Updating a defence classic for machine speed cyber protection

Amit Roy, executive VP and regional head for EMEA at managed security services provider Paladion, discusses cyber threats and how organisations can intelligently protect their IT infrastructure.

Tags: Paladion (www.paladion.net/)Systems integrator
  • E-Mail
Updating a defence classic for machine speed cyber protection Amit Roy, executive vice president and regional head, EMEA at Paladion.
By  Staff Writer Published  August 29, 2017

Effective cyber defence today needs lightning fast intelligence and rapid remediation. Attackers are now much faster and smarter than before. Enterprises can no longer take months, weeks, or even days to understand if attacks are in progress and what to do about them.

It may be surprising therefore to know that a classic military concept from the last century is still an excellent basis for next generation cyber protection.

The OODA (observe-orient-decide-act) loop was defined by Col John Boyd in 1950s as a process for reacting intelligently to any stimulus, including attacks and threats. OODA's principles are as relevant today as they were at its inception. Applied in new approaches of managed detection and response (MDR) and machine learning (ML), they can significantly lower security risks and improve security postures.

Both traditional and next generation cyber defence use OODA to put their protection into action, but in different ways. Conventional cyber defence, like that of managed security service providers (MSSPs), often focuses on log data, whereas Paladion's CyberActive MDR extends to end-point data, user data, network flows, and more. Where an MSSP then works with set rules and policies to pick out threats, MDR broadens and deepens the analysis with data science. In the third step (decide), an MSSP may base its plans solely on individual threat alerts: in MDR, however, entire attack campaigns and kill chains may be addressed as well. Where an MSSP may limit its actions to coordination of a response to a threat, MDR can go further to provide tailored instructions (playbooks) to enterprises to help them stop the current instance of the threat and prevent recurrences in the future.

Artificial Intelligence

Artificial intelligence (AI) working with human intelligence is a powerful and cost-effective way to improve cyber defence. Machine learning (ML) is one of the branches of AI, and can be used to great effect in managed detection and response solutions. Our machine learning algorithms helps discover new attack models, as well as the most effective ways of combating them. As the term "machine learning" suggests, the machine learns from past data and new data, using big data management and processing techniques to sift through wide-ranging input to present its conclusions.

Paladion's CyberActive MDR uses big data processing and is combined with a range of security data analytics to achieve the most effective ML capabilities. Indications of threats that might have been missed by traditional security approaches can be revealed in an advanced MDR solution by:

Managed endpoint threat analytics

Managed user behavior analytics (UBA)

Managed network threat analytics (NTA)

Managed application threat analytics (ATA)

Managed breach analytics

With Paladion's MDR service, identified threats can then be validated in minutes and containment and remediation organised within hours. By comparison, conventional cyber security approaches may take hours for validation and days for establishing a suitable plan, and it may still miss certain threats or combinations of threats that MDR can identify.

Detecting and stopping attacks even before they happen

Our specialised MDR teams use these data analytics and machine learning resources and also push the boundaries of OODA even further to identify threats and attacks earlier - even to the point of tackling them before they happen. Commonly occurring attacks elsewhere can be assessed for the risk they pose to a specific Organisation and preventive measures taken. Likewise, attacks that have already been detected and remediated in one part of an Organisation can be prevented from happening elsewhere in the Organisation.

Thanks to the continuing application of OODA as part of advanced MDR strategies and technologies, end-user Organisations can now be measurably more secure. In addition, rather than having to buy their own systems and hire in specialised staff, they can leverage MDR services like Paladion's CyberActive MDR that are often both more effective and more affordable.

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code