Watch out cybercriminals cause there is a revolutionary new software superhero in town and it's meant to kick your butts right into jail. It's proven effective in tracking down cyberthugs in mere seconds.
The real-time information security tool, called guardINQ, came out of Scotland's Edinburgh Napier University. The biologically inspired software digitally mimics the DNA matching process used in the real world and allows CCTV-style monitoring of online systems, building up a sequence of hackers' activities.
Dr. Jamie Graves, chief executive and co-founder of Inquisitive Systems, said: "Put simply, we can now track cyber criminals 24/7. We go to the heart of the matter, not only detecting criminal activity but intervening in real time to reduce cyber crime. The GuardInQ technology enables us to identify their digital fingerprints and prove that a certain person was behind illegal changes made to data, which gives a higher level of proof when it comes to prosecuting data crime."
Dataloss db reports that the Ponemon Institute determines the cost of a data breach by multiplying $60 by the number of records exposed, but the real costs can be much higher. The total can quickly add up to millions in financial loss plus costly damage control to brand reputations when the breach hits the media. So if guardINQ can stop hackers fast, it could possibly save enterprises countless millions.
After learning that the new startup, Inquisitive Systems, was fast-tracked to the recent Global Security Challenge Summit in London due to its ability to fight cyber espionage and cyber terrorism, I conducted an email interview with Dr. Graves.
Email Interview with Dr. Graves, chief executive and co-founder of Inquisitive Systems, inventor of guardINQ:
How did it go at the Global Security Challenge summit?
Graves: Good! We didn't win, but we came very close to it. The judges were impressed with the fact that we can uncover everything that happens on a system, and expressed their confidence in our ability to solve some major problems.
How long did it take to develop the software?
Graves: It has taken 5 years to develop. The first 3 years was as part of my PHD, and the next 2 developing it as a commercial product.
How is your product, guardINQ, like CCTV for computers? Is this monitoring individual hackers or viruses, trojans, malware signatures?
Graves: We monitor low-level operating system data structures. We then convert these into sequences of activity, which we then analyze with our algorithms. This allows us to monitor everything that goes on a system, which has been until now a very difficult task to perform as a great deal of data is produced, and it's hard to analyze this data in a fast and efficient manner. The 'CCTV'-type recordings are lightweight sequences of the low-level data structures, and lend themselves perfectly to being compared rapidly with sequences of known, malicious, activity.
guardINQ is described as "light weight digital fingerprinting software that streams securely to a central server where they are analyzed by a set of algorithms derived from biological DNA sequence matching technology to spot malicious activity patterns." Can you further describe how this exciting software may put a serious dent in cybercrime?
Graves: The sequences I previously mentioned lend themselves perfectly to being analyzed and matched to known sequences of malicious activities. The activities we sequence and match are kind of like DNA sequences in that they can be rapidly identified and matched with other sequences. The algorithms are interesting because of their ability to detect subtle differences between sequences. So, we can detect the difference between malware accessing a database and a human accessing a database. In addition, we can analyze this data quickly and efficiently, which means we can deal with the big data produced by an organization. The central server is usually located within the organization that deploys our software.
"Known fingerprints are flagged" -- is this someone hacking into another person's PC or server, trying to install malware, or watching every bit of activity on a server that a user accesses if your software is loaded?
Graves: Yes, it's flagged if our software is loaded on a system. This can be someone hacking into a system, which would consist of a number of fingerprints showing a highly detailed view of all associated processes.
From a privacy angle, is it collecting personally identifiable data on users who access a server?
Graves: It doesn't track any of that type of high-level information. It's application agnostic, and at most will only track the name of the files.
How will guardINQ be unlike competitors and inform "the full story of WHO WHAT WHERE WHEN and WHY the incident occurred?"
Graves: Our competitors take high-level operating system logs and others, which takes cumbersome and inefficient correlation techniques. We don't use these files, and get right to the heart of the matter by monitoring everything. This allows us to reveal the who, what, where and when.
Inquisitive Systems will be releasing guardINQ as an enterprise-level piece of software in about six months. I'm fairly excited for if it works as well as it appears it will, hopefully cybercrooks will be stopped and locked away at a rapid rate.