Future of Cyber Security: Defending the digital frontier from invisible threats – Nitin Akarte, Vice President : System Engineering, TaaSera

Nitin Akarte
Nitin Akarte, Designation- Vice President – System Engineering, TaaSera.

 

The internet is a tool that allows instantaneous and limitless ways to communicate and interact. Cyberspace has become a shorthand for computing devices, networks, fiber-optic cables, wireless links and other infrastructure that bring the internet to billions of people around the world. But connectivity comes with a price- Cyber Threats!!!

 

Individuals, organizations, markets, cities, states and even countries are prone to security threats from cyber-criminals, hacktivists and spies. Cyber thefts have become inevitable and are increasing in frequency, in sophistication and in impact. What can we do in such a scenario? How prepared are we to protect our data, systems and networks? The answer lies in empowering our security teams and corporations with sophisticated, state of the art cyber defense technology and products.

 

TaaSeraInc. – A leader in Preemptive Breach Detection Systems (BDS) is launching a revolutionary product to empower you with prioritized view of systems by level of compromise and risk of breach by mapping the “Threat DNA” patterns of malicious coordinated network and endpoint behaviors, without the use of signatures or sandboxes.You can now detect evidence of a breach in run time, well in advance, before any data is lost or stolen.

 

The challenge

 

The real challenge is to stay one step ahead of the hacker and defeat the verypossibility of an attack.

 

Traditional Anti-virus, Intrusion Detection Systems (IDS)/Intrusion Prevention Systems (IPS), Fire Wall (FW) present a number of challenges for IT security teams, including information overload, and lack of a clear 360 degree visibility into systems under monitoring.  To win the race against time and defeat a hacker before it is too late, there is a need for the advanced cyber security products like NetTrust to analyze the vast information automatically and systematically provide the security team with exact details of the breach in progress.

 

Traditional security products and tools will provide protection only from known cyber threats since most of them depend on the old signature (pattern match) or sandbox technology to detect malware or other threats. No matter how sophisticated these security solutions become, they are only as good as the patterns they know to look for.

 

Information overload is sometimes part of the attack, designed by the hacker. The idea is to get security teams busy in false positive or non-creditable threats, while the actual attack vector remains invisible and that vector comes to light only after successful breach as most of the products are only good at “forensic analysis” (which is similar to post mortem). The return on investments on such products are questionable as the companies are paying for protecting themselves before the breach and not getting in depth attack details after the breach.

 

Hiding in Plain Sight

 

A key differentiation between NetTrust and other analytic systems is discerning legitimate callbacks and not illegitimate callbacks (dial-home, beacons).

Malware will obfuscate code, leave no log entries and attempt callback via “trusted” connections to bypass detection by IDS/IPS, SIEM, AMG, sandbox and big data tools. Addressing this, requires more than just detecting behaviors and generating contextual evidence. It requires monitoring and catching callbacks to a command and control (C&C) server via non-standard channels. Other solutions map DNS lookups and attempted callbacks to known malicious sites or based on well-known signatures. If they cannot recognize the site then the callback is considered benign. If the site is known, then the callback is considered malicious. It’s a binary process. In comparison, NetTrust uses Callback Obfuscation and Data Exchange (CODE) grammar in combination with Network Dialog Correlation to detect callbacks based on multiple entropy metrics to introspect behaviors – behaviors typically obfuscated. This provides a smoking gun, eliminating the arbitrary inference of other systems.