While on one hand, cyber is positioned to dramatically facilitate the process of knowledge discovery and sharing among people, on the other, companies of all sizes must now secure terabytes and petabytes of data
Cyber 3.0: The Answer to a New Generation of Cyber Challenges
Indeed, given the great velocity, volume and variety of data generated now, the cyber technologies that rely on manual processes and human intervention - which worked well in the past - no longer suffice to address cyber security organizations' current and future pain points, which correlate directly with the aforementioned confluence of hyper-connectivity, mobility and big data. Rather, next-generation cyber technology that can deliver visibility, control and context despite this confluence is the only answer. This technology is achieved by applying machine learning to cyber security and surveillance, and is called Cyber 3.0.
In using Cyber 3.0, human intervention is largely removed from the operational lifecycle, and processes, including decision-making, are tackled by automation: Data is automatically captured, contextualized and fused at an atomic granularity by smart machines, which then automatically connect devices to information (extracted from data) and information to people, and then execute end-to-end operational workflows. Workflows are executed faster than ever, and results are more accurate than ever. More and more facts are presented to analysts, who will be called on only to make a final decision, rather than to sift through massive piles of data in search of hidden or counter-intuitive answers. And analysts are relieved from taking part in very lengthy investigation processes to understand the after-the-fact root cause.
In the future, semantic analysis and sentiment analysis will be implanted into high-powered machines to:
• Dissect and analyze data across disparate networks
• Extract information across distinct dimensions within those networks
• Fuse knowledge and provide contextualized and definite answers
• Continuously learn the dynamics of the data to ensure that analytics and data models are promptly refined in an automated fashion
• Compound previously captured information with new information to dynamically enrich models with discovered knowledge
Ultimately, cyber security organizations are able to better control their networks via situational awareness gained through a complete understanding of network activity and user behavior. This level of understanding is achieved by integrating data from three different planes: the network plane, the semantic plane and the user plane. The network plane mines traditional network elements like applications and protocols; the semantic plane extracts the content and relationships; and the user plane establishes information about the users. By applying machine learning and analytics to the dimensions extracted across these three planes, cyber security organizations have the visibility, context and control required to fulfill their missions and business objectives.
• Visibility: Full situational awareness across hosts, services, applications, protocols and ports, traffic, content, relationships, and users to determine baselines and detect anomalies
• Control: Alignment of networks, content and users with enterprise goals, ensuring information security and intellectual property protection
• Context: Identification of relationships and connectivity among network elements, content and end users
Clearly, these three attributes are essential to keeping critical assets safe from cyber security incidents or breaches in security policy. However, achieving them in the face of constantly changing data that is spread across countless sources, networks and applications is no small task - and definitely out of reach for any principles or practices that rely even partly on human interference. Moreover, without visibility, control and context, one can never be sure what type of action to take.
Cyber 3.0 is not a mythical direction of what "could" happen. It's the reality we will face as the Web grows, as new technologies are put into practice, and as access to more and more devices continues to grow. The future is obvious. The question is: How will we respond?
By virtue of machine-to-machine learning capabilities, Cyber 3.0 is the only approach that can rise to these challenges and deliver the incisive intelligence required to protect our critical assets and communities now and into the future.
(John Trobough is president of Narus, Inc., a subsidiary of The Boeing Company )