Chris Fedde: Big Data Security Challenges

Hexis Cyber Solutions, a subsidiary of The KEYW Holding Corporation based in Hanover, Maryland, provides complete cybersecurity solutions for commercial companies, government agencies, and the Intelligence Community (IC). Cyber terrorists, organized crime, and foreign governments focus tremendous effort on commercial, government, and military interests as their prime target. Hexis Cyber Solutions’ HawkEye family of products offer active, multi-disciplined approaches to achieve a higher standard of cybersecurity that is based on our expertise supporting our nation’s cyber security and cyber warfare missions to ensure that enterprises of any size, within any industries, can operate at maximum potential.

Golden Bridge: Is big data only useful for large corporations or can everyone benefit? (i.e. SMBs, big business, consumers)

Chris Fedde: If the community architecture is designed correctly, everyone can benefit from big data approaches to security challenges. We believe the best approach to detecting and defending against the most advanced cyber threats requires (1) the collection of large volumes of enterprise event data, (2) sophisticated analytics that detect subtle changes in that data that could represent a new threat, (3) automated remediation techniques, and (4) sharing of threat data amongst the community.

Once a new potential threat has been identified, that threat is verified using diagnostic techniques. After verification, the behavioral signature of the threat is passed to a community master system that validates the new threat behavior then distributes it to all operational systems. Thus small and medium size businesses with operational systems subscribed to the community threat feed benefit indirectly from significantly larger scale implementations at bigger businesses. Ultimately, we believe a scaled down version of the system for consumers could tap into this new form of threat feed to address more advanced adversaries.

Chris Fedde is the President of Hexis Cyber Solutions, Inc., a subsidiary of KEYW Corporation. Mr. Fedde joined KEYW in May of 2013 and was appointed President of Hexis in July 2013. Prior to Hexis, he was President and CEO of SafeNet, Inc., a global leader in data protection. He was named CEO in May 2011, having more than a decade of executive leadership at SafeNet including President and COO. Prior to joining SafeNet, Mr. Fedde was Director of Secure Products at Harris Corporation and served as Engineering Manager at Motorola. He holds several patents for wireless technologies.

Golden Bridge: Is all the talk of Big Data security challenges just hype or something that needs to be taken seriously?

Ray: The talk of Big Data security challenges needs to be taken VERY seriously. Enterprises spend billions of dollars every year on new perimeter defense systems and yet still the headlines are littered with stories of major corporations suffering breaches by advanced threats. Why? Because no perimeter defense can be 100% effective if the threat has the resources, patience, and determination to get in. We believe the only way to effectively detect and defend against these threats requires the use of Big Data approaches.

The most advanced threats to government and enterprise networks today continue to develop new techniques aimed at reducing the “digital exhaust” they leave behind when they are operating in a network. Our development team has spent many years operating in the highest end cyber missions in the U.S. Intelligence Community and knows well the tools and techniques necessary to sniff out this digital exhaust. It requires collecting large volumes of enterprise event data, storing it for long periods of time, and running sophisticated analytics capable of detecting subtle changes in network or user behavior that could represent the presence of a new threat. Without the ability to compare new events in real-time against patterns seen in possibly billions of other events, advanced threats could go undetected until it’s too late.

Golden Bridge: How can organizations effectively enforce policy-based countermeasures to diagnose and mitigate threats?

Chris Fedde: For policies to be effective, you have to establish the right sets of baselines – and for countermeasures to work well, you have to understand the scenarios you are trying to avoid. This starts with determining your most high-value assets, how they are currently accessed, and by whom. You then start collecting event data about the interactions with those assets: individuals with approved access consistently come from the same IP addresses during these specific times, and do these activities with these assets. Now you have a really good perspective on whether you need to set up policies around that access. Next, you start to look for variances. When someone appears to be interacting with one of your high-value assets in a way that is atypical, you can start with a small countermeasure (request second set of credentials) or something more severe (block the port, deactivate the device, etc.). Again, you could only do that if you have the visibility and confidence to know what you are looking at and why it deserves a second look.

While this might seem so basic, many organizations – even the biggest ones – don’t do basic trending/baselining analysis around their prized assets so their policies are not enforceable or they lack the confidence to deploy countermeasures. It really starts with a mindset – a “metrics-minded approach” – that drives every decision about what to collect, how often to look at it, and why.

Golden Bridge: What trends do you see in enterprise data analytics in the coming years?

Chris Fedde: We must evolve our focus from big data to big judgment. This occurs by innovating the way with which our cadre of IT security analysts work with and perceive information. Today’s analysts spend too much time manually querying and logically ordering data onto their desktops. An organization’s goal should be to shift analysts’ energy away from data querying and management and onto analytic strategy development and composition. By creating an environment that fosters the authorship of analytics purely through visualizing data resources, methods, and logical operations, you can eliminate the need to manually interact with data. This enables analysts to focus their energy and the most creative part of their workday on the authorship of advanced analytics. Time is shifted from sifting through large volumes of data to interrogating ones logic in the definition and optimization of an analytic. Furthermore, by creating a framework where analytics can be readily reused and composed into other analytics, you can create an ecosystem where predictive analytics can rapidly materialize and prescriptive analytics will increasingly emerge within organizations.

Company: Hexis Cyber Solutions | Hanover, MD 21076 USA

Categories: Featured

Tagged as: