No Escape Plans when it comes to security at Amity Campus

GURGAON, INDIA: Ray Breslin may be a man determined and gifted at breaking the most ruthless prisons of the world, but he finds an unusual friend in Emil Rottmayer. In Escape Plan, when Breslin (Sylvester Stallone) gets into a friendly sparring with Rottmayer (Arnold Shwarzenegger), the two determined inmates make sure they leave no stone unturned (literally indeed)

Breslin: "This was a setup. Somebody wanted to bury me."

Rottmayer: "You have a choice. You can die in here or you can get out and punish who put you here."

Breslin: "I'm going to find out who and I'm going to find out why."

Rottmayer: "Let's do it."

Breslin: "I need a diversion."

Rottmayer: "Okay. If I don't get out, I kill you."

Breslin: "Fair enough"

Whether Breslin succeeds in breaking an almost impossible-to-escape-from merciless ship of thick-skinned cells or not, would be something you can find out for yourself. But Breslin’s recipe is almost flawless – think like a prisoner and only then you can find out the weak chains, or tiny nuts in your so-called break-proof system.

Dr J S Sodhi, AVP, CIO and Director, Amity Education Group looks like someone who has been deploying that very kit of skills, far-sightedness and acumen when it comes to being pre-emptive in finding out holes in security forts. Yes, you guessed it well; the operative word is of course- ‘Pre-emptive’.

Security and Education Vertical: How well-cemented?

As a vertical, Education has been a very odd one for the security market. On one hand, there is a harmless air about it – after all what can anyone steal from here? On the other hand, the increasing tech-savviness on both sides of the classroom calls for stripping off some leaden attitudes that campuses may have afforded till now.

In its report ‘Education IT market in the US 2015-2019’ ‘Research and Markets’ forecasted the Education IT market to rise at a CAGR of three per cent over the period 2014-2019 in the US.

This slice of spending was supposed to come due to investment incurred on the deployment of IT infrastructure in elementary schools, secondary schools, colleges, universities, and centers of specialized learning, large data analysis, information management, and streamlined operational processes to increase productivity and efficiency.

The report also noted high adoption of tablets and other mobile devices by school managers, teachers, governments, parents, students etc. and a trend worth attention.

It felt that one of the major drivers of the market is the implementation of IT security and cloud-based solutions and that network infrastructure in schools and colleges requires innovative and customized IT security solutions.

India too has emerged as an important educational center in the global education landscape and by an IBEF account, its online education market size was expected to touch $ 40 billion by 2017. In fact, a RNCOS report titled, ‘Booming Distance Education Market Outlook 2018’ pointed that the distance education market in India could grow at a CAGR of around 34 per cent during 2013-14 to 2017-18 and also noted government’s goal to raise its current gross enrollment ratio to 30 per cent by 2020.

Juxtapose this with India’s inaugural National Cyber Security Policy that was reckoned seriously in 2013 and hailed as by and large a step in the right direction. When the Department of Electronics and Information Technology released India’s first National Cyber Security Policy in 2013, there were some criticisms also like a lack of coordination among government cyber security entities, non-clarity on how the public and private sector co-operation can work for cyber security information and on the question of liability for high-impact cyber attacks.

As per a study my ‘Markets and Markets’, the cyber security market is estimated to grow from $95.60 billion in 2014 to $155.74 billion by 2019, and in the current scenario, aerospace, defense, and intelligence vertical remain big contributors to cyber security solutions. The segmentation here entails network security, endpoint security, application security, content security, wireless security, and cloud security; data loss protection, unified threat management, firewall, antivirus and anti-malware, DDoS mitigation etc. When you look at vertical segmentation here, you can spot aerospace, defense and intelligence, government (excluding defense) and public utilities, BFSI, telecommunication, healthcare, IT consulting, retail, manufacturing, but education, well that one remains conspicuous by its absence in this ladder.

The ‘Research and Markets’ report had highlighted that one of the major challenges that the market faces is the lack of qualified IT professionals to handle updated, advanced IT infrastructure, hindering the adoption of technology and smart ways of learning by educational institutes.

Are Professors weak targets? Or the other way round?

