Traditional rules for cyber defence are not just out of date they are impotent. There is no such thing as inside or outside a network anymore, Cloud, BYOD, email, USB drives and the exponential growth of IOT devices have seen to that. Malicious code dormant in a network for months or years can activate for a fraction of a second, well below the threshold many security teams work to and wreak havoc on the integrity and value of data targeted, before anyone is any the wiser. Artificial Intelligence based attacks morph and change so quickly that any rule based compare, contrast and respond mechanisms are hopelessly outmanoeuvred.

So what do you do? First you have to have a change of mind-set that moves you away from “build the walls higher and thicker to secure the network” to accepting that the threat is already in the organisation and your systems are potentially compromised. You have to accept that you can’t keep the threat out, you can’t fully define it and it may be just as human in nature as technical!

If you accept the above, agree that your approach has to be wider and more holistic in nature, then you have a lot you can work on. All businesses work to a standard “modus operandi” in terms of qualitative and quantitative information flows, time of day, what and who is connecting to what, device activation procedures etc. etc. If you track a normal day across your global business at a network, user and device level, patterns emerge between naturally occurring groups of devices and behaviours. Once you understand “normal” any deviation from it could indicate live and in-progress threats. “Normal” clearly does change and evolve and this is a pattern in its own right, if you can understand this through a process of continuous self-learning then you will have a system that knows you and grows with you.

So what if you could mimic an approach similar to the human immune system? Our own body is continually learning to understand and act on what constitutes a threat to us, evolving, changing and learning from the environment we are in. There is a company called Darktrace that has developed an approach called The Enterprise Immune System which acts in a similar way to the above. Built on a foundation of Bayesian mathematics and unsupervised machine learning, the system analyses complex network environments to learn a “pattern of life” for every network, device and user. Any deviation from the normal pattern of life is a potential threat and can be acted upon accordingly.

 At TelcoSale we are a Referral Partner of Darktrace and would welcome the opportunity to demonstrate how The Enterprise Immune System could help keep your enterprise healthy.

Please call us on 44 1737 457 745 / Mobile 44 7891 280175 or email us at info.telcosale.com