Narus Cyber 3.0 Position Paper
Position Paper on the Evolution to Cyber 3.0 and the application of machine learning
Published on: Mar 3, 2016
Transcripts - Narus Cyber 3.0 Position Paper
CYBER 3.0POSITIONING PAPER THE PERFECT STORM: CONFLUENCE OF HYPER-CONNECTIVITY, MOBILITY AND BIG DATACYBER 3.0: WHERE THE SEMANTICWEB AND CYBER MEET In order to stress the full weight of the meaning of Cyber 3.0, it is important to first put the state of our networkedJOHN TROBOUGH, PRESIDENT, NARUS, INC. world into perspective. We can start by stating categoricallyFEBRUARY 2013 that the Internet is changing: Access, content, and application creation and consumption are growingThe term “Cyber 3.0” has been used mostly in reference to exponentially.the strategy described by U.S. Deputy Defense SecretaryWilliam Lynn at an RSA conference. In his Cyber 3.0 From narrowband to broadband, from kilobits to gigabits,strategy, Lynn stresses a five-part plan as a comprehensive from talking people to talking things, our networked world isapproach to protect critical assets. The plan involves changing forever. Today, the Internet is hyper-connectingequipping military networks with active defenses, ensuring people who are now enjoying super-fast connectivitycivilian networks are adequately protected, and marshaling anywhere, anytime and via any device. They are always onthe nation’s technological and human resources to maintain and always on the move, roaming seamlessly from networkits status in cyberspace1. to network. Mobile platforms and applications only extend this behavior. As people use a growing collection of devicesCyber 3.0 technologies will be the key to enable such to stay connected (i.e., laptops, tablets, smartphones,protection, and is achieved when the semantic Web’s televisions), they change the way they work and collaborate,automated, continuous machine learning is applied to the way they socialize, the way they communicate, and thecybersecurity and surveillance. way they conduct business.Cyber 3.0 will be the foundation for a future in which Add to this the sheer enormity of digital information andmachines drive decision-making. But Cyber 3.0’s ability to devices that now connect us: Cisco estimates that by 2015,deliver greater visibility, control and context has the amount of data crossing the Internet every five minutesfar-reaching implications in our current, hyper-connected will be equivalent to the total size of all movies ever made,environment, where massive amounts of information move and that annual Internet traffic will reach a zettabyteeasily and quickly across people, locations, time, devices — roughly 200 times the total size of all words ever spokenand networks. It is a world where human intervention and by humans2. On a similar note, the number of connectedintelligence alone simply can’t sift through and analyze devices will explode in the next few years, reaching aninformation fast enough. Indeed, arming cybersecurity astonishing 50 billion by 20203. By this time, connectedorganizations with the incisive intelligence afforded by this devices could even outnumber connected people by a ratiomachine learning means cybersecurity incidents are of 6-to-14. This interconnectedness indeed presents a levelidentified and security policies are enforced before critical of productivity and convenience never before seen, but itassets are compromised. also tempts fate: The variety and number of endpoints — so difficult to manage and secure — invite cyber breaches, and their hyper-connectivity guarantees the spread of cyber incidents as well as a safe hiding place for malicious machines and individuals engaged in illegal, dangerous or otherwise unsavory activities.
