Augmented Cyber Reality: Part 1

Paul Krein Blog

Introduction:  Augmented Cyber Reality

Paul Krein, CTO Red River

It’s all about the data

Modern cyber security and Information Technology has become all about the data.  Moving, sharing and especially protecting mission and business data.  However, the pace of demand around protecting our mission and corporate data is straining many security teams.  Information security is the new technology landscape, as IT is in almost every aspect of mission and business.  If we truly expect tens of billions of new devices on the network by 2020, will we be ready?  It begs the question, just how many new security devices will be added and how much additional security data will be produced?

The simple reality is that our security teams will need to analyze and overlay key info and foresight onto traditional capabilities and current investments very rapidly.  Worse, when a cyber incident occurs, Executive Leadership will and do expect immediate and comprehensive answers so they can make timely decisions.  If only there were a way to make our analysts more efficient…

Enter the power of the machine

What if instead, we could have machines look for patterns in the sea of data, and highlight anomalies and patterns beyond what humans can easily see? Then let humans do what they do best, and tie events, intentions and risks together.  The obvious answer is that we need an Augmented Cyber Reality.  In this multi-part series, our teams will share the DNA of Augmented Cyber Reality and five applications across traditional and emerging Cyber Security areas.

 

— Part 1 —
Augmented Cyber Reality – The DNA

Ramon Thomas, Design Engineer, Red River Office of the CTO
Paul Krein, CTO

In Information Technology, innovation is often seen as either evolutionary or revolutionary.  There are pros and cons to both.  Within the technology community, innovative leaders such as Red River see ourselves as the “enablers of rapid evolution,” specifically within the realm of Cyber Security.

Red River makes a concerted effort to catalyze the adaptation of traditional cyber security policies into a methodology that speaks to the growing business needs and elevated threat of attack organizations face today. As a result of this ideology, Red River has developed the practice of Augmented Cyber Reality, the evolved state of legacy Cyber Security.

Today, we live in a world where IT is everywhere, within everything, and it is estimated that by 2022 the cyber security sector will face a 1.8 million worker shortfall based on today’s rate of growth. (ISC2 survey released June 2017) There is a constant flow of new data not only from client end points, but also from security devices and infrastructure. The current reality is that customers need to analyze this data and overlay key information, while injecting foresight into traditional monitoring capabilities. However, when an incident occurs, they can easily fall short.

 

We need an Augmented Cyber Reality.

Rethink The Data CenterRed River supports its customers by helping to define a programmatic approach which leads to dynamic identification and mitigation of security threats which exist in this new reality. This is done through the implementation of the core tenants of Augmented Cyber Reality, which are:

  • Understanding Traditional Data Center Security
    • Encryption
    • Data Loss Prevention
    • User Behavior Analytics (UBA)
    • Infrastructures Powered by Machine Learning

Plus the emerging realm of Software Defined….

We consider this the DNA of Augmented Cyber Reality. These principles address various aspects of discovery, operations, and result in overall improvement.  ACR strives to answers some of the most common questions posed by organizations:

  • How do we lock out the bad guys?
  • How do we avoid losing our data?
  • Are Authorized Users accessing the data?
  • How do we protect data where the Mission resides?

Let’s evaluate how the implementation of ACR align with these questions?

We need to start with a granular understanding of traditional data center security, this aids in generating a baseline of what’s ‘normal’. Identifying standard behaviors helps determine what occurrences are outliers, notable, and actionable. Once the baseline is created ACR principles are applied.

 

  1. Encryption helps lock out the bad guy. Encryption is often considered a staple of Cyber security – especially for Data in Motion; more and more for data at rest. Once it was 64 bit, now more are looking at 2048 bit thinking it will take too long to crack to be valuable…

 

  1. DLP helps avoid data exposure. A Data Loss Prevention solution (DLP) does this through the identification and classification of the critical data in the network by ensuring that the data is only moved around in the network in such a way that is acceptable

 

  1. UBA helps businesses understand what and how users are leveraging data. Because Insider threats are real, and external individuals may try to pose as insiders…. UBA is critical to baselining your normal operations AND recognizing anomalies early!

 

  1. Machine learning can augment the support of security IT in the field. Let the machines handle the mundane search, correlation, repeatable and high volume tasks this Enable the Humans to Analyze, Assess Risk, and Take Action

The security industry has some leading tools and best practices to address these questions and Red River assists agencies with selecting the appropriate tools that fit the specific environment of each organization.  Red River helps organizations EVOLVE their security posture.

Gone are the days where individuals with malicious intent are thwarted by moats and walls (firewalls). The approach of Augmented Cyber Reality takes the tradition style of data center security which has stout exterior prevention mechanisms with weak interior policies and infuses the entire data center with a methodology that hardens it to the core.

Follow Red River of over the next few weeks to find out more about the tenants of Augmented Cyber Reality.