Welcome!

Cloud Security Authors: Kevin Jackson, Elizabeth White, Nishanth Kadiyala, Stackify Blog, Peter Davidson

Related Topics: Cloud Security, @CloudExpo, @ThingsExpo

Cloud Security: Blog Post

The Cyber Security Maturity Model | @CloudExpo [#IoT #Cloud]

Unsupervised Learning In Cyber Security

Cyber Attacks
We continue to see an increasing trend in cyber-attacks in line with the growth of new technologies, and enterprises have to protect themselves. It is critical for enterprises to devise their own measures to protect against cyber-attacks because any tolerance on this front is more than an IT issue but may affect the very existence and the business model of the enterprise. We have seen in a recent incident where a cyber-attack prevented a large enterprise from performing their basic business process.

Limitations of Policy Based Approach
In the past decade to mitigate the risk of cyber-attacks, enterprises usually appointed security officers and they ensured typical Zero Tolerance Policies on their network, applications, processes and people. Some of them include:

  • No access from home
  • No external devices at work
  • No access to the Internet at work
  • No access to production environments from the development environment
  • No exposure of application APIs outside the firewall

Most of these policies resulted from the first principles of security and quality audits and they continue to be relevant, but some of the basic business models of enterprises have changed:

  • Mobility is a part of enterprise business model such that much of the enterprise business is served through mobile devices anywhere, any time
  • Gen Y workforce demanded to work from anywhere, which means access to the systems should also be open from anywhere
  • Internet of Things opened a new set of business opportunities and at the same time opened up the very micro-level component of an assembly pipeline in a manufacturing plant to the external world
  • Social media and crowdsourcing almost becomes part of most business processes like CRM, Warranty Management, and HRMS
  • Cloud is the enabler that enterprises cannot ignore
  • The DevOps model is sweeping the industry so that the barriers between the production environment and development environment no longer exist

With these points in mind, while the traditional approach of policy enforcement mainly through human means still holds good as a base protection, but will not protect an enterprise from all possibilities of cyber-attack, because the options and combinations are so much such that mere policy enforcement will not identify and prevent them.

Machine Learning Approach
As the enterprise becomes digital, which means every touc hpoint and navigation across the enterprise is handled with some sort of a connected device, be it a VPN gateway, directory servers, access card systems, fingerprint recognition systems, network devices and more, we are in the midst of massive flow of machine data when it comes to tracking the cyber-attacks.

Fortunately the advent of cloud and its byproducts, such as Big Data storage and massively parallel processing frameworks, have provided an opportunity for enterprises to tackle the issue of monitoring the security breaches and also to prevent them. This means enterprises adopted the techniques of understanding massive flows of machine data from various sources and found ways and means to find insights out of that data toward possible security breaches and cyber-attacks.

Machine Learning Approach Maturity Models
To fill in the vacuum in the cyber security prevention space as well as to help the enterprises, several Big Data and machine learning solutions have appeared in the market that claim to help enterprises detect and prevent security attacks. So naturally enterprises will find them interesting but at the same time these initiatives involve cost and effort as well as the risk of choosing a solution that may not foresee all the possibilities and yet make the enterprises vulnerable.

The following maturity models will help enterprises understand the capabilities of the solutions that they will employ to tackle the cyber-security threats.

Level I (Preventive/ Rule Based)
This analyzes the machine data based on certain known rules, which may vary from industry to industry. For example, a finance industry may not allow a credit card authentication of the same card within a span of five minutes from two different geographic areas. Or a healthcare application may not allow log on to a critical life monitoring system from an IP address not listed as part of known addresses. The role of a rule-based approach continues to hold good but they are limited to the domain knowledge of the solution providers and require constant updates to the rule engine.

Level II (Predictive/ Supervised Machine Learning)
A rule-based approach prevents attacks from known conditions and most of the time they cannot predict the intent of the user before an event has occurred. For example, if a rule detects user intention after four failed login attempts, what if a user is able to breach the network on the first attempt. Supervised machine learning methods come to rescue to predict the user intent based on past training data. This technique is highly useful for enterprises in areas like predicting the behavior of a customer or the likelihood of acquiring or losing a customer. Because this approach is highly dependent on past data, we are already seeing the online ad engines offering the products we look for while we are browsing online. In the machine learning world, most algorithms support this technique:

  • Linear regression
  • K - nearest neighbors
  • Naïve bayes
  • Logistic regression
  • Decision tress

This technique will continue to be useful for detecting certain known conditions that occurred in the past for which enterprise security analysts could clearly label them.

