New Frontiers in Cyber Security: Locomotives without Wheels, Moats, Deep Learning at the Edge 

Industry analyst Bob Sorensen recently told us something most IT managers already know deep in their apprehensive hearts: cyber security is in a sorry state (see “Be More Afraid,” EnterpriseTech, Nov. 18, 2016). Security at many companies is somewhat marginalized, an unfavored area that lies outside core IT operations and procedures, a focal point at many companies of ineffectuality and denial that can be characterized as: Don’t just do something, sit there!

Part of the problem: cyber security is purely defensive in nature. We don’t want it until we need(ed) it. It doesn’t add to the bottom line, it’s a cost center seen as hindering optimal operations. Corporate boards tell senior managers that, yes, of course cyber security is important, but don’t let it interfere with daily business.

Yet everyone grasps the bottom line and reputation risks of poor security. This anxiousness, coupled with uncertainty about their own cyber security strategies, results in many companies – at least those that haven’t been attacked yet – taking refuge in the feeble rationalization: “We haven’t been breached yet so we must be doing something right.”

Yeah, sure.

But we already know all this. We know it can take months, even years, to figure out how a breach happened, that nearly every company is, has been and will be the target of cyber crooks. We know advanced computing hardware and software are coming on line that will identify and prevent attacks, though how to pick the right technologies, how to hire the right people who can use the stuff and how much it will all cost are problems that lie ahead.

Instead of further bemoaning this state of affairs, let’s look at the bright spots, the best-in-class cyber security practices some companies have adopted and the emerging technologies that leverage big data analytics, machine learning and quantum computing.

Bob Sorensen of Hyperion Research

At Tabor Communications’ recent Leverage Big Data+EnterpriseHPC conference, Sorensen (of Hyperion Research, formerly part of IDC) reprised his November presentation at SC16 in Salt Lake City in which he surveyed the cyber security landscape. On the brighter side of an overall concerning picture, he profiled companies and vendors that are making impressive advances.

For example, he cited a range of practices put in place at a major data center (see above aerial image) in Ashburn, VA, about 40 miles north of Washington, DC, site of a growing number of data centers attracted by electricity pricing discounts (80 percent less than in nearby Maryland, Sorensen said) offered by local power suppliers.

“When you drive through Ashburn, Virginia, you see nothing but 200,000-square-foot buildings with nine parking spaces out front,” Sorensen said with a chuckle, adding that it’s estimated that 80 percent of internet traffic passes through Ashburn data centers.

At one of them, name withheld, a blend of tech and non-tech protective measures have been implemented on an eight-acre lock-down site that has the earmarks of a military compound. The data center is owned by a large financial transactions company to process billions of transactions daily. Sorensen called it a state-of-the-art security facility built to withstand hurricane-force winds of up to 170 MPH and to fend off armed attacks.

Redundancy is built in throughout the site. It’s equipped with giant diesel generators (“locomotives without wheels”) able to keep the center running for up to nine days in case of a protracted power outage. Sorensen said there a signs warning people to leave the room within 30 seconds if the generator starts up “because if you don’t it will kill you – that’s how loud it is when they get going.” Fuel for the generators is supplied by three different fuel companies, in case deliveries are interrupted during a natural or man-made disaster.

The facility has five different internet providers connected at five different points around the building, so if the cable to the web is cut at one spot (or four), the facility remains online. Likewise the data center is supplied by a variety of technology suppliers. “When you walk down a row, you don’t see the same vendor name on the equipment. They don’t want to put all their eggs in one basket with a single vendor. And when those machines arrive at the loading dock, they strip them open and look at every board, at every chip, to make sure it’s what it’s supposed to be. They don’t want any kind of hardware implants making it in.”

Sorensen said during his tour of the facility he was struck by how open it is. His guide explained they use the specifications for hand grenade blast radius, “so if someone gets in here and pulls the pin on a grenade it won’t take out anything more than one small part of the system, which will continue to operate without a hiccup,” said Sorensen, noting that he had never previously heard of this strategy.

Outside, the facility is ringed by a moat, as in medieval times. If anyone tries to blast a vehicle through the gate and speed past the security guard shack toward the building, the roadway has reverse banking so that a fast moving vehicle, when it reaches a curve, will flip over and end up in one of the man-made ponds on the property.

“They thought of everything,” Sorensen said, admiringly.

Still, the data center operators admitted that there’s no absolute security that can keep out a determined attacker.

