Welcome!

Cloud Security Authors: Elizabeth White, Liz McMillan, Pat Romanski, Lisa Calkins, Mamoon Yunus

Related Topics: Cloud Security, @CloudExpo, @ThingsExpo

Cloud Security: Blog Post

The Cyber Security Maturity Model | @CloudExpo [#IoT #Cloud]

Unsupervised Learning In Cyber Security

Cyber Attacks
We continue to see an increasing trend in cyber-attacks in line with the growth of new technologies, and enterprises have to protect themselves. It is critical for enterprises to devise their own measures to protect against cyber-attacks because any tolerance on this front is more than an IT issue but may affect the very existence and the business model of the enterprise. We have seen in a recent incident where a cyber-attack prevented a large enterprise from performing their basic business process.

Limitations of Policy Based Approach
In the past decade to mitigate the risk of cyber-attacks, enterprises usually appointed security officers and they ensured typical Zero Tolerance Policies on their network, applications, processes and people. Some of them include:

  • No access from home
  • No external devices at work
  • No access to the Internet at work
  • No access to production environments from the development environment
  • No exposure of application APIs outside the firewall

Most of these policies resulted from the first principles of security and quality audits and they continue to be relevant, but some of the basic business models of enterprises have changed:

  • Mobility is a part of enterprise business model such that much of the enterprise business is served through mobile devices anywhere, any time
  • Gen Y workforce demanded to work from anywhere, which means access to the systems should also be open from anywhere
  • Internet of Things opened a new set of business opportunities and at the same time opened up the very micro-level component of an assembly pipeline in a manufacturing plant to the external world
  • Social media and crowdsourcing almost becomes part of most business processes like CRM, Warranty Management, and HRMS
  • Cloud is the enabler that enterprises cannot ignore
  • The DevOps model is sweeping the industry so that the barriers between the production environment and development environment no longer exist

With these points in mind, while the traditional approach of policy enforcement mainly through human means still holds good as a base protection, but will not protect an enterprise from all possibilities of cyber-attack, because the options and combinations are so much such that mere policy enforcement will not identify and prevent them.

Machine Learning Approach
As the enterprise becomes digital, which means every touc hpoint and navigation across the enterprise is handled with some sort of a connected device, be it a VPN gateway, directory servers, access card systems, fingerprint recognition systems, network devices and more, we are in the midst of massive flow of machine data when it comes to tracking the cyber-attacks.

Fortunately the advent of cloud and its byproducts, such as Big Data storage and massively parallel processing frameworks, have provided an opportunity for enterprises to tackle the issue of monitoring the security breaches and also to prevent them. This means enterprises adopted the techniques of understanding massive flows of machine data from various sources and found ways and means to find insights out of that data toward possible security breaches and cyber-attacks.

Machine Learning Approach Maturity Models
To fill in the vacuum in the cyber security prevention space as well as to help the enterprises, several Big Data and machine learning solutions have appeared in the market that claim to help enterprises detect and prevent security attacks. So naturally enterprises will find them interesting but at the same time these initiatives involve cost and effort as well as the risk of choosing a solution that may not foresee all the possibilities and yet make the enterprises vulnerable.

The following maturity models will help enterprises understand the capabilities of the solutions that they will employ to tackle the cyber-security threats.

Level I (Preventive/ Rule Based)
This analyzes the machine data based on certain known rules, which may vary from industry to industry. For example, a finance industry may not allow a credit card authentication of the same card within a span of five minutes from two different geographic areas. Or a healthcare application may not allow log on to a critical life monitoring system from an IP address not listed as part of known addresses. The role of a rule-based approach continues to hold good but they are limited to the domain knowledge of the solution providers and require constant updates to the rule engine.

Level II (Predictive/ Supervised Machine Learning)
A rule-based approach prevents attacks from known conditions and most of the time they cannot predict the intent of the user before an event has occurred. For example, if a rule detects user intention after four failed login attempts, what if a user is able to breach the network on the first attempt. Supervised machine learning methods come to rescue to predict the user intent based on past training data. This technique is highly useful for enterprises in areas like predicting the behavior of a customer or the likelihood of acquiring or losing a customer. Because this approach is highly dependent on past data, we are already seeing the online ad engines offering the products we look for while we are browsing online. In the machine learning world, most algorithms support this technique:

  • Linear regression
  • K - nearest neighbors
  • Naïve bayes
  • Logistic regression
  • Decision tress

This technique will continue to be useful for detecting certain known conditions that occurred in the past for which enterprise security analysts could clearly label them.

