The Cyber Security Remediation Bottleneck

By: Mark Cummings, Ph.D.

Cyber crime is one of the largest industries on the planet. We are getting better at detecting breaches. Fixing things, not so much. The bottleneck is remediation – stopping the attack and closing the hole the attacker came through. This is because remediation is a manual process. The only way to make things better is to automate remediation. In doing so, it is helpful to use the human immune system as a model for what is needed.

The improvement in detection has come through behavioral analysis. Behavioral analysis is an automated process. It observes system behavior and detects changes in behavior that indicate an attack. But, once a cyber intrusion/compromise has been detected, incident response falls back to manual processes. Problems with speed, reliability, and available skill sets make reliance on manual response problematic. What is needed is the automated ability to respond quickly. Quick and comprehensive  — addressing any part of an organization’s combination of computers and communications systems under attack. Modeling this overlay combination of automated detection and remediation on the human immune system produces a cost-effective increase in cyber security.

Innovative software technologies have the capability to create such a cyber immune system. This system would need to combine centralized and distributed components, protecting all layers of technology.  It would need to move with functions as they migrate from physical, to local virtual, to hybrid Clouds. It also would need to be able to deal with the dramatic increase in data volumes. Because of its importance, it needs to have high availability. For example, it cannot be shut down for maintenance every time a vendor updates one of the profusion of system components that exists in a large organization.

Cyber Crime Today

Losses in direct cash as well as brand value are large and increasing.

Figure. 1 - The current impact of cyber crime.

Firewalls, virus checkers, and user awareness training have put up an external barrier (a cyber outer skin) that stops 95 percent of the attacks. Unfortunately, there are too many attacks. IDT reports that a typical large enterprise experiences hundreds of cyber attacks per day. The 5 percent of attacks that get through that cyber outer skin cause tremendous losses. The direct cash losses are huge. The FBI estimated that in 2016 direct losses from cyber crime in the United States amounted to $9 billion. But, the brand value losses may be greater. Dyn Corp. lost one-third of its annual revenue within 10 days of its attack. Yahoo suffered more than a $1.2 billion loss in acquisition value as a result of its attack. Equifax, so far has lost one-third of its market capitalization value as a result of its attack.

Figure 2 - The Cyber Security Challenge


Latest Updates