Page 40 - index
P. 40
This model claims to be real time, but only the ability to query a data repository is real time—or as
the user is waiting, in reality the analytics becomes forensic in nature. Data that has already
come to rest has an inherent latency and does not give organizations the vital rapid detection
edge they need to stop an attack at its onset.
It takes extraordinary computing power to handle the unprecedented volumes and types of data
flowing into to the typical enterprise infrastructure, where organization are geographically
distributed, with people and offices around the world, operating devices that allow them to enter
the network from anywhere, anyplace, at any time.
It also requires the application of new advances in correlation and algorithmic technology so that
organizations have the correlated results available. This provides the ability identify patterns and
detect anomalies without any rules or signatures. To date, the majority of existing systems have
been highly dependent on identifying known threats—those based on a signature or rule—
despite the fact that many of today’s threats are never-before-seen attacks, the “unknown
unknowns.”
Technology that can ingest, analyze, index and correlate massive amounts of data from
disparate data feeds, while that data is still in motion, will enable organizations to rapidly detect
anomalies, identify whether or not they are a threat, and then automate client-determined
remedial actions.
Data is a fluid, moving entity. It is constantly in transit either into, out of, or within an
organization. To protect and defend data assets, companies need the ability to see what is
happening to data while it is moving and in transit. Technology advances are being
implemented today that will begin to dramatically shift the breach detection paradigm by giving
companies the ability to detect a potential breach faster than ever before possible. While we
may never be able to thwart every potential threat, we most certainly have the technological
capability to drastically reduce detection times from months to just a few minutes. We just have
to embrace them. When we do, the balance of power will finally shift in our favor.
About the Author:
Dr. Dan Nieten is the Chief Technology Officer for Red Lambda, an
award-winning cybersecurity technology company. The company’s
flagship solution, MetaGrid, is an advanced, software-based
cybersecurity system designed to protect commercial and
government enterprises by identifying anomalies and threats “in
motion” at detection speeds never before possible, without rules or
signatures. The company is headquartered in Orlando with offices in
the UK.
40 Cyber Warnings E-Magazine – June 2015 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
