Businesses are facing an increasingly indiscriminate threat from cyber criminals. Despite the best security, companies must remain on high alert because hackers are continually changing their methods. Having first focused on banks, hedge funds, insurance companies and other financial institutions, cyber attackers have expanded across all sectors, so no organization is immune. In this blog, we take a look at how the telecom industry is adapting to cyber breaches and how Analyst for Kx can be part of a cybersecurity solution.
A hallmark of the telecom industry is that its services are truly global and impact the lives of billions of individuals and millions of companies. Data such as customer names, addresses, phone numbers and payment details are a honeypot for attackers and are increasingly in danger of being compromised. Telecoms must therefore improve their cybersecurity systems to avoid the financial and reputational damage of a security breach. Unfortunately, not all are making sufficient investments in cybersecurity to do so.
Some are. Vodafone, for example, has created a specific business unit for cybersecurity technologies and support, as it ramps up the implementation of threat intelligent solutions and strategies to overcome some of the most critical cyber threats. Others are not. One telecom company was recently fined £400,000 for a large-scale data breach in 2015, and subsequently saw a sizeable drop in customer numbers, both B2B and B2C.
IT departments in many telecoms addressing the issue are increasingly turning to financial services for best technology and cybersecurity practices because their fiduciary role has forced them to have stringent levels of protection. One outstanding technology in that sphere is Kx, which is trusted by the world’s top financial services companies because of the stability and security of systems built using its kdb+ database.
So what might a proactive cybersecurity strategy look like? Analyst for Kx is a robust solution that implements Gartner’s Hybrid Transaction/Analytical Processing (HTAP) architecture for cyber analytics and telecommunications. It is designed to help human cyber analysts anticipate and detect new forms of attack. It has been used extensively for securities trading surveillance, an area Kx technology excels in, and which requires similar capabilities to those needed for detecting other types of cyber crimes.
Analyst for Kx and Cybersecurity*
Analyst for Kx uses thorough forensic analysis of historical data to better understand potential attack patterns and to characterize normal behavior. It enables cyber analysts to place themselves in the mindset of an attacker, creating models of potential attacks and devising associated detectors for such attacks. These point of decision models run in the live stream of traffic setting off an alarm when a detector identifies a potential attack. Analysts then quickly verify if there is a cause for concern and if so, immediately take steps to counter the attack.
There are few areas where the competition is as intense as cybersecurity. It is a high stakes game that is always changing, where humans augmented by computers continually seek new techniques to both obfuscate their attacks and mask their presence in target systems.
Both defenders and attackers collaborate with their respective peers to gain competitive advantage. Both review the past to anticipate the future. Both constantly scan software to identify potential defects maintaining an inventory for the future repairs/exploits.
Classic cyber defense strategies for Individuals and corporations count on detecting known attacks and using well-known digital fingerprints to block potential threats. Experts will confidently assert that no one is immune from attacks, and daily news stories bear them out. Assume that you will be hacked, and plan now to focus on identifying and countering attacks.
When a cyber attacker gains access they often hide inside target systems for many months, gathering information about the system’s software and hardware in order to eventually mount a more effective attack. In fact, most sophisticated attacks are built up over long periods of time, hiding innocently in an otherwise normal stream of Internet traffic, remaining undetected by classic cyber approaches that are based on simple signatures or looking at traffic in a small sliding window. These old-style defenses are insufficient in today’s world. In order to detect modern attacks one needs to look simultaneously at both current as well as all past traffic. Forensic analysis on past data will often expose full or partial patterns that often appear again in future traffic.
Analyst for Kx is a product designed to help human cyber analysts anticipate and detect new forms of attack. Part of a suite of surveillance products, Analyst for Kx provides the tools necessary to deal with ingesting, transforming and visualizing Internet data. It is one of the only tools that enable experts to interactively explore huge volumes of both current and past traffic. Only by thorough forensic analysis of historical data is one able to understand attack patterns and characterize normal behavior, both being essential to building and validating usage and traffic models. Kx also has significant experience with stock market surveillance, which is a very similar cyber crime and uses similar technical approaches.
In order to cope with future threats, cyber analysts place themselves in the mindset of an attacker, creating models of potential attacks and devising associated detectors for such attacks. These point of decision models run in the live stream of traffic setting off an alarm when a detector identifies a potential attack. Analysts then quickly verify if there is a cause for concern and if so, immediately take steps to counter the attack.
As a practical matter designing and implementing model-based behavioral cybersecurity requires a full programming language and associated development tools, together with comprehensive analysis and visualization tools. In addition, machine learning and statistical libraries that support a full range of statistical and deterministic modeling are essential. Efficient probabilistic reasoning techniques to deal with the realities of fuzzy/uncertain reasoning about noisy data are also needed. Analyst for Kx offers all of these capabilities, seamlessly integrated with the proven Kx HTAP solution.
*This chapter was adapted from the November 2016 Kx report with Gartner research: “Real-time Insights and Decision Making Using Hybrid, Streaming, In-Memory Computing Analytics and Transaction Processing, Applying Gartner’s Hybrid Transaction/Analytical Processing Architecture to Cybersecurity”