The reason you often hear people say, "quality over quantity" is because, generally, it’s true. An organization could own every security tool known to mankind, each kicking out truck loads of data, but this does not necessarily mean that these organizations are well protected against security threats and attacks.Read More »
Consider the job of the weather person. It used to be that a weather forecast was almost unusable because of low accuracy. But now, it is commonplace to put a reasonable amount of faith in the forecast. Really, not that long ago, we used an almanac to get a sense of the weather. My, how things have improved!
I actually rely on the forecast I access on my smartphone. Why is the prediction so much better today than it was in the past?Read More »
Cultures and Languages
If you think there is an easy solution to the complex problems of cybersecurity and cyber defense, you need to think again. There is no easy button for cybersecurity; no quick solution for cyber defense.
One of the reasons that it is so hard is that there are so many different perspectives and viewpoints. And, each of those perspectives can have their own verbiage, terms, and languages. I mean let's face it, if you want to be proficient in a foreign land, you have to learn the culture and language. There is no easy shortcut.Read More »
An approach to solving cybersecurity problems is to use machine learning to baseline normal behaviors so that deviations from normal can be identified. This, at first glance makes perfect sense. However, there are flaws that must be considered and avoided.
Threat Intelligence: Non-Malicious Deviations
One of the flaws is that deviations from normal may not be malicious in nature. They may reflect new behaviors that are non-malicious in nature. For example, new software, new policies, new scope of work, or any other of a myriad of changes may cause a deviation from normal.Read More »
From Mental Models to Computational Models
It used to be that a diligent team of analysts with some programming skills could do a respectable job of protecting an enterprise on their own. They knew enough of the specific threats, the specifics of the enterprise, and the specifics of the enterprise network, that they could monitor for problems and mitigate those problems. Unfortunately, the volume and voracity of the threats has grown. The variety of business models has expanded. The complexity of enterprise network topologies has increased. These factors mandate that cybersecurity solutions evolve. Cybersecurity teams must upgrade to a better strategy.
No longer are one-off scripts and the programming of lookup tables adequate to face the criminal elements. The risks and liabilities are just too high.Read More »
Some cybersecurity analysts amaze me. In fact, in broader terms, experts amaze me. When you see an expert in action they frequently make very difficult things seem so simple. Their experience has honed their skills to the point they can understand very confusing scenarios. In particular, cybersecurity experts can intuitively recognize suspicious actions and network conditions that mere mortals can’t.
They are so impressive because they have learned in great detail the ins and outs of their enterprise’s network, the enterprise business, and the people of the enterprise. Somehow, they are able to recognize suspicious and malicious things seemingly instinctually.Read More »
Ever heard someone use phrases like “I put two and two together,” or “I started to connect the dots?” What is usually meant is that in the examination of the facts at hand an understanding of a feasible explanation is forming. By considering details, a bigger picture can be formed.
Belief Propagation Network
A belief propagation network (BPN) is a network where messages are passed through a series of nodes in a graph.Read More »
Artificial Intelligence in Cyber SecurityThis has been the endeavor of many before me, and probably many after me. My hope is that someone, or some group, cracks the barrier to true cyber security intelligence in my lifetime. It will be a cool thing to witness.
In the meantime, we will continue to write less than true Artificial Intelligence code in order to approach the goal. The phrase "fake it 'til you make it" comes to mind. We can mimic the cognitive processes until we actually author cognition.Read More »
Cybersecurity is really complicated. It is a topic of massive amounts of minute details. From those details, incredibly important big pictures must be formed. Cybersecurity is the art of being situationally aware in chaos.Software engineering is really complicated. It is a topic of massive amounts of ones and zeros. From those bits (1s and 0s) helpful applications must be formed. Software engineering is the art of creating knowledge from big data formed of bits.
Cybersecurity is inherently complex, as is the world of software. How do we make complex things less complex? How do we "get our heads around" all the things in the cyber domain?Read More »
As much as we would like to think that we can trust all our colleagues and employees, Insider Threat is a large concern. People within a company - employees, management, and contractors - are given access to information and assets as a trusted member of our organization. This access gives them the capability and opportunity to make negative choices by either stealing something of value, or sabotaging to cause harm.Read More »