The endless cyber debate between prevention and detection may be settled thanks to former NSA Data Scientists. A new method, not yet on the market (but being fast tracked due to new Russian threats), enables security professionals to visualize their entire network and see which device is talking to which device giving IT pros a cyber premonition on what threats are to come. Because I got the first look, you can too. But first, a history lesson.
Four or five years ago, the NSA tasked an entire floor of data scientists to develop a system that would quickly determine the country of origin for malicious code. In the ongoing fight against cyber warfare, this was a huge undertaking and a lot was at stake.
While the Intelligence Community sifted through billions of 1’s and 0’s, it soon became apparent they were getting nowhere, that is until one individual looked at the problem from a more human perspective.
This NSA specialist in human behavior asked a simple question “Why are we doing it this way and what would the human brain do?” His point was: why focus on computer code, when it was actually humans that wrote it. This eventually led the NSA to convert all the 1’s and 0’s of malicious code into a visual.
After the code was converted into a simple visual representation, patterns began to emerge. Malicious code seemed to fall into several major visual categories. Looking at previously known examples of malicious code, provided the final clue to the puzzle. The patterns were consistent via the language of origin.
Code written by someone from China was visually different than code written by someone in Russia or the USA! The simple paradigm shift allowed the human eye to glance at a visual to quickly determine its origin. It turns out analyzing human behavior was key to understanding their attacks. Understanding behavior isn’t the traditional approach.
Since the beginning of the cybersecurity war, protecting against threats has been viewed through two lenses: Prevention and Detection. That’s it.
In its infancy, cybersecurity focused on “prevention.” In this never-ending cat and mouse game, hackers would create a never been seen before threat, and at some point, this new threat would be discovered. The discovery of this threat would then be added to a threat feed to protect your network and devices.
Only 5 years ago, “detection” was the shiny object in security. The idea was, if you can detect a threat almost immediately, you can prevent it. But the needle is already moving back in favor of prevention. It’s apparent the cybersecurity community is desperate for a solution, but not finding it.
This leads us back to the NSA. These cybersecurity behavior gurus have created a third option, possibly ending the cyber detection vs. prevention debate. Just two months ago, they showed off a new approach to cybersecurity that will flip the entire world of cyber on its head. From my perspective, it will have mass appeal to the whole cyber world, not just the intelligence community. Here’s how it works.
Instead of focusing on prevention or detection, their new approach is designed to map out the collective behavior of data across a company’s technology stack via… AI. Go ahead and get the laughs out of your system. I know I did. The joke is as follows: If it’s machine learning, it’s probably written in Python. If it’s Artificial intelligence, it’s probably written in PowerPoint! Funny, but true.
But their solution might be the first time in my career, I’ve seen something close to true Artificial Intelligence. To visually watch AI taking off, actually interact autonomously and making its own decisions is something to behold. The UI is quite unique as well.
The original paradigm shift years ago has now led to this question “How can we create a UI that allows an analyst to visually see information in a way the human brain will better understand it?” This omnipresent UI allows analysts and security professionals to visualize their entire network, which device is talking to which device, and how.
This cyber premonition tech is now enterprise-ready, and they are looking to interview 10 enterprise cybersecurity leaders to collaborate on this technology. Given our reputation, they have partnered with us to manage this rollout. If you are interested in testing their “god tool” reach out to me and I’ll set up a show and tell.
Kristopher Taylor is VP of Cyber Security Sales at 3 Tree Tech in Portland. He is a platform-agnostic tech researcher that transitions siloed organizations into automated DevOps centric businesses. To get his help, message him right here.