Comments
My opinion
The key is to have a mixture startegy no uncertainty - this is the place AI can be a positive supporter - albeit one marvels whether the very operators sent will wind up taking up their very own existence!!
StalkBuyLove coupon codes
Re: Not immediately but soonish
@JohnBarnes: Now I think we are on the same page. A bad actor's skill is the ability to go undetected and it does not really matter what software skills they use for the purpose. Some of the software you described which could have the ability to simulate and detect a range of intrusions was mentioned in my article on cybersecurity. I am curious how well it works in actual situations.
JohnBarnes
11/19/2017 11:08:18 PM
User Rank Platinum
Re: Not immediately but soonish
Kishore Jethanandani,
Oh, I'm not cavalier about them at all (unless you mean an attitude of "Off with their heads!") And you're right of course that they have to know some things and stay up to date as security against them improves. But it's unfortunately a field where the bulk of what they need to do can be done by a "dumb" bulk process, which means they can produce more frequent and credible threats just as a function of buying more processing power. Beating them can't be done the same way; I don't see a "dumb" brute force security solution. So the bad guys need to know some stuff and spend whatever it takes; the good guys need to know a lot of stuff, spend whatever it takes, and be really clever. There's the asymmetry.
Re: Not immediately but soonish
@JohnBarnes: Thanks for the detailed listing of the steps involved in malicious entry into enterprise networks. From your account, it does seem simple. However, the skill from an intruder's point of view is more in the ability to evade detection software which they are doing better every day. They are able to even beat AI software. If you leaving few footprints, able to masquerade as trusted authorities, and change their guise as they are traced, surely there is a lot of skill involved in that. I am still surprised by a somewhat cavalier attitude towards them.
JohnBarnes
11/19/2017 10:59:15 PM
User Rank Platinum
Re: Not immediately but soonish
Kishore Jethanandani,
Okay, now on this one: yes, you're right that zero-day exploits are hard to trap, because most of the malware detection out there consists of just opening up the incoming suspected software or input, looking for known-to-be-bad code, and shutting it down, isolating it, and wiping it if any is found. It's the equivalent of a no-fly list or of locking the barn when a known horsethief shows up on the security cameras. Because by definition zero-day exploits are built around code that no good guy has seen before, that approach will not work.
You're right again that AI so far has been ineffective; and that's because what AI can do is take more time, read more code, and thus find more of that bad-guy-identifying code, in more subtle places, much faster than people. And as you say, to do that, it has to train on the code.
What is currently in its infancy is having AI watch what the code is doing, decide "that looks weird", investigate, discover by some mixture of its own records and by asking humans "Is this weirdness possibly an attack?", and build up a knowledge base that way. Right now a serious zero-day attack is most likely to be found (slowly, eventually) by an accountant noticing that the company is bleeding money, an engineer spotting the company computers being used to coordinate a DDoS, a routine review that asks "Why did we send this gigantic file -- which turns out to hold 100,000,000 credit card numbers -- to an address in Nowhereia?" Obviously the disaster is the damage being done before it can be detected.
What AI could do -- eventually, which is why I say "soonish" -- is be trained to identify "weirdness" and particularly "harmful weirdness" and step in to ask "What's all this about then? Hold it right there" when it does. That will require training on simulated systems that do a huge array of weird things, which means writing test data generators that have "random weirdness" and "random viciousness" generators built in ... and all that is going to require a lot of smarts and skill from some of the very best minds for many years.
So my point is: there's a realy bad asymmetry here. Zero-day exploits can be built witha fairly cookbookish procedure; all that's needed is some medium level expertise, time, money, and malice. The defenses are going to require substantial advances in AI and probably in computational semiotics in the design of those AIs.
The times are going to be interesting, I'm afraid.
JohnBarnes
11/19/2017 10:41:51 PM
User Rank Platinum
Re: Not immediately but soonish
Kishore Jethanandani,
The process by which malicious invaders find zero-day exploits is a cookbook process. It does require thorough analysis of the target (which open systems unfortunately facilitates), but the basic process is
1) identify fields or more likely pathways of fields, changes in which can work to the malefactor's advantage (e.g. the path that leads to a payment being sent to an account, and the amount of that payment, or the path that leads to a response of a credit card number, password, SSN, etc. That requires careful analysis but not a great deal of cleverness.
