frameworks and incident response playbooks, clients can quickly and accurately automate and orchestrate threat response across the entire organization. 

@RISK is a leader in the Cognitive Security Era

@RISK follows highly methodical and automated approach that outlined in a strategic, multi-phased RoadMap hosted in a Platform.   The Road Map is tailored to each organization based on an Attack Surface Measurement specific to that organization.  @RISK Road Map, is conducted in the context of an ongoing Privacy by Design Effort. A ScoreCard provides a visual tracking of the progess against the RoadMap while providing overarching framework that ensures all activities and operations are synchronized to achieve tactical, operational and strategic objectives.

A RoadMap operationalizes the appliances you already own, reduces the Ghostbuster missions your overtaxed staff don't need to chase, and it creates a new kind of privacy by design through its ability to organize and align available resources. 

Topics: Cyber attack surface, Cybersecurity requirements, MainStreet USA, MME, Privacy by design