In the new world of cyber security, we are re-learning these nursery lessons. The sharing of attack information is a good thing. There is an increase in awareness and activity around the sharing of cyber capabilities among companies, interest groups, developers and users. We are re-learning that certain types of sharing are beneficial to all. In the field of cyber security, in fact, sharing is becoming tantamount to survival.
Technologies such as adaptive machine learning can block malware attacks before they take root. Adaptive learning allows networks to learn traffic patterns and isolate anomalies before they become embedded in devices and servers. This changes the network protection game from mitigation, remediation and recovery after attacks to blocking potential attacks based on a better understanding of network behaviour.
The more data that organisations collect about ordinary network behaviour versus malicious traffic, the more accurately and efficiently the blocking technology will perform. As governments learn about new vulnerabilities, and share that data with commercial organisations, the attack windows will close faster and the base line for discovery of anomalies is reset. Further, as more and more real traffic data is broadly shared, the machine learning curve becomes steeper.
Machine learning technology is a general term referring to data collection and processing, then taking action based on the information received. It can be performed off-line where batches of information are collected and reports are generated. Another type of machine learning is done real time. This allows the appliance to collect data, process it immediately and quickly take action based on the results. Real-time adaptive learning is a fast-growing market in cyber security.
An appliance can be directly connected to network links and monitor real time traffic flows. While monitoring the traffic throughput, the appliance is processing the information and making determinations about the traffic it sees. The appliance learns normal traffic patterns and constantly updates these standards. Since users and traffic patterns are always changing, the appliance is also changing the definition of “normal”. When traffic that passes through the appliance is determined to be unusual, the traffic can be blocked based on predetermined profiles. These appliances may also store attack profiles to quickly identify threatening traffic.
Adaptive machine learning appliances are an important step forward in the battle against cyberattacks. However, these appliances must be attached to network links in real-time in order to collect, process and block malicious attacks before the damage is done. When the appliance is directly connected to the network link, (in-line) there is a risk of network blockage if the appliance goes offline for any reason. Multiply that risk by the number of protected links and the network availability can be significantly compromised.
One way around the availability dilemma is to use in-line TAPs to connect the adaptive learning appliances. At Network Critical, we know that in-line TAPs provide real-time connectivity and traffic visibility to the appliance. They also provide by-pass technology that will keep the network active and available even if the appliance goes offline. Further, the TAP is protected from power failures by high speed relays that will keep the in-line traffic passing through even if power is lost. These are some of the key reasons why our customers rely so heavily on TAPs.
This is also where the learning to share from our time at nursery comes back into play. Real time adaptive learning appliances work best with current attack profiles to test against real time network traffic. The more sharing of data among all industry participants, the better these appliances will perform. Government, business, industry forums, security experts and other interested groups need to re-learn information sharing to fight the menace of cybercrime.
A few promising examples include the UK Cyber Security Sharing Partnership (CISP). In the United States, the Department of Homeland Security has developed and implemented a number of cyber sharing programs. The European Union Agency for Network and Information Security offers a list of good practices that aim at securing an Internet infrastructure from important specific threats. ISACA, an international professional organisation focused on the security of information systems, has 200 chapters around the world. These continued efforts to globally share information will continue to help shrink the threat landscape. New technologies such as adaptive machine learning will use that information to develop strong network defenses against cyberattacks.
So, what we learnt in nursery was right. Sharing is good.