Cyber is Polymorphic "so what?"

[fa icon="calendar"] Mar 22, 2017 4:29:58 PM / by Rob Scholl CISO @RISK

Rob Scholl CISO @RISK

Polymorphism.png


INTRODUCTION TO POLYMORPHISM:

Every time you turn on the TV, or view social media, you can’t help but be overwhelmed with discussions around cyber security and hacking. Leaders of agencies, military units, or industries, consistently yield an interesting and recurring theme:

Cyber Security is "polymorphic."  Polymorphism, polymorphic or polymorph, from the Greek words poly ("many") and morphe ("form, shape, structure"), may refer to computing and science,  

  • Cyber Polymorphism represent the ability in computer programming to present the same programming interface for differing underlying forms (data types, classes) and then the substrate of Cyber extends all the way to how it is encoded.
    • Polymorphic code, self-modifying program code designed to defeat anti-virus programs or reverse engineering

CONTINUED:

“Cyber is confusing, ever evolving, and there is a worldwide shortage in cyber security staff.” 

  • Many quietly admit that the concept of Cyber Security and protecting their networks is a confusing. 
    • There is a consistent concern expressed over a gap between what the C-Suite Understands as the issue and how the IT Professionals are able to bridge it.
    • While IT is considered as a "cost" center, justifying increased budgets is sometimes hard to put in terms of risk vs. reward.
      • While more staff may be needed to bridge the gap it is hard to find
        • More and more industry reports cite the fact that the cyber security sector is suffering from a severe skill gap and lack a fused training and qualification strategy resulting in over 1.5 million unfilled jobs worldwide.
        • When staff is sourced internally, these cyber employees lack the needed skills and once they are trained they are quickly recruited away.
    • On top of all this, given the complexity of most networks, the challenge to protect it is equally complex.

Cyber Security is "polymorphic."  Polymorphism, polymorphic or polymorph, from the Greek words poly ("many") and morphe ("form, shape, structure"), may refer to computing and science,  

  • Cyber Polymorphism represent the ability in computer programming to present the same programming interface for differing underlying forms (data types, classes) and then the substrate of Cyber extends all the way to how it is encoded.
    • Polymorphic code, self-modifying program code designed to defeat anti-virus programs or reverse engineering

These cyber issues push executives to worry about increasing vulnerability, consequences of a data breach, and the cost of protecting their network in an era of increasingly complex cybercrime.  More importantly, the C-Suite and Board leadership are looking for a way to balance risk and exposure with business needs.  Armed with this charter CIOs, recognize if they are going to meet that charter, how they deploy their information security team needs to evolve.  Regardless of the techniques, techologies and procedures employed the security posture has to have a positive and measurable impact on their bottom line.  

CIOs, CISOs and Vice Presidents of IT are in an evolving state of designing programs that will build the individual skills of their staff while supplementing with a qualfied and experienced cadre of cyber experts. 

  • The current lack of individual qualification skills available in the market make it difficult for their technical experts to describe the risk in easy to understand and tangible ways to their leadership. This challenge is further hampered by
    • The current data overload is crushing citing the that fact that:
      • There is too much threat data for analysts to keep up with.
      • Sometimes an analyst may see over 25,000 alerts and hour and they are able to only disposition 5 confirmed events an hour.
      • These factors contribute to the time from breach to detection is between 140 to 205 days.
    • Somehow their staff has to be trained and qualified to use a continual improvement strategy that will enable them to overcome these challenges 
    • Unfortunately Cyber staff have become increasing over reliance on security appliances that still seem to allow threats to get in to their network.
      • Those without a Cyber staff are concerned that the organizations they are outsourcing too aren't providing enough information on risk and exposure.
      • Regardless if contractors, MSSPs are used or appliances are in house there is an increased sense of  “appliance fatigue” as the continual swapping to the next big thing, offered by a new cyber appliance, never really solves a problem the older model could not.
        • However, despite each purchase, no one security appliance ever seems to provide an easy to understand and measurable level of potential exposure

CONCLUSION:

 

Cyber is polymorphic in practice and in application.  The @RISK program and techology has been designed from the ground up.  It was created to provide provide an interactive engagement with our customers as we stand in the breach with them to combat an ever evolving Cyber threat. Our team and InVictus technology will mentor, coach and stand by your side to win!

As we discussed above, the confusion of Cyber Security is a by-product of the fact that computer networking is extremely complex.  As the very network is complex, defending it will be complex.   The key for any individual qualification program is to break it down into repeatable elements that are understandable and measurable.

By measuring the Cyber Attack Surface as a multi-dimensional domain @RISK provides a methodical way that elevates an existing cyber team member by leveraging Cognitivie Computing.  

  • Cognitive Computing is accomplished by creating a Cognitive "Library" that stores in memory the the skills, knowledge and ability of world class "hunt" teams used during post forensic analysis and fuses them with pre forensic discovery.

 This approach enables your organization in that it 

  • Augments your staff to create a kind of "Network Consensus" where your existing sytems and appliances are collectively fused into a single pane of glass that provides "left of bang" sense making.
  • Organizationally and collectively fuses, quantifus the risk, and determine organizational exposure to cyber threats and attacks in an easy to understand manner.

This fusion of your team with Cognitive Computing technology trained by qualified experts, organizations will defend their network and provide leadership better understanding of the level of risk they operate at on a daily basis.

The @RISK Cyber Attack Surface Meausrement and Network Consensus approach comes from proven past performance from Cyber Managed Services for the Department of Defense, and US Intelligence communities, and this program that will enable your organization through a program that is stratefied based on your needs:  Annually, Quarterly, Monthly, Weekly or Daily.

  • InVictus will test your network, computers and devices for hidden security vulnerabilities and ranking the threat for the holes they find.
    • We accomplish this by approaching the Cyber Attack Surface from the Attackers view:
      • From the DarkWeb
      • From Attack Surface Reconaissance
      • Past exploits
      • Through forecasting zone field, domains and illicit activity
      • Forecasting new IP Address registration
      • Forecasting Critical Vulnerability Exploits
  • Our team, our technology, our customer's data and their team will synchronize elements in the network so our joint cyber operations team will plug the holes before the bad guys get a chance to exploit them.
  • Our customers will understand advanced concepts in order to present cyber monitoring results to leadership in an easy to understand way.

As the CISO for @RISK Technologies invite you to learn more about our technology and process fusion prototocal that follows a lean Six Sigma process for Cyber Security that will enable your team to measure a continual reduction in risk and exposure.  More importantly we have partnered with global insdustry leaders that can provide additional training we prescribe.


 

Topics: Cyber attack surface, polymorphism, polymorphic