We learn at nursery age that sharing is good. However, kids are not naturally programmed to share fun toys with others but we teach them that sharing is good and that sharing is fun. As we get older, we learn that keeping certain information to ourselves is the new rule. As we transition upwards to primary and secondary schooling, we learn not share test questions and answers. Later on, in business, we sign confidentiality agreements prior to being hired. Confidentiality is ingrained in our very soul. Passwords protect our phones and computers. Knowledge is power. Sharing knowledge is sharing power. Who wants to share power?
In the new world of cyber security, we are re-learning these nursery lessons. Sharing of attack information is a good thing. There is an increased awareness and expanding activity around sharing of cyber capabilities among companies and interest groups; among developers and users. We are re-learning that certain types of sharing are beneficial to all. In the field of cyber security, in fact, sharing is becoming tantamount to survival.
Technologies such as adaptive machine learning can block malware attacks before they take root. Adaptive learning allows networks to learn traffic patterns and isolate anomalies before they become embedded in devices and servers. This changes the network protection game from mitigation, remediation and recovery after attacks to blocking potential attacks based on a better understanding of network behaviour.
The more data organisations collect about ordinary network behaviour versus malicious traffic, the more accurate and efficient the blocking technology will perform. As governments learn about new vulnerabilities and that data is shared with commercial organisations attack windows will close faster and the base line for discovery of anomalies is reset. Further, as more and more real traffic data is broadly shared, the machine learning curve becomes steeper.
Machine learning technology is a general term referring to data collection, processing and taking action based on the information received. It can be performed off-line where batches of information are collected and reports are generated. Another type of machine learning is done real time. This allows the appliance to collect data, process it immediately and quickly take action based on the results. Real-time adaptive learning is a fast-growing market in cyber security.
An appliance can be directly connected to network links and monitor real time traffic flows. While monitoring the traffic throughput, the appliance is processing the information and making determinations about the traffic it sees. The appliance learns normal traffic patterns and constantly updates these norms. Since users and traffic patterns are always changing, the appliance is also changing the definition of “normal.” When traffic that passes through the appliance that is determined to be unusual, the traffic can be blocked based on pre-determined profiles. These appliances may also store attack profiles to quickly identify threatening traffic.
Adaptive machine learning appliances are an important step forward in the battle against cyberattacks. However, these appliances must be attached to network links in real-time in order to collect, process and block malicious attacks before the damage is done. When the appliance is directly connected to the network link, (in-line) there is a risk of network blockage if the appliance goes off line for any reason. Multiply that risk by the number of protected links and the network availability can be significantly compromised.
One way around the availability dilemma is to use in-line TAPs to connect the adaptive learning appliances. Here at Network Critical we know that in-line TAPs provide real-time connectivity and traffic visibility to the appliance. They also provide by-pass technology that will keep the network active and available even if the appliance goes off line. Further the TAP is protected from power failures by high speed relays that will keep the in-line traffic passing through even if power is lost. These are some of the key reasons why our customers rely so heavily on TAPs.
This is also where the learning to share from our time at nursery come back in to play. Real time adaptive learning appliances work best with current attack profiles to test against real time network traffic. The more sharing of data among all industry participants the better these appliances will perform. Government, business, industry forums, security experts and other interested groups need to re-learn information sharing to fight the menace of cybercrime.
A few promising examples include the UK Cyber Security Sharing Partnership (CISP). In the United States, Department of Homeland Security has developed and implemented a number of cyber sharing programs. The European Union Agency for Network and Information Security offers a list of good practices that aim at securing an Internet infrastructure from important specific threats. ISACA, an international professional organisation focused on the security of information systems, has 200 chapters around the world.
These continued efforts to globally share information will continue to help shrink the threat landscape. New technologies such as adaptive machine learning will use that information to develop strong network defences against cyberattacks. So what we learnt in nursery was right. Sharing is good.