Adaptive Cyber Security
By Tony Clark, 2-Dooz Inc. – June 25, 2013 (Original Publication Date)
We can build tiny computers that make phone calls and that sit in the palm of a hand. We can send digital information and have it be received nearly instantaneously anywhere on the planet. Moreover, we can even send robotic rovers to explore the surface of Mars. But, one thing we still can’t do is cure the common cold.
The reason for this is because the rhinovirus—the germ that causes the common cold—changes so quickly. As soon as antibodies are created to thwart an existing version, a new variant comes into being.
The same is true for today’s malicious software, or malware. It is constantly evolving; seemingly faster than cyber defenses can keep up. Fortunately, highly adaptive cyber security solutions, which employ algorithms inspired by nature, have emerged.
Viruses—the types that infect human beings—consist of bits of DNA or RNA and a protein outer shell. In order to infect a body, a virus must first penetrate the body’s exterior, e.g., skin. Once the virus is past the skin, its outer protein lining allows it to penetrate the body’s internal cells. And, after entering a cell, the virus hijacks the cell’s replication mechanism and forces it to produce copies of the virus. Those copies of the virus then invade other host cells. Unchecked, the result is a full blown infection.
The function of the body’s internal immune system is to detect and eliminate viruses and other intruders that have made it past the skin. Ideally, detection and elimination occurs before the intruder can reproduce; or if that is not possible, hopefully before the intruder has caused too much damage.
Furthermore, the human immune system is highly adaptive in that after it detects and eliminates a specific intruder it will remember that invader. Future incursions from the same type of intruder can then be dealt with more swiftly.
In computer systems, traditional firewalls play the role of the human skin; providing a potential barrier against malware. However, as is the case for the skin, firewalls do not provide 100% protection. New malware infections do break through and when they do, they quickly replicate to inflict harm.
Traditional firewalls are at best an incomplete cyber security solution. Therefore, what are needed (and fortunately are now emerging) are more adaptive security mechanisms that play the role of the internal human immune system within a cyber system. They provide an additional layer of defense against intruders that have made it past the firewall. These cloud powered systems use big data analytics to detect new infections early on and, by doing so, minimize the harm that new malware can do. Leading adaptive cyber security equipment providers include Palo Alto Networks, FireEye, and MetaFlows.
Just like the human immune system, it turns out that the best cyber security defense is provided by a strong, adaptive system—a system that provides fast dynamic detection and uses global correlation analysis, based in the cloud, to provide a more comprehensive, more effective defense against newly emerging and previously encountered cyber threats.
Those are my thoughts. And, as always, I invite and look forward to learning what you think.