Do not be surprised to read about radical experiments and impact achieved by names like Ben Gurion University. Its tent pitched well in Israel, the campus has been spreading its name globally due to intriguing stories of how it has been quietly developing cybersecurity prowess for a decade.

Whether it is trying new models of public-private collaboration on ATP, a partnership with Deutche Telekom, or other modes, the university team has reportedly been attacking important security issues in the tech world today—especially social media and mobile computing.

As reported in some tech-articles, Dr. Yuval Elovici, a Professor in BGU's Department of Information Systems Engineering and his team have been hopping from one question to another – from being asked to analyse security confidence of Android to the privacy issues of social networks to even generating a coded solution like the Social Privacy Protector.

Not only that, BGU researchers have also been intensely working on tackling Advanced Persistent Threats (APTs), honeytokens and what not.

Now read what Amity Campus has been trying to do right here in India and chances are that you will start drawing parallels between Dr. Sodhi and Dr. Elovici or stretching your imagination further by comparing him with a Breslin.

Problem Area: What this Jail looked like

Amity is a well-known education group of India with over 1,00,000 students studying across 1000 acres of hi-tech campuses spread over Delhi, Jaipur, Lucknow, Noida, Ghaziabad , Gurgoan and many National & International Campuses across the Globe.

The undercurrents of Amity team’s award-winning National Cyber Alert System run deep and long. Cyber threat is clearly one of the biggest issues India is facing but despite a plethora of solutions, fire-wells and the whole security enchilada, very few are doing analysis of attacks or malwares precisely. Dr. Sodhi wanted to achieve this minute level of accuracy –an understanding level that goes beyond ‘how much has been spent on security’ to a new level -who is targeting us, why he is targeting us, how he is targeting us, how to use these information for defensive as well as offensive purposes. “We wanted to create this on national level.”

He started nursing this idea with a multi-pronged intent - To stop and deflect attacks and targeted malware to Amity’s IT Infrastructure; to generate real time alert of attacks and identify domain infrastructures that are being targeted; to collect malware & attack logs, do research analysis and bring Intelligence Report to forecast future attacks, attacker and attack patterns and something bigger and bolder - to safeguard nation’s IT infrastructure and hence internet community.

Eventually, CCFIS Team under the wings of Dr. Sodhi successfully innovated & developed “Advanced Threat protection CCFIS Sensor”. This was a Malware and Targeted Attack Capturing Appliance and interestingly something for which has a patent has also been applied. It has been tested by deploying ATP CCFIS Sensor at over 11 Nos. National and International Amity locations and it has delivered excellent results, as Dr. Sodhi happily shares.

Attack strategy: Arming oneself well

The Project was deeply researched and innovated by Amity Cyber Security Team. In due course, Advance Threat Protection Sensor (ATP-Sensor) technology shaped up as an in-house conceptualized and developed solution.

The idea was simple but something that spotted a sneaky hole in security dykes. Traditional firewalls and security solutions do block general attacks, but when it comes to several targeted attacks they may falter.

“Targeted attacks are attacks specially designed for target after thorough study of almost everything about target network infrastructure. In general attacks, hackers’ malwares and bots, float over the internet. Such malwares are blocked by general firewalls, IDS, IPS, anti-viruses and various other security solutions. However, the worst condition arises when the attacks are targeted. An attacker knows your infrastructure, he is well informed about the model of your firewall and antivirus you have installed. Thus he will make sure that his malware or attack is not detected by any of your security systems before sending. We found that not much research has been done in the area of targeted attack. Hence, we have done lot of research and developed an Advanced Threat Protection CCFIS Sensor, which deflects the attack and capture Malware & Targeted Attacks.” He sketches the full picture.

There was an added element of generating an ‘Intelligent Report’ after log analysis and reverse engineering of captured Malwares which would toss out details like Attackers IP, Attacker Domain, Attack Date/Time, Malicious File Extensions, Code Language, Encryption level hence equipping the team with trends of latest Cyber Threats and details of attacker. The CCFIS ATP Sensors at many Amity locations helped to capture a big tank of malwares and attacks in a small time window.

“These malwares were so sophisticated that they were not detectable by various antivirus companies. If an educational organizational like Amity can receive thousands of targeted attack then think of corporates and others who are actually doing some business. ATP Sensor is most innovative product to secure the IT Network and increase the operational revenue of Organization, thus saving IT Network from Cyber Threats and the Organization Cost.” Dr. Sodhi reflects.

