Combining Military Science with Data Science

by Dec 9, 2019Cyber Security

In the aftermath of WWI, France built an elaborate defensive system that became known as the “Maginot Line.” It was designed to block an invading army and considered impenetrable.

Hitler’s forces overcame these defenses by land, sea, and air to defeat France in 6 weeks. Today Merriam-Webster’s Dictionary defines the Maginot Line as “”a defensive barrier or strategy that inspires a false sense of security …” 

The Maginot Line, despite massive spending provided a false sense of security that Hitler bypassed to invade France

In C-Suites, boardrooms, and government offices there is a growing concern that we’re operating behind a new “Maginot Line,” unaware of the degree to which we are vulnerable to cyber threats.

These threats – sophisticated, networked, and unconventional, hide in the shadows of the Dark Web and multi layered encryption. They are highly motivated and inspired by ideology, profit, or “fun” to ruin our private lives, destroy our economy, and undermine national security.

The critical weakness of most network cyber defenses is that they flag “anomalies” without context.

  • That’s like getting an “engine service” light in your car – what really is wrong and is it dangerous?

  • Literally thousands of alerts are generated per day in even modest digital networks. Which are important?

Today’s cyber trolls are too clever to flag their presence with an obvious signature. Indications of attack are subtle and require corroboration of many different data points to be revealed, and that discovery must take place before the attack to be useful.

There is too much data for human beings to manage. We need to work at machine speed.

To deter and disrupt a cyber threat we need to exploit machine learning and look at cyber intelligence like our nation’s counter terror forces. That means getting insight into the mind of the cyber threat during planning and reconnaissance phases – activities that are “left of bang” on an attack timeline.

Our most effective military intelligence organizations fuse and triage vast amounts of data in real time, using unified advanced analytics to connect seemingly unrelated bits of information within the normal pattern of life. The objective is to be preemptive and gain insights early enough in the attack timeline to allow operators to defeat, disrupt, or deter the threat. In addition to this analytic challenge, military organizations are proactively and continually assessing and managing risk to their critical assets.

Putting these two disciplines together is the key to effective cyber security.

  • Today many (perhaps most) companies are overwhelmed by the complexity and workload of cyber threat intelligence and ill equipped to realistically assess risk.

  • In many cases, companies haven’t identified their critical assets much less the risk to them. Beyond that, they often don’t know what’s hooked up to their network or what threats may sneak in through their supply chain.

  • They are unaware of their “attack surface,” and which threat actors might be preparing to exploit weaknesses within it.

This is not operating “left of bang.” This is sitting behind the Maginot Line hoping nothing bad happens.

  • When “bad” happens, the result can be catastrophic.

  • On average the time between breach and discovery is 190 days.

  • Hackers can do a lot of damage running around a network for 6 months.

  • Post hack forensics, fines, legal fees, and brand damage can be terminal.

The cyber security market desperately needs an enterprise level cyber capability any company can afford. @RISK Technologies was built by military veterans to fill that need.

At its heart is a “network consensus” Big Data platform with the ability to evaluate all digital transactions because it deconstructs the complexity of the Cyber Battlefield much like it is done in the real Battlefield.

The complexity is deconstructed by creating “engagement areas” for Cyber. These are analytic zones that correspond with a Defense in Depth. They are the Endpoint, Network Segment, Perimeter and Ecosystem. Leveraging raw packet capture (PCAP) the analytics logically separate the kinds of threats, in real time, and corroborate data from across a network using the power of Big Data technology. Added to this mix are insights from known CVEs, Dark Web discovery, and related industry threat data.

Before getting to this point, @RISK analysts conduct a detailed attack surface measurement, help design pre-emptive risk abatement programs, provide extensive compliance audit support, and create an “instrument panel” tailored to the needs of the cyber security team, the C-Suite, or the Board.

We were amazed when Germany side-stepped the Maginot Line. We were stunned when Japan had the audacity to attack Pearl Harbor. We watched in horror as the World Trade Center was destroyed. In every case there was enough data on risk and potential threat to have raised an alarm “left of bang.” Unfortunately, the correlation of the available data was too subtle to get us excited.

@RISK Technologies combines the experience and tradecraft of military intelligence organizations with the capabilities of leaders in the field of artificial intelligence and machine learning. The blend gives companies a fighting chance to detect and evade cyber threats before breach, at an affordable cost.

Most of us see very clearly the value of such a capability in hindsight. The best of us see the value beforehand.

Suggested Reading

NCTIES20 Raleigh

NCTIES20 Raleigh

Measuring, mitigating and transferring risk are critical aspects of conflict and have been for thousands of years. Sun Tzu, the famous Chinese military strategist is attributed with saying: In simple terms to avoid losing, you must be able to defend. Knowing this, you...

Secure World

Secure World

Measuring, mitigating and transferring risk are critical aspects of conflict and have been for thousands of years. Sun Tzu, the famous Chinese military strategist is attributed with saying: In simple terms to avoid losing, you must be able to defend. Knowing this, you...