But consider the fact that today's hackers are getting sophisticated day by day and security attacks come from unknown places and in unknown means. This means that it is almost impossible to label the security breaches based on some indicators. We have seen that some enterprises are attacked first time in their history and yet that one attack will be so devastating such that there will not be even another chance for the enterprise to survive. This kind of supervised machine learning can be good in other scenarios whereby an enterprise that has lost customers in the past can figure out the likelihood of losing another customer and take preventive actions. Software solutions for cyber-attacks can continue to employ this technique to bring an additional level of protection to their solution.

Level III (Cognitive/ Unsupervised Machine Learning)
There is a recent interview with MIT Artificial Intelligence Expert Professor Joel Moses - Next Phase Of Artificial Intelligence is all about Unsupervised Machine Learning. Such is the power of this level of maturity. In the unsupervised model the goal is to identify or label a threat without any past labeling; rather it will try to cluster the data in a fashion close to the level of human brains but at the speed of machine, such that the abnormal patterns are detected and security is enforced. Some of the famous algorithms for unsupervised learning are:

  • Hidden Markov Models
  • K-Means Clustering

As you see these algorithms they try to uncover something that hasn't already happened with the level of intelligence closest to human thinking or what we call as artificial intelligence.

Summary
All the methods explained above are not mutually exclusive, in order for your enterprise to be effectively immune from cyber threats, you need a,

  • Strong Security Policies & Governance
  • You needed rule based algorithms that prevent known threats
  • You needed supervised machine learning that will predict the past labelled security threats

Finally you can complement all of the above with Unsupervised Machine Learning that will even understand the unknown events of the past and predict the security breaches. So you can always assess your security defense at what level of maturity and take further actions to protect your enterprise.

More Stories By Srinivasan Sundara Rajan

Highly passionate about utilizing Digital Technologies to enable next generation enterprise. Believes in enterprise transformation through the Natives (Cloud Native & Mobile Native).