Before-After: Breaking the prison and out in that open air

Most holes and weaknesses of the so-called robust walls have been revealed and shattered. Deployment of ATP Sensor enhanced the Security of IT Network and stopped/deflected targeted Cyber Attacks to IT Network. It helped to capture and analyse attack logs and targeted Malware by reverse engineering as well as to expose Attacker information and to forecast future attacks and attack patterns, with the confidence and finesse of a Breslin.

A few months since its inception, deployment of ATP Sensor under National Cyber Alert System was even protecting all deployed locations every day & month and the road ahead is paved well for a bigger Project- “Ring of Fire (RoF)”.

“In “Ring of Fire” project we intent to replicate our NCAS project in national level to safeguard country’s IT infrastructure. We intend to install in on different ISPs and block targeted & general attacks as well as malwares before entering the country. We also aim to reveal all those malicious IPs form where these attacks are originating. Out team will do reverse engineering of every captured malware to try to find out that what were the targets and intensions of attack and malwares. Our attack analysis team will do analysis of every attack, malicious activity and attack attempts performed in country’s IP and exposes the actual attacker with different graphical intelligence information.”

Experts here will be sending observation and recommendations report monthly to all concerned agencies and an online forum can release updates as soon as any of ATP sensors detected any attack, along with a graphical real-time map will also be created, which will be strategically important for Organization.

Overall catalyst factor: Why it matters to Rottmayers

Dr JS Sodhi who is often perched at one high-octave project or another whether it is setting up of CCFIS, a Cyber Security & Cyber Forensics independent Group/function in his Organization or development of Advanced Threat Protection Sensor by in-house research and innovation or filing key patents or working on smart Solutions like Social Media Intelligence Tool, Online Vulnerability Scanner Tool, Internet of Things (IoT), in-house Malware Research Lab, in-house forensic Research Lab or India’s largest honeypot sensors; is a man determined to spot every loose end.

“Today, our sensors at various locations keep tracking threats and capture emerging viruses. The labs work at re-engineering, find their true degree of strength or threat and report it to National Alert system. We work with other players in industry to create an anti-dose as quickly and deftly as we can.”

Threats, as he says are analysed and watched upon like a weather report dashboard and his biggest and most radical element is the one of collaborating beyond the campus – be it a national body or an AV-vendor. “We detect weather like patterns and from there the job is to make use of them with as much agility as possible and so having a symbiotic mindset helps. It’s free-of-cost R&D nature and sharing with other stakeholders helps us to solve the bigger picture of today’s threat landscape.”

Dr JS Sodhi laid the foundation of Center of Cyber forensics and Information Security (CCFIS) almost a year back, and the major brick here was the core belief that cyber security is a growing concern worldwide because of information technology in personal life and in business, hence it is necessary to secure and protect our country and national technology infrastructure to safeguard future of our country and hence citizens.

Many responsible disclosures, hardware backdoors, software/hardware vulnerabilities, forensic cases have been successfully resolved by using this in-house Forensic & Malware research capability. Examples like Subharti Website Hacking Case (Through UP-STF), Thomson Email Tracing Case, Data Recovery from Fire Incident, Bio-metric Fraud Investigation etc iterate the strengths and acuity that this team harbours.

For the industry too, development of ATP Sensor is claimed as a completely new technology which is an advanced version of honeynet technology. “One can use high-end firewalls, IDS/IPS, antivirus solutions and UTMs but these devices are not sufficient to stop any organization from targeted attacks. Traditional devices can’t stop these attacks. Practically, attacks and malwares can never be stopped from compromising a network, one can only deflect these attacks.” He reasons.

It would be all the more exciting and thrilling to see how this team breaks yet new weak windows and contribute to the cause of solid boundaries and safe fences that we otherwise usually assume to be unbreakable. His vision of taking all these skills and strengths to a national scale adds a good dose of hope and edge to the plot.

Whichever huge wall he ascends next, Dr. Sodhi would just have to remember this line that Lester Clark utters. "Ray Breslin is able to break out of any prison designed by man.”