2) locate the modules, methods, free-standing functions, whatever the small units of code are called in that system, which modify fields in that path. Find the ones that are far enough down the code path so that they don't have their own security (or perhaps have very simple easily spoofed security). This is done with huge brute-force code-tracing algorithms -- again, not clever works of brilliant minds, just something that looks in every bowl to see if there's a crunchy there.
3) code trace outward from all those small units, looking for unsecured (or again poorly secured) pathways that eventually lead to an outside contact point.
You need huge, superfast systems to do it (or a lot of time on merely-big, merely-fast systems). And obviously you have to understand the target software pretty well. But the actual work of finding the exploit is just writing the brute force software to write a long list of "doors" in the maze, and what doors they lead to, and then check to see if there's a pathway that is all unlocked (or poorly locked -- some internal safeguards are very simple and predictable, more error traps than bad-guy traps).
It needs sophisticated machines and a lot of hard study, but I stand by what I said: It is not a high skill thing, and plenty of low level grunt coders would would be quite capable of doing it (and in some places there's someone to pay them to do it).
Re: Cybersecurity Trade Offs
@mpouraryan The problems are not beyond us. Eliminating the bugs at the outset is a sure shot way to solve the problem. Every other industry produces quality by eliminating errors. The auto industry went through a painful process of reorganizing production processes to achieve zero defects under pressure of competition from Japanese companies. The software industry is thinking about it and some methodologies are emerging as I discussed in my cybersecurity article. But it is unclear why it is taking so long to implement them.
mpouraryan
11/19/2017 7:17:45 PM
User Rank Platinum
Re: Cybersecurity Trade Offs
The key is to have a hybrid startegy no doubt--this is where AI can be a positive contributor--although one wonders whether the very agents deployed will end up taking up a life of their own!!
Re: Cybersecurity Trade Offs
@mpouraryan: No compromise on security, yes. The trade-offs are more about the means you use to stop the bad guys. For example, prevention versus AI.
Re: Cybersecurity Trade Offs
@mhhf1ve: Great point about the costs. Didn't think about that. AI, however, has its limits. The bad guys are feeding bad data to the defenders' learning algorithms and throwing them off. In fact, they are attacking the defenders' algorithms. Seems like a dead-end to me.
|
|
Italy's 5G auction could exceed a government target of raising €2.5 billion ($2.9 billion) after attracting interest from companies outside the mobile market.
The emerging-markets operator is focusing on the humdrum business of connectivity and keeping quiet about some of its ill-fated 'digitalization' efforts.
Three UK has picked Huawei over existing radio access network suppliers Nokia and Samsung to build its 5G network.
Vendor says that it's its biggest 5G deal to date.
Verizon skates where the puck is going by waiting for standards-based 5G devices to launch its mobile service in 2019.
Orange has been one of the leading proponents of SDN and NFV. In this Telco Transformation radio show, Orange's John Isch provides some perspective on his company's NFV/SDN journey.
10/16/2017
Huawei Network Transformation Seminar
The adoption of virtualization technology and cloud architectures by telecom network operators is now well underway but there is still a long way to go before the transition to an era of Network Functions Cloudification (NFC) is complete.
The Small Cell Forum's CEO Sue Monahan says that small cells will be crucial for indoor 5G coverage, but challenges around business models, siting ...
People, strategy, a strong technology roadmap and new business processes are the key underpinnings of Telstra's digital transformation, COO Robyn ...
Eric Bozich, vice president of products and marketing at CenturyLink, talks about the challenges and opportunities of integrating Level 3 into ...
Epsilon's Mark Daley, director of digital strategy and business development, talks about digital transformation from a wholesale service provider ...
Bill Walker, CenturyLink's director of network architecture, shares his insights on why training isn't enough for IT employees and traditional ...
All Videos
|
On-the-Air Thursdays Digital Audio
Special Huawei Video
Tweet This