Computer Security: Adapt or Die
As security threats evolve, systems will have to become adaptive and resilient.
Computerworld - Intel Corp. is developing a way for networked computers to “gossip” among themselves, sharing their experiences and “beliefs.” The idea is to stay a step ahead of hackers.
For years, the backbone of computer security has been the use of tools, such as firewalls and virus scanners, that base their actions on knowledge, or “signatures,” of past attacks. But this has two problems: The tools generally don’t recognize new threats, and they can’t be updated rapidly enough to deal with fast-spreading exploits.
The answer, IT researchers say, lies in new tools for “adaptive and resilient computing security,” the name of a recent workshop sponsored by the Santa Fe Institute and BT Group PLC.
“Signature-based technology is limited,” says Robert Ghanea-Hercock, a research engineer at BT in London and the leader of the workshop. “For cutting-edge day-to-day protection, you’ll have to have adaptive things that monitor what’s happening on the network in real time.”
That’s just what Intel is developing. “Anomaly detectors” at local nodes on a network look for evidence of worms, such as unusual spikes in activity. A machine that normally makes just a few network connections per second might suspect that something is amiss if it is suddenly instructed to make connections at a higher rate. So, using a peer-to-peer “gossip” protocol, it transmits to other machines its so-called belief, in the form of a probability, that the network may be under attack. If the total number of beliefs that any given machine receives from other nodes is high enough, it will assume that an attack is under way and take some defensive action, such as sounding an alarm or disconnecting from the network.
Intrusion-detection systems that look for anomalous behavior are not new. And it’s not hard to detect an intrusion by a fast-spreading worm such as the infamous SQL Slammer, which infected more than 10,000 machines per second (response is a different matter). But more recently, hackers have deliberately slowed the spread of their malware so it will pass under the radar of conventional detectors.
The era of massive, highly visible worm attacks has largely passed, says Richard Ford, a computer science professor at the Florida Institute of Technology in Melbourne.
“Now what we are seeing is that hackers keep exploits close to their chests and use them for high-value targets,” he says. “That dramatically changes the threat profile.”
The Intel prototype, called Distributed Detection and Inference (DDI), uses Bayesian probability to detect these more stealthy worms. The idea is that if just one node is seeing a big increase in connections, that could be a temporary, random fluctuation, but 50 nodes experiencing even a modest increase in traffic very likely means that the network is under attack and that a protective response is warranted.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts