The Evolution of Cyber Security

Benefits of SOAR Technology and Artificial Intelligence

EXECUTIVE SUMMARY

Cyber threats will become potentially more harmful as algorithms are employed and artificial intelligence becomes pervasive in affecting aspects of everyday life and business. Unfortunately, as hackers become savvier, it’s not enough for a corporation to secure network systems to react to malware threats minutes and hours during or even days and weeks later after their network devices are compromised. One of the biggest problems in the cyber security industry today is that security operations teams are increasingly managing a profound amount of incoming threat data as well as having a shortage of skilled IT staff to address cyber-attacks. This often translates into IT departments being operated by a smaller number of technically skilled people, leading to cyber fatigue. Adequate training is also a concern. These facts combined with the pressure to adopt new technologies as budgets are shrinking is particularly concerning as the threat landscape becomes more complex. Thus, it is essential that organizations utilize proactive security, orchestration, automation, response (SOAR) technology and the comprehensive automated intelligent real time mitigation capabilities across their data networks to keep up with the growing sophistication and organization of well-equipped and well-funded cyber criminals and state-based threat actors.

A recently patented SOAR technology represents a significant evolution in cyber security that essentially provides security teams customizable (risk) controls to streamline and accelerate the investigation and neutralization of cyber threats. SOAR allows IT teams to reduce their risk management resources and the need for human intervention required to respond to security incidents when identifying network breaches. The functional elements of SOAR’s automated intelligence and deep machine learning technology enables the identification of anomalous traffic and patterns, correlate data across systems and perform behavioral risk analytics on users and entities near real time.

Distributed Denial of Services (DDoS) attacks over 5Gbps grew by 967% over the past year. Concomitantly, attacks under 5Gbps increased exponentially and increased by 257% last year. The exploitation of smart devices and IoT devices, as well as cyber-criminal innovations are leading to more frequent and complex multi-vector attacks. This dramatic increase in attacks and their size is the result of attackers amassing complex giant botnets including insecure IoT devices. Multi-vector attacks combined with high volume floods, including application-layer attacks and TCP-state exhaustion attacks are increasing attackers’ chances for success.

Ransomware in the U.S. is forcing cities, counties, states, businesses, universities, and enterprise telecommunication companies into tough choices. Either pay the ransom and encourage criminals to continue bringing essential services to their knees, or refuse and be left with a massive cleanup bill. SOAR helps security operations teams effectively secure the network perimeter of businesses, governmental agencies, and universities by optimizing their ability to detect and respond to threats (both ingress and egress) faster, quantify key performance indicators, and reduce day-to-day workload through improved intelligence and reporting, streamlined workflows and automated response playbook actions.

INTRODUCTION

Today, municipalities, universities, and corporations must employ cybersecurity systems that manage new hacking threats by taking a holistic view of their entire network data ecosystem and choose how to best protect the privacy and security of their digital data assets. So, what is hacking? Hacking refers to activities that seek to compromise network data, by compromising the digital devices, such as computers, smartphones, tablets, and even entire networks that transport data. And while cyber hacking may not be malicious, nowadays most references to hacking and hackers, is characterized as unlawful activity by cyber-criminals motivated by financial gain, protest, information (spying), and just for the “fun” of the challenge. More concerning is that cyber hackers have begun to use automation including artificial intelligence to carry out attacks at speeds that are effective at circumventing security command and controls. Therefore, proactive response capabilities are essential to the security of today’s networks and they must be more than anticipatory. Automated Intelligence (AI) and SOAR are not only the next generation advancement in cybersecurity, they are the evolutionary approach to protect networks going forward. (Figure 1).

CYBER SECURITY EVOLUTION MODEL

Cybersecurity in practice, is reactionary. CyberSafety however, is not a reactionary response to a threat, but rather the proactive anticipatory preparedness of AI/SOAR technology (Figure 1).

Figure 1. Cyber Security Model defining the evolution of security technology toward CyberSafety technology utilizing automated intelligence (AI) and SOAR technology. Adapted from Johnson, 2019.