But consider the fact that today's hackers are getting sophisticated day by day and security attacks come from unknown places and in unknown means. This means that it is almost impossible to label the security breaches based on some indicators. We have seen that some enterprises are attacked first time in their history and yet that one attack will be so devastating such that there will not be even another chance for the enterprise to survive. This kind of supervised machine learning can be good in other scenarios whereby an enterprise that has lost customers in the past can figure out the likelihood of losing another customer and take preventive actions. Software solutions for cyber-attacks can continue to employ this technique to bring an additional level of protection to their solution.

Level III (Cognitive/ Unsupervised Machine Learning)
There is a recent interview with MIT Artificial Intelligence Expert Professor Joel Moses - Next Phase Of Artificial Intelligence is all about Unsupervised Machine Learning. Such is the power of this level of maturity. In the unsupervised model the goal is to identify or label a threat without any past labeling; rather it will try to cluster the data in a fashion close to the level of human brains but at the speed of machine, such that the abnormal patterns are detected and security is enforced. Some of the famous algorithms for unsupervised learning are:

  • Hidden Markov Models
  • K-Means Clustering

As you see these algorithms they try to uncover something that hasn't already happened with the level of intelligence closest to human thinking or what we call as artificial intelligence.

Summary
All the methods explained above are not mutually exclusive, in order for your enterprise to be effectively immune from cyber threats, you need a,

  • Strong Security Policies & Governance
  • You needed rule based algorithms that prevent known threats
  • You needed supervised machine learning that will predict the past labelled security threats

Finally you can complement all of the above with Unsupervised Machine Learning that will even understand the unknown events of the past and predict the security breaches. So you can always assess your security defense at what level of maturity and take further actions to protect your enterprise.

More Stories By Srinivasan Sundara Rajan

Highly passionate about utilizing Digital Technologies to enable next generation enterprise. Believes in enterprise transformation through the Natives (Cloud Native & Mobile Native).

