Data and Analytics-Key to Security at IBM Edge 2013
A well planned global bank robbery netted $45 million in one day without anyone setting foot in a bank. As reported in the New York Times, the robbers manipulated financial information with the stroke of a few keys and used that information to loot automated teller machines. To stop this kind of crime you need data security and analytics, not cops with guns drawn.
Forty-five million dollars disappeared, said IBM Fellow and VP, Innovation Bernie Meyerson, and nobody even noticed! Eventually they noticed and a few people-those visiting ATM machines-were arrested, but they weren’t the brains of the operation.
The lesson from this caper: you have to monitor data patterns and recognize abnormalities. No system picked up the fact that a handful of ATM access numbers were being used at the same time at widely dispersed locations. This goes beyond IT perimeter defense.
The solution, said Meyerson, is an agile defense based on real-time analytics. Then you can look for a variety of behaviors and attributes and stop an attack almost as soon as it is underway. Better yet, you might predict an attack before it starts.
For example, you can baseline normal behavior and use analytics to identify behavior outside the baseline. Or, you can profile an individual based on the files he or she normally views and the websites the person usually visits. Activities outside normal behavior would trigger an alarm that merits further exploration.
This kind of IT security goes beyond today’s standard IT security best practices built around perimeter protection, user identification and authorization, anti-virus, intrusion detection, and such. Rather, it is based on collecting a wide range of data in real-time and analyzing it to determine if it is outside the norm for that person. A bit Big Brother, yes, but it’s a dangerous world out there.
IBM brings a slew of products and services to this battle, including cognitive computing. In this case Watson, the Jeopardy winning IBM system, represents your biggest gun. Watson, which is smart and fast to begin with, also can learn. What, asks Meyerson, if cognitive systems likeWatson could see the big picture and understand the context? Well, you can be pretty confident that $45 million wouldn’t disappear globally in hours without being noticed
Although most IT managers aren’t worrying about losing $45 million to theft in one day that doesn’t mean they don’t face complex and demanding security challenges. Cloud computing and mobile, especially with the added demand for BYOD, is complicating what many previously considered good security blocking and tackling. Add to that Advanced Persistent Threats (APT)-slowly developing threats over an extended duration-spearfishing (different from phishing, another threat), zero-day attacks, SQL insertion, and attackers operating under the auspices of nation states; IT managers simply cannot relax their guard.
At Edge 2013 the IBM security team laid out its comprehensive security program that entails tools to automate security hygiene, manage security incidents through analytics, combat mobile threats, control network access, manage identity and third-party security, and address cloud and virtualization security. In short, the IBM program offers defense in depth.
IBM security experts at Edge 2013 also offered a variety of security tips: Begin with the assumption your organization has experienced attacks and already is infected to some extent, whether aware of it or not. A vulnerability analysis is a good place to start.
Understand how attackers work, such as by using social media to identify the weak points they can use to lure individually targeted managers-especially those who may have higher levels of system authorization-into opening an infected email. Pause before you click anything new.
Also avoid, replace, or update un-patched legacy systems, software, and systems with insecure configurations. That’s inviting trouble.
Finally, once the bad guy is in, you need a response strategy to move fast to isolate the problem and stop any spread while trying not to tip the bad guys off that you’re on to them. Resist the mad scramble to recover because it can ruin the evidence. Instead, follow your methodical response plan. You do have one, right?