The basis for the anticipatory cyber safety approach evolved from combining software defined networking (SDN) methods with security automation and automated intelligence. Traditional networking is being progressively replaced by SDN capability that enables dynamic programmable networks. It is the new promising approach to designing, building and managing more secure networks. Although SDN promises more flexible network management (Vizv´ary and Vykopal, 2014), the real answer lies within today’s SOAR orchestration, automated intelligence and deep learning risk aware security. Thus, the combination of SDN and SOAR AI deep learning will outpace conflict between cyber-attacks vs. cyber defensive systems.

REFERENCES

Allyn, B. 2019. 22 Texas Towns Hit With Ransomware Attack In ‘New Front’ Of Cyberassault. https://www.npr.org/2019/08/20/752695554/23-texas-towns-hit-with-ransomware-attack-in-newfront-of-cyberassault.

Bayern, M. 2018. Advanced DDoS attacks up 16% from last year: Watch for these methods. https://techrepublic.com/article/advanced-ddos-attacks-up-16-from-last-year-watch-for-these-methods

Belding, G. 2019. Threat Hunting for DDoS Activity and Geographic Irregularities. InfoSec. https://resources.infosecinstitute.com/category/enterprise/threat-hunting/iocs-and-artifacts/threat-hunting-for-ddos-activity-and-geographic-irregularities/#gref.

Chadd, A., 2018. Network Security. (7): 13 – 15.

Cimpanu, C. 2019. No municipality paid ransoms in ‘coordinated ransomware attack’ that hit Texas. https://www.zdnet.com/article/no-municipality-paid-ransoms-in-coordinated-ransomware-attack-that-hit-texas.

Crowley, C. Common and Best Practices for Security Operations Centers: Results of the 2019 SOC Survey. SANS Institute. https://www.sans.org/media/analyst-program/common-practices-security-operations-centers-results-2019-soc-survey-39060.

Demopoulos, R. 2019. CTO CloudCover USA. Minneapolis MN.

Donner, H., Steep, M., and T. Peterson. 2019. Crossing the Urban Data Layer: Mobility as a Data Generating Activity. Stanford School of Engineering Disruptive Technology and Digital Cities Program.

Johnson, J. 2019. Cybersecurity maturity model lays out four readiness levels. https://searchsecurity. Techtarget.com/tip/Cybersecurity-maturity-model-lays-out-four-readiness-levels?src+5923837&asrc+EM_ERU_116181485&utm.

Mahjabin, T., Xao, Y., Sun, G., and Jiang, W. (2017). A survey of distributed denial-of-service attack, prevention, and mitigation techniques. International Journal of Distributed Sensor Networks, vol. 13, 12.

Nazario, J. 2008. DDoS attack evolution. Network Security (7): 7–10.

Netscout, 2019. NETSCOUT Arbor’s 13th Annual Worldwide Infrastructure Security Report (WISR).
Paul, F. 2019. “Six IoT predictions for 2019”. Network World. https://www.networkworld.com/article/3330738/six-iot-predictions-for-2019.html 174.

Ponemon, L. 2018. Cost of Data Breach. https://securityintelligence.com/ponemon-cost-of-a-data-breach-2018.

Raymone, A.D., 2019. Major DDoS attacks increased 967% this year. https://www.techrepublic.com/article/major-ddos-attacks-increased-967-this-year.

Su, J. 2019. Why Cloud Computing Cyber Security Risks Are On The Rise: Report. Forbes. https://www.forbes.com/sites/jeanbaptiste/2019/07/25/why-cloud-computing-cyber-security-risks-are-on-the-rise-report/#1d28acf85621.

Tabassam, J. 2017. Security and Privacy Issues in Cloud Computing Environment. J Inform Tech Softw Eng., 7:5.

Vizv´ary, M., and J. Vykopal. 2014. Future of DDoS Attacks Mitigation in Software Defined Networks. In., Monitoring and Securing Virtualized Networks and Services. (8): 123-127.

1 US Patent Office No. US 10326777 B2 covers the Internet technology used to identify threat, security orchestrate, automate, and apply incident response utilizing SOAR technology to automatically generate in millisecond, custom rules directing one or more of its defensive module technologies to prevent subsequent communication traffic from specific sources from infecting a customer’s protected network.

ACKNOWLEDGMENTS

The author is thankful to Jim Libersky, Robert Demopoulos and Marc Weintraub for their support and technical assistance during the writing of this paper.

© CloudCover 2019 All rights are reserved.