“They said, ‘If someone wants to get in, particularly foreign governments, they can, we can’t stop them,’” Sorensen said. “’All we can do is encourage them to go down the road to someone else first… The idea is to make it a little harder to get in here than it is to get in there.’ And that’s the fundamental reality of really what a best in class system is.”

On the technology front, Sorensen said he’s encouraged by some of the new advanced computing technologies he sees. The key, he said, it to lighten the burden that cyber security professionals currently deal with.

“Advanced computing offers the opportunity to make more and more of our security operations automated,” he said. “It means you have fewer people on the floor, but the people you have on the floor are looking at more relevant data because there’s an intelligent (technology) agent saying: ‘They don’t need to see everything.’ Things that are important need will be brought to their attention at the right time, and nothing else.

“We can collect more data, we can analyze it in real-time, we can collect it from forensics, we can look at it from a predictive standpoint as well. There are a lot more opportunities to attack the cyber security issue with a lot more sophistication.”

A company that’s done this well is PayPal, Sorensen said, which invested a relatively small amount of money into advanced computing and machine learning, and ended up saving $700 million in fraudulent charges in the first year of its advanced computing implementation.

“They’ve done some really interesting work using big data analytics,” Sorensen said. “They looked at all of their PayPal transaction data they’d collected and developed some interesting rules based about what constitutes a likely fraudulent event… It was basically taking their own data, seeing what they could learn from the events of the past to help make better decisions in the future, and it had some really powerful ROI.”

However, Sorensen cautioned that PayPal’s success is not commonplace. “Someone at the company got the right people in the right place at the right time, and got really smart people to think about the problem, and that’s not an easily reproducible kind of event.”

Another positive note: Sorensen sees movement toward cross-over fertilization of advanced computing into cyber security. He cited AI and deep learning technologies used in autonomous vehicles as an architecture that could be applicable to detecting breach attacks at the edge. It’s “the standard deep learning killer app,” he explain, with a training system on top of the structure, a GPU-heavy HPC system that figures out the rules of the road, and then deploys that deep learning package down to the inference engines that sit in the trunk of the car and handle vehicle operations and navigation. Those inference engines, he said, will become computationally more powerful to the point where five years from now they will be as powerful as the training systems “doing the heavy lifting” of today. The idea is “on the job training,” so the system in the trunk of the car is doing more than mere inferencing based rules handed down to it, it’s also sending back to the training system what it learns within a cyclical, iterative, increasingly intelligent training process.

At least one vendor – Deep Instinct – is taking this model to cyber security, “creating a training infrastructure,” Sorensen said, “they’ve passed it through what they call ‘Deep Brain’ and then they’ve passed it onto an appliance which basically adjusts that training to the security policies of customer companies, and then passed it on to all of their (customer’s) end points – all of its smart phones, its desktop computers. It downloads that little inference engine, so now to have that device, that endpoint, is now as cyber-savvy as it can be.” The endpoint device examines files coming in and can decide if it’s suspect, whether it should be quarantined.

He also cited IBM Watson’s foray into cyber security, in which Watson ingests any available information documenting points of vulnerability (research papers, security blogs, conference presentations, etc.) and then, using its natural language capabilities, develops continually updated guidelines accounting for evolving cyber threats.

It’s an attempt to solve the impossibility, for security professionals, of keeping completely up-to-date with the industry literature.

“It casts as wide a net as possible, so if it’s known, Watson will make sure it gets driven into your cyber security procedures as fast as possible,” Sorensen said.

Another wellspring of cyber security advancement are the techniques under development by, in Sorensen’s term, “hyperscale center guys”: Amazon, Facebook, Google, et al. It is widely acknowledged that security within public clouds and web scale companies is superior to that of most other commercial companies. But to leverage the work the hyperscalers are doing will require a shift toward communal sharing of new cyber security techniques.

“The hyperscale center guys, they’re on notice,” Sorensen said. “Their job is to drive the state of the art in cyber security right now. Luckily their scale is unique and their skillset is pretty high. A lot of the interesting deep learning work, a lot of the advanced big data analysis is being done by (them). These are the people we’re going to look to. We have to encourage them to advance the art of cyber security, and we have to encourage them to share what they know.”

But because being more secure than your competitors is a big advantage, getting these (and other) companies to share will require a much-needed change in outlook.

“Fundamentally the field of cyber security is too important and too complex to continue as it has,” Sorensen said. “The idea of just hiring more people to do more of what has been done in the past just won’t work anymore. There has to be a paradigm shift to keep up with the threats… It’s a real information leveraging operation, and the bottom line is that sooner or later, we’re all going to be in this together. Sooner or later, there’s not going to be anyone left to hide behind…”