Welcome!

Cloud Security Authors: Yeshim Deniz, Zakia Bouachraoui, Liz McMillan, Elizabeth White, Ravi Rajamiyer

Related Topics: Cloud Security, @CloudExpo, @ThingsExpo

Cloud Security: Blog Post

The Cyber Security Maturity Model | @CloudExpo [#IoT #Cloud]

Unsupervised Learning In Cyber Security

Cyber Attacks
We continue to see an increasing trend in cyber-attacks in line with the growth of new technologies, and enterprises have to protect themselves. It is critical for enterprises to devise their own measures to protect against cyber-attacks because any tolerance on this front is more than an IT issue but may affect the very existence and the business model of the enterprise. We have seen in a recent incident where a cyber-attack prevented a large enterprise from performing their basic business process.

Limitations of Policy Based Approach
In the past decade to mitigate the risk of cyber-attacks, enterprises usually appointed security officers and they ensured typical Zero Tolerance Policies on their network, applications, processes and people. Some of them include:

  • No access from home
  • No external devices at work
  • No access to the Internet at work
  • No access to production environments from the development environment
  • No exposure of application APIs outside the firewall

Most of these policies resulted from the first principles of security and quality audits and they continue to be relevant, but some of the basic business models of enterprises have changed:

  • Mobility is a part of enterprise business model such that much of the enterprise business is served through mobile devices anywhere, any time
  • Gen Y workforce demanded to work from anywhere, which means access to the systems should also be open from anywhere
  • Internet of Things opened a new set of business opportunities and at the same time opened up the very micro-level component of an assembly pipeline in a manufacturing plant to the external world
  • Social media and crowdsourcing almost becomes part of most business processes like CRM, Warranty Management, and HRMS
  • Cloud is the enabler that enterprises cannot ignore
  • The DevOps model is sweeping the industry so that the barriers between the production environment and development environment no longer exist

With these points in mind, while the traditional approach of policy enforcement mainly through human means still holds good as a base protection, but will not protect an enterprise from all possibilities of cyber-attack, because the options and combinations are so much such that mere policy enforcement will not identify and prevent them.

Machine Learning Approach
As the enterprise becomes digital, which means every touc hpoint and navigation across the enterprise is handled with some sort of a connected device, be it a VPN gateway, directory servers, access card systems, fingerprint recognition systems, network devices and more, we are in the midst of massive flow of machine data when it comes to tracking the cyber-attacks.

Fortunately the advent of cloud and its byproducts, such as Big Data storage and massively parallel processing frameworks, have provided an opportunity for enterprises to tackle the issue of monitoring the security breaches and also to prevent them. This means enterprises adopted the techniques of understanding massive flows of machine data from various sources and found ways and means to find insights out of that data toward possible security breaches and cyber-attacks.

Machine Learning Approach Maturity Models
To fill in the vacuum in the cyber security prevention space as well as to help the enterprises, several Big Data and machine learning solutions have appeared in the market that claim to help enterprises detect and prevent security attacks. So naturally enterprises will find them interesting but at the same time these initiatives involve cost and effort as well as the risk of choosing a solution that may not foresee all the possibilities and yet make the enterprises vulnerable.

The following maturity models will help enterprises understand the capabilities of the solutions that they will employ to tackle the cyber-security threats.

Level I (Preventive/ Rule Based)
This analyzes the machine data based on certain known rules, which may vary from industry to industry. For example, a finance industry may not allow a credit card authentication of the same card within a span of five minutes from two different geographic areas. Or a healthcare application may not allow log on to a critical life monitoring system from an IP address not listed as part of known addresses. The role of a rule-based approach continues to hold good but they are limited to the domain knowledge of the solution providers and require constant updates to the rule engine.

Level II (Predictive/ Supervised Machine Learning)
A rule-based approach prevents attacks from known conditions and most of the time they cannot predict the intent of the user before an event has occurred. For example, if a rule detects user intention after four failed login attempts, what if a user is able to breach the network on the first attempt. Supervised machine learning methods come to rescue to predict the user intent based on past training data. This technique is highly useful for enterprises in areas like predicting the behavior of a customer or the likelihood of acquiring or losing a customer. Because this approach is highly dependent on past data, we are already seeing the online ad engines offering the products we look for while we are browsing online. In the machine learning world, most algorithms support this technique:

  • Linear regression
  • K - nearest neighbors
  • Naïve bayes
  • Logistic regression
  • Decision tress

This technique will continue to be useful for detecting certain known conditions that occurred in the past for which enterprise security analysts could clearly label them.

But consider the fact that today's hackers are getting sophisticated day by day and security attacks come from unknown places and in unknown means. This means that it is almost impossible to label the security breaches based on some indicators. We have seen that some enterprises are attacked first time in their history and yet that one attack will be so devastating such that there will not be even another chance for the enterprise to survive. This kind of supervised machine learning can be good in other scenarios whereby an enterprise that has lost customers in the past can figure out the likelihood of losing another customer and take preventive actions. Software solutions for cyber-attacks can continue to employ this technique to bring an additional level of protection to their solution.