Cyber is nonetheless integral to our everyday lives. Anything CYBER 3.0: THE ANSWER TO A NEW GENERATIONwe do in the cyber world can be effortlessly shifted across OF CYBER CHALLENGESpeople, locations, devices and time. While on one hand,cyber is positioned to dramatically facilitate the process of Indeed, given the great velocity, volume and variety of dataknowledge discovery and sharing among people (increasing generated now, the cyber technologies that rely on manualperformance and productivity and enabling faster processes and human intervention — which worked well ininteraction), on the other, companies of all sizes must now the past — no longer suffice to address cybersecuritysecure terabytes and petabytes of data. That data enters organizations’ current and future pain points, whichand leaves enterprises at unprecedented rates, and is often correlate directly with the aforementioned confluence ofstored and accessed from a range of locations, such as from hyper-connectivity, mobility and big data. Rather,smartphones and tablets, virtual servers, or the cloud. next-generation cyber technology that can deliver visibility, control and context despite this confluence is the onlyOn top of all this, all the aforementioned endpoints have answer. This technology is achieved by applying machinetheir own security needs, and the cybersecurity challenge learning to cybersecurity and surveillance, and is calledtoday lies in how to control, manage and secure large Cyber 3.0.volumes of data in increasingly vulnerable and openenvironments. Specifically, cybersecurity organizations In using Cyber 3.0, human intervention is largely removedneed answers to how they can: from the operational lifecycle, and processes, including decision-making, are tackled by automation: Data is• Ensure visibility by keeping pace with the automatically captured, contextualized and fused at an unprecedented and unpredictable progression of new atomic granularity by smart machines, which then applications running in their networks automatically connect devices to information (extracted• Retain control by staying ahead of the bad guys (for a from data) and information to people, and then execute change), who breach cybersecurity perimeters to steal end-to-end operational workflows. Workflows are executed invaluable corporate information or harm critical assets faster than ever, and results are more accurate than ever.• Position themselves to better define and enforce More and more facts are presented to analysts, who will be security policies across every aspect of their network called on only to make a final decision, rather than to sift (elements, content and users) to ensure they are aligned through massive piles of data in search of hidden or with their mission and gain situational awareness counter-intuitive answers. And analysts are relieved from taking part in very lengthy investigation processes to• Understand context and slash the investigation time understand the after-the-fact root cause. and time-to-resolution of a security problem or cyber incidentUnfortunately, cybersecurity organizations are impededfrom realizing any of these. This is because their currentsolutions require human intervention to manually correlategrowing, disparate data and identify and manage all cyberthreats. And human beings just don’t scale.
In the future, semantic analysis and sentiment analysis will Clearly, these three attributes are essential to keepingbe implanted into high-powered machines to: critical assets safe from cybersecurity incidents or breaches in security policy. However, achieving them in the• Dissect and analyze data across disparate networks face of constantly changing data that is spread across• Extract information across distinct dimensions within countless sources, networks and applications is no small those networks task — and definitely out of reach for any principles or practices that rely even partly on human interference.• Fuse knowledge and provide contextualized and definite Moreover, without visibility, control and context, one can answers never be sure what type of action to take.• Continuously learn the dynamics of the data to ensure that analytics and data models are promptly refined in Cyber 3.0 is not a mythical direction of what “could” an automated fashion happen. It’s the reality we will face as the Web grows, as new• Compound previously captured information with new technologies are put into practice, and as access to more information to dynamically enrich models with and more devices continues to grow. The future is obvious. discovered knowledge The question is: How will we respond?Ultimately, cybersecurity organizations are able to better By virtue of machine learning capabilities, Cyber 3.0 is thecontrol their networks via situational awareness gained only approach that can rise to these challenges and deliverthrough a complete understanding of network activity and the incisive intelligence required to protect our criticaluser behavior. This level of understanding is achieved by assets and communities now and into the future.integrating data from three different planes: the networkplane, the semantic plane and the user plane. The network John Trobough is president of Narus, Inc., a subsidiary of The Boeingplane mines traditional network elements like applications Company (NYSE: BA). Based in Silicon Valley, Narus is a longtimeand protocols; the semantic plane extracts the content and cybersecurity innovator and industry pioneer, with patents awarded and pending for its work in cyber.relationships; and the user plane establishes informationabout the users. By applying machine learning and analyticsto the dimensions extracted across these three planes,cybersecurity organizations have the visibility, context and 1 “DoD Talks Up Plans to Deploy Cybercommandos,” Tech News World,control required to fulfill their missions and business February 11, 2011 <http://www.technewsworld.com/story/ DoD-Talks-Up-Plans-to-Deploy-Cybercommandos-71872.html>.objectives. 2 “The Zettabyte Era,” May 30, 2012, Cisco <http://www.cisco.com/en/• Visibility: Full situational awareness across hosts, US/solutions/collateral/ns341/ns525/ns537/ns705/ns827/ services, applications, protocols and ports, traffic, VNI_Hyperconnectivity_WP.html>. content, relationships, and users to determine baselines 3 “The Internet of Things,” Cisco <http://share.cisco.com/ and detect anomalies internet-of-things.html>.• Control: Alignment of networks, content and users with 4 “The State of Broadband 2012: Achieving Digital Inclusion for All,” enterprise goals, ensuring information security and International Telecommunications Union, September 2012 <http:// intellectual property protection www.broadbandcommission.org/Documents/bb-annualreport2012.• Context: Identification of relationships and connectivity pdf#page=1&zoom=auto,0,842>. among network elements, content and end users