Lecture 10 quiz Flashcards
Who is the author of this paper on the future of cyber security, specifically the importance of speed.
Bushra, 2021
Who is Bushra, 2021 interviewing?
Shu, a Research Staff Member at IBM
What is Shu’s biggest concern biggest concern about the future of computing?
The speed in cyber security & the possibility of discovering modern cyber threats before attackers accomplish their goals or the impact of the threat gets worse.
Speed is the time take to execute attacks or defences
How have cyber attacks evolved?
The development of attacks is online.
Advanced Persistant Threat (APT) attacks are an example of how development of modern cyber security attacks is online today.
What is the first stage of the advanced persistent threat (APT) ?
It is known as the early attack phase ie., phase reconnaissance.
Attackers analyze their target before launching an attack by gaining access to the network and collecting information about the environment and its vulnerabilities.
What is the second stage of the advanced persistent threat?
It is known as the phase lateral movement.
It happens once the attack has breached the network undetected, and it uses techniques to move deeper into the network to locate the valuable assets they are after ie., financial data and remove any obstacles.
What is the third stage of the advanced persistent threat? (the malware development, delivery and execution phase of an attack)
Based on the knowledge developed during the last stages, the attackers can develop & test malware to make it undetectable by this anti-virus before launching it at the target.
How should defenders discover threats?
Defenders need to understand security measurement limitations & gaps for each protected environment.
- Need to obtain hints of attacks from various perspectives eg. digging into process activities besides malware signatures to discover unknown malware.
- Reveal the root cause of security incidents eg., backtracking unknown zero-day exploits that allow malware to get in
- To evaluate covered impacts besides confirmed attack activities ie., is ransom the ultimate goal or the deceptive goal to stop investigation
- To verify the possible threat hypothesises ie., finding clues & proofs of the real attack goal of long-term customer privacy breaches
Do attackers know what their attack campaigns look like at the beginning & do defenders know what threats there are and how to detect them ahead of time?
No because attackers build attacks “on the fly” and defenders can develop detection strategies “on the fly based on what they observe”.
What is the difference between static traditional security defense and dynamic cyber security defence?
Traditional static security defense requires a nearly complete understanding of a threat for each protected concern.
Dynamic cyber security defense creates new knowledge of that for each protected environment during detection.
This means the cyber security is no longer just the execution of attacks and defenses, but it also involves the development.
What do defenders need to think about today?
Programming, model creation, requirement analysis, algorithm design, data normalisation and system assembling even with pre-developed detection models.
How many days on average does it take to detect a data breach today?
279 days & this number has been increasing steadily over the past years & if this continues the loss of security will impede the use & development in the future
How have cyber security attacks evolved over the years?
They have evolved quickly & advanced persistent threat (APT) is becoming a major concern.
The way attacks have changed has weakened existing defenses.
What do defenders need to solve?
The issue of speed & efficency of cyber defense.
It is challenging to accelaterate cyber defense, especially knowledge, expression, composition, reuse & application. And it is challenging to foster creative artificial intelligence to play the game.
Why is the cyber defense process slow & difficult to speed up?
Cyber security analysts:
- Start from a suspicious observation (ie., repeated larger than expected network traffic)
- Make threat hypothesised eg., data exfiltration
- Next, they verify detailed adversary tactics against more observations
- Revise the hypothesised
- Threat hypothesises is verified
- Responses are proposes, evaluated & executed against each attack.
Today, cyber defense relies on ad-hoc threat hunting with incomplete & incompatible pieces of threat intelligence & knowledge. These processes are working, but are SLOW & far from the full strength of dynamic cyber defense.
What dynamic cyber defense methodology does shu propose?
“Threat intelligence computing” is a new methodology that aims to formalise the reasoning aspect of dynamic cyber defense as a graph computation problem.
What is the next challenge for the “threat intelligence computing” methodology?
To apply the methodology & technology outside the DAPRA envirinoment & they are working with new platforms and industry standards to bring security vendors & threat hunters together towards practical dynamic cyber defense.
Once accomplished, it will rebalance the game with orders of magnitude shorter time to discover modern threats. It will also unlock further opportunities for defense design automation and security artificial intelligence which will take the speed of cyber defense to the next level.
What is dynamic cyber defense?
It is an emerging approach
It connects multiple sub-disciplines in cyber security & beyond such as systems security, computer language, formal methods, machine learning etc.
& it opens lots of opportunities with big data and AI.
What does “threat intelligence computing” methodology provide?
It provides both human & machine with one unified way to quickly encode knowledge & verify threat hypothesises against system & network data.
It enables easy cyber knowledge composition of large attack plots from small steps & tactics, techniques & procedures (TTP).
Also, proprietary knowledge from existing detection & reasoning systems can be trivially embedded via labels in our approach.
Proof of concept system is built in the DAPRA Transparent Computing program for threat hunting, for automatic TTP detection & for comprehensive policy reasoning which turns out to be a great success.