Level III (Cognitive/ Unsupervised Machine Learning)
There is a recent interview with MIT Artificial Intelligence Expert Professor Joel Moses - Next Phase Of Artificial Intelligence is all about Unsupervised Machine Learning. Such is the power of this level of maturity. In the unsupervised model the goal is to identify or label a threat without any past labeling; rather it will try to cluster the data in a fashion close to the level of human brains but at the speed of machine, such that the abnormal patterns are detected and security is enforced. Some of the famous algorithms for unsupervised learning are:

  • Hidden Markov Models
  • K-Means Clustering

As you see these algorithms they try to uncover something that hasn't already happened with the level of intelligence closest to human thinking or what we call as artificial intelligence.

Summary
All the methods explained above are not mutually exclusive, in order for your enterprise to be effectively immune from cyber threats, you need a,

  • Strong Security Policies & Governance
  • You needed rule based algorithms that prevent known threats
  • You needed supervised machine learning that will predict the past labelled security threats

Finally you can complement all of the above with Unsupervised Machine Learning that will even understand the unknown events of the past and predict the security breaches. So you can always assess your security defense at what level of maturity and take further actions to protect your enterprise.

More Stories By Srinivasan Sundara Rajan

Highly passionate about utilizing Digital Technologies to enable next generation enterprise. Believes in enterprise transformation through the Natives (Cloud Native & Mobile Native).

IoT & Smart Cities Stories
Dion Hinchcliffe is an internationally recognized digital expert, bestselling book author, frequent keynote speaker, analyst, futurist, and transformation expert based in Washington, DC. He is currently Chief Strategy Officer at the industry-leading digital strategy and online community solutions firm, 7Summits.
With 10 simultaneous tracks, keynotes, general sessions and targeted breakout classes, @CloudEXPO and DXWorldEXPO are two of the most important technology events of the year. Since its launch over eight years ago, @CloudEXPO and DXWorldEXPO have presented a rock star faculty as well as showcased hundreds of sponsors and exhibitors! In this blog post, we provide 7 tips on how, as part of our world-class faculty, you can deliver one of the most popular sessions at our events. But before reading...
If a machine can invent, does this mean the end of the patent system as we know it? The patent system, both in the US and Europe, allows companies to protect their inventions and helps foster innovation. However, Artificial Intelligence (AI) could be set to disrupt the patent system as we know it. This talk will examine how AI may change the patent landscape in the years to come. Furthermore, ways in which companies can best protect their AI related inventions will be examined from both a US and...
Charles Araujo is an industry analyst, internationally recognized authority on the Digital Enterprise and author of The Quantum Age of IT: Why Everything You Know About IT is About to Change. As Principal Analyst with Intellyx, he writes, speaks and advises organizations on how to navigate through this time of disruption. He is also the founder of The Institute for Digital Transformation and a sought after keynote speaker. He has been a regular contributor to both InformationWeek and CIO Insight...
DXWorldEXPO LLC, the producer of the world's most influential technology conferences and trade shows has announced the 22nd International CloudEXPO | DXWorldEXPO "Early Bird Registration" is now open. Register for Full Conference "Gold Pass" ▸ Here (Expo Hall ▸ Here)
Bill Schmarzo, Tech Chair of "Big Data | Analytics" of upcoming CloudEXPO | DXWorldEXPO New York (November 12-13, 2018, New York City) today announced the outline and schedule of the track. "The track has been designed in experience/degree order," said Schmarzo. "So, that folks who attend the entire track can leave the conference with some of the skills necessary to get their work done when they get back to their offices. It actually ties back to some work that I'm doing at the University of ...
@DevOpsSummit at Cloud Expo, taking place November 12-13 in New York City, NY, is co-located with 22nd international CloudEXPO | first international DXWorldEXPO and will feature technical sessions from a rock star conference faculty and the leading industry players in the world. The widespread success of cloud computing is driving the DevOps revolution in enterprise IT. Now as never before, development teams must communicate and collaborate in a dynamic, 24/7/365 environment. There is no time t...
The Internet of Things will challenge the status quo of how IT and development organizations operate. Or will it? Certainly the fog layer of IoT requires special insights about data ontology, security and transactional integrity. But the developmental challenges are the same: People, Process and Platform and how we integrate our thinking to solve complicated problems. In his session at 19th Cloud Expo, Craig Sproule, CEO of Metavine, demonstrated how to move beyond today's coding paradigm and sh...
CloudEXPO New York 2018, colocated with DXWorldEXPO New York 2018 will be held November 11-13, 2018, in New York City and will bring together Cloud Computing, FinTech and Blockchain, Digital Transformation, Big Data, Internet of Things, DevOps, AI, Machine Learning and WebRTC to one location.
Cell networks have the advantage of long-range communications, reaching an estimated 90% of the world. But cell networks such as 2G, 3G and LTE consume lots of power and were designed for connecting people. They are not optimized for low- or battery-powered devices or for IoT applications with infrequently transmitted data. Cell IoT modules that support narrow-band IoT and 4G cell networks will enable cell connectivity, device management, and app enablement for low-power wide-area network IoT. B...