@ThingsExpo Stories
SYS-CON Events announced today that TechTarget has been named “Media Sponsor” of SYS-CON's 21st International Cloud Expo, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. TechTarget storage websites are the best online information resource for news, tips and expert advice for the storage, backup and disaster recovery markets.
SYS-CON Events announced today that CA Technologies has been named "Platinum Sponsor" of SYS-CON's 21st International Cloud Expo®, which will take place October 31-November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. CA Technologies helps customers succeed in a future where every business - from apparel to energy - is being rewritten by software. From planning to development to management to security, CA creates software that fuels transformation for companies in the applic...
SYS-CON Events announced today that Telecom Reseller has been named “Media Sponsor” of SYS-CON's 21st International Cloud Expo, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Telecom Reseller reports on Unified Communications, UCaaS, BPaaS for enterprise and SMBs. They report extensively on both customer premises based solutions such as IP-PBX as well as cloud based and hosted platforms.
The current age of digital transformation means that IT organizations must adapt their toolset to cover all digital experiences, beyond just the end users’. Today’s businesses can no longer focus solely on the digital interactions they manage with employees or customers; they must now contend with non-traditional factors. Whether it's the power of brand to make or break a company, the need to monitor across all locations 24/7, or the ability to proactively resolve issues, companies must adapt to...
SYS-CON Events announced today that TMC has been named “Media Sponsor” of SYS-CON's 21st International Cloud Expo and Big Data at Cloud Expo, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Global buyers rely on TMC’s content-driven marketplaces to make purchase decisions and navigate markets. Learn how we can help you reach your marketing goals.
Amazon started as an online bookseller 20 years ago. Since then, it has evolved into a technology juggernaut that has disrupted multiple markets and industries and touches many aspects of our lives. It is a relentless technology and business model innovator driving disruption throughout numerous ecosystems. Amazon’s AWS revenues alone are approaching $16B a year making it one of the largest IT companies in the world. With dominant offerings in Cloud, IoT, eCommerce, Big Data, AI, Digital Assista...
SYS-CON Events announced today that IBM has been named “Diamond Sponsor” of SYS-CON's 21st Cloud Expo, which will take place on October 31 through November 2nd 2017 at the Santa Clara Convention Center in Santa Clara, California.
We build IoT infrastructure products - when you have to integrate different devices, different systems and cloud you have to build an application to do that but we eliminate the need to build an application. Our products can integrate any device, any system, any cloud regardless of protocol," explained Peter Jung, Chief Product Officer at Pulzze Systems, in this SYS-CON.tv interview at @ThingsExpo, held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA
SYS-CON Events announced today that Conference Guru has been named “Media Sponsor” of SYS-CON's 21st International Cloud Expo, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. A valuable conference experience generates new contacts, sales leads, potential strategic partners and potential investors; helps gather competitive intelligence and even provides inspiration for new products and services. Conference Guru works with conference organi...
Multiple data types are pouring into IoT deployments. Data is coming in small packages as well as enormous files and data streams of many sizes. Widespread use of mobile devices adds to the total. In this power panel at @ThingsExpo, moderated by Conference Chair Roger Strukhoff, panelists looked at the tools and environments that are being put to use in IoT deployments, as well as the team skills a modern enterprise IT shop needs to keep things running, get a handle on all this data, and deliver...
SYS-CON Events announced today that Enzu will exhibit at SYS-CON's 21st Int\ernational Cloud Expo®, which will take place October 31-November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Enzu’s mission is to be the leading provider of enterprise cloud solutions worldwide. Enzu enables online businesses to use its IT infrastructure to their competitive advantage. By offering a suite of proven hosting and management services, Enzu wants companies to focus on the core of their ...
In his session at @ThingsExpo, Eric Lachapelle, CEO of the Professional Evaluation and Certification Board (PECB), provided an overview of various initiatives to certify the security of connected devices and future trends in ensuring public trust of IoT. Eric Lachapelle is the Chief Executive Officer of the Professional Evaluation and Certification Board (PECB), an international certification body. His role is to help companies and individuals to achieve professional, accredited and worldwide re...
IoT solutions exploit operational data generated by Internet-connected smart “things” for the purpose of gaining operational insight and producing “better outcomes” (for example, create new business models, eliminate unscheduled maintenance, etc.). The explosive proliferation of IoT solutions will result in an exponential growth in the volume of IoT data, precipitating significant Information Governance issues: who owns the IoT data, what are the rights/duties of IoT solutions adopters towards t...
With the introduction of IoT and Smart Living in every aspect of our lives, one question has become relevant: What are the security implications? To answer this, first we have to look and explore the security models of the technologies that IoT is founded upon. In his session at @ThingsExpo, Nevi Kaja, a Research Engineer at Ford Motor Company, discussed some of the security challenges of the IoT infrastructure and related how these aspects impact Smart Living. The material was delivered interac...
The current age of digital transformation means that IT organizations must adapt their toolset to cover all digital experiences, beyond just the end users’. Today’s businesses can no longer focus solely on the digital interactions they manage with employees or customers; they must now contend with non-traditional factors. Whether it's the power of brand to make or break a company, the need to monitor across all locations 24/7, or the ability to proactively resolve issues, companies must adapt to...
With major technology companies and startups seriously embracing Cloud strategies, now is the perfect time to attend 21st Cloud Expo October 31 - November 2, 2017, at the Santa Clara Convention Center, CA, and June 12-14, 2018, at the Javits Center in New York City, NY, and learn what is going on, contribute to the discussions, and ensure that your enterprise is on the right path to Digital Transformation.
No hype cycles or predictions of zillions of things here. IoT is big. You get it. You know your business and have great ideas for a business transformation strategy. What comes next? Time to make it happen. In his session at @ThingsExpo, Jay Mason, Associate Partner at M&S Consulting, presented a step-by-step plan to develop your technology implementation strategy. He discussed the evaluation of communication standards and IoT messaging protocols, data analytics considerations, edge-to-cloud tec...
New competitors, disruptive technologies, and growing expectations are pushing every business to both adopt and deliver new digital services. This ‘Digital Transformation’ demands rapid delivery and continuous iteration of new competitive services via multiple channels, which in turn demands new service delivery techniques – including DevOps. In this power panel at @DevOpsSummit 20th Cloud Expo, moderated by DevOps Conference Co-Chair Andi Mann, panelists examined how DevOps helps to meet the de...
When growing capacity and power in the data center, the architectural trade-offs between server scale-up vs. scale-out continue to be debated. Both approaches are valid: scale-out adds multiple, smaller servers running in a distributed computing model, while scale-up adds fewer, more powerful servers that are capable of running larger workloads. It’s worth noting that there are additional, unique advantages that scale-up architectures offer. One big advantage is large memory and compute capacity...
"When we talk about cloud without compromise what we're talking about is that when people think about 'I need the flexibility of the cloud' - it's the ability to create applications and run them in a cloud environment that's far more flexible,” explained Matthew Finnie, CTO of Interoute, in this SYS-CON.tv interview at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.