@ThingsExpo Stories
Internet-of-Things discussions can end up either going down the consumer gadget rabbit hole or focused on the sort of data logging that industrial manufacturers have been doing forever. However, in fact, companies today are already using IoT data both to optimize their operational technology and to improve the experience of customer interactions in novel ways. In his session at @ThingsExpo, Gordon Haff, Red Hat Technology Evangelist, shared examples from a wide range of industries – including en...
Detecting internal user threats in the Big Data eco-system is challenging and cumbersome. Many organizations monitor internal usage of the Big Data eco-system using a set of alerts. This is not a scalable process given the increase in the number of alerts with the accelerating growth in data volume and user base. Organizations are increasingly leveraging machine learning to monitor only those data elements that are sensitive and critical, autonomously establish monitoring policies, and to detect...
To get the most out of their data, successful companies are not focusing on queries and data lakes, they are actively integrating analytics into their operations with a data-first application development approach. Real-time adjustments to improve revenues, reduce costs, or mitigate risk rely on applications that minimize latency on a variety of data sources. Jack Norris reviews best practices to show how companies develop, deploy, and dynamically update these applications and how this data-first...
Intelligent Automation is now one of the key business imperatives for CIOs and CISOs impacting all areas of business today. In his session at 21st Cloud Expo, Brian Boeggeman, VP Alliances & Partnerships at Ayehu, will talk about how business value is created and delivered through intelligent automation to today’s enterprises. The open ecosystem platform approach toward Intelligent Automation that Ayehu delivers to the market is core to enabling the creation of the self-driving enterprise.
SYS-CON Events announced today that Grape Up will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place on Oct. 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Grape Up is a software company specializing in cloud native application development and professional services related to Cloud Foundry PaaS. With five expert teams that operate in various sectors of the market across the U.S. and Europe, Grape Up works with a variety of customers from emergi...
"We're a cybersecurity firm that specializes in engineering security solutions both at the software and hardware level. Security cannot be an after-the-fact afterthought, which is what it's become," stated Richard Blech, Chief Executive Officer at Secure Channels, in this SYS-CON.tv interview at @ThingsExpo, held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA.
Consumers increasingly expect their electronic "things" to be connected to smart phones, tablets and the Internet. When that thing happens to be a medical device, the risks and benefits of connectivity must be carefully weighed. Once the decision is made that connecting the device is beneficial, medical device manufacturers must design their products to maintain patient safety and prevent compromised personal health information in the face of cybersecurity threats. In his session at @ThingsExpo...
SYS-CON Events announced today that Massive Networks will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Massive Networks mission is simple. To help your business operate seamlessly with fast, reliable, and secure internet and network solutions. Improve your customer's experience with outstanding connections to your cloud.
Everything run by electricity will eventually be connected to the Internet. Get ahead of the Internet of Things revolution and join Akvelon expert and IoT industry leader, Sergey Grebnov, in his session at @ThingsExpo, for an educational dive into the world of managing your home, workplace and all the devices they contain with the power of machine-based AI and intelligent Bot services for a completely streamlined experience.
Because IoT devices are deployed in mission-critical environments more than ever before, it’s increasingly imperative they be truly smart. IoT sensors simply stockpiling data isn’t useful. IoT must be artificially and naturally intelligent in order to provide more value In his session at @ThingsExpo, John Crupi, Vice President and Engineering System Architect at Greenwave Systems, will discuss how IoT artificial intelligence (AI) can be carried out via edge analytics and machine learning techn...
When shopping for a new data processing platform for IoT solutions, many development teams want to be able to test-drive options before making a choice. Yet when evaluating an IoT solution, it’s simply not feasible to do so at scale with physical devices. Building a sensor simulator is the next best choice; however, generating a realistic simulation at very high TPS with ease of configurability is a formidable challenge. When dealing with multiple application or transport protocols, you would be...
SYS-CON Events announced today that Datera, that offers a radically new data management architecture, has been named "Exhibitor" of SYS-CON's 21st International Cloud Expo ®, which will take place on Oct 31 - Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Datera is transforming the traditional datacenter model through modern cloud simplicity. The technology industry is at another major inflection point. The rise of mobile, the Internet of Things, data storage and Big...
SYS-CON Events announced today that GrapeUp, the leading provider of rapid product development at the speed of business, will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place October 31-November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Grape Up is a software company, specialized in cloud native application development and professional services related to Cloud Foundry PaaS. With five expert teams that operate in various sectors of the market acr...
In the enterprise today, connected IoT devices are everywhere – both inside and outside corporate environments. The need to identify, manage, control and secure a quickly growing web of connections and outside devices is making the already challenging task of security even more important, and onerous. In his session at @ThingsExpo, Rich Boyer, CISO and Chief Architect for Security at NTT i3, discussed new ways of thinking and the approaches needed to address the emerging challenges of security i...
SYS-CON Events announced today that CA Technologies has been named "Platinum Sponsor" of SYS-CON's 21st International Cloud Expo®, which will take place October 31-November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. CA Technologies helps customers succeed in a future where every business - from apparel to energy - is being rewritten by software. From planning to development to management to security, CA creates software that fuels transformation for companies in the applic...
In his opening keynote at 20th Cloud Expo, Michael Maximilien, Research Scientist, Architect, and Engineer at IBM, discussed the full potential of the cloud and social data requires artificial intelligence. By mixing Cloud Foundry and the rich set of Watson services, IBM's Bluemix is the best cloud operating system for enterprises today, providing rapid development and deployment of applications that can take advantage of the rich catalog of Watson services to help drive insights from the vast t...
There is only one world-class Cloud event on earth, and that is Cloud Expo – which returns to Silicon Valley for the 21st Cloud Expo at the Santa Clara Convention Center, October 31 - November 2, 2017. Every Global 2000 enterprise in the world is now integrating cloud computing in some form into its IT development and operations. Midsize and small businesses are also migrating to the cloud in increasing numbers. Companies are each developing their unique mix of cloud technologies and service...
WebRTC is great technology to build your own communication tools. It will be even more exciting experience it with advanced devices, such as a 360 Camera, 360 microphone, and a depth sensor camera. In his session at @ThingsExpo, Masashi Ganeko, a manager at INFOCOM Corporation, will introduce two experimental projects from his team and what they learned from them. "Shotoku Tamago" uses the robot audition software HARK to track speakers in 360 video of a remote party. "Virtual Teleport" uses a...
Recently, IoT seems emerging as a solution vehicle for data analytics on real-world scenarios from setting a room temperature setting to predicting a component failure of an aircraft. Compared with developing an application or deploying a cloud service, is an IoT solution unique? If so, how? How does a typical IoT solution architecture consist? And what are the essential components and how are they relevant to each other? How does the security play out? What are the best practices in formulating...
Internet of @ThingsExpo, taking place October 31 - November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA, is co-located with 21st Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry players in the world. The Internet of Things (IoT) is the most profound change in personal and enterprise IT since the creation of the Worldwide Web more than 20 years ago. All major researchers estimate there will be tens of billions devic...