Vulnerabilities to Cyber Attacks

It seems reports of cyber attacks and massive data breaches are almost a daily occurrence. As time goes on the war against hackers has followed the same pattern as all other wars; each new weapon is ultimately met with a new defense, ad infinitum. Articles and blogs dealing with cyber security are filled with acronyms and buzz words describing the systems and tools used to keep data safe. We hope to demystify some of them here.

Attacks have become larger and more dangerous. Many governments, concerned with the safety of their citizens and institutions, have created legislation to set data security standards that must be followed by those doing business in their country. Penalties for noncompliance may be severe.

The defensive battle now includes the collection of massive amounts of cyber data. Data which must be somehow put together and made sense of in a timely manner. Attacks may be coming from anywhere in the world, from multiple sources, at any time; all from sources expert at hiding their identities.

Two disciplines that are increasingly becoming more important in the cyber war are artificial intelligence (AI) and machine learning. AI’s value is in recognizing security events, taking actions, and automating tasks that would previously have taken time from human resources needed elsewhere. Coupled with AI, machine learning can be harnessed to predict future events and analyze the huge amounts of data needed to do so. As attacks become more sophisticated companies will need to deploy more customized security solutions. Different tools and more layers of security will be needed to keep ahead of the enemy.

Other tools becoming more popular are security orchestration and automation (SOAR) tools. A SOAR implementation would begin with defining and understanding the security issues being faced by the organization and thinking about what actions would solve the problems. Out of the box ideas and solutions should be considered. There is a misconception that SOAR tools only benefit large mature organizations. If the SOAR tool integrates with an organizations existing tools, and the user interface allows solution definition without programming; many smaller organizations then become candidates.

The ability to automate responses to attacks allows the organization to recover valuable human resource time. As the volume of data increases the ability of human resources to properly analyze and interpret the data decreases. SOAR solutions address the resource issue head on. Automation allows a company’s security resources to spend their time on incident investigation and response rather than collecting and summarizing huge amounts of data.

Big Data is a term that describes the volumes of data involved with cyber-attacks and security. Machine learning is a tool that can be used by both sides in the cyber war to improve attacks and defenses. In order to protect against attacks, large volumes of data must be collecting and analyzed. Machine learning analyzes, finds patterns, correlations, and anomalies in massive amounts of data. The result for a security team is a valuable interpretation of the events taking place. Time does not have to be spent by doing work that the machine can do. Simply detecting a security event is of little value. The combination of big data and machine learning makes the data from the event understandable and actionable by the human security resources.

When an organization is preparing to deploy a machine learning solution, preparation time must be devoted to the nature and quality of the input data. How the data must be defined, gathered and prepared is critical to success. The first phase in data collection is to define the types of data needed for the machine learning tool to make proper analyses and decisions. Event data for actual attacks and those that showed as false positives should be included in the data set. Close consideration must be given to including data from as many different types of events as possible. The granularity of all the different event outcomes should be similar. Forecasting requirements must be considered.

Once an organization has confirmed that their data is suitable for a machine learning tool, the data must be prepared for modelling. The data set must be cleaned. Field values must be consistent. This will be a detailed and time hungry effort but must be done properly to insure the value of the end result. Data requirements for forecasting models, building data pipelines to other applications, and any relevant external data sets must be defined.

Data being used as input to a machine learning predictive model must be data that will be available to the system on a going forward basis. The danger of not following this principle is that model data will pass in house testing prior to roll out but would fail during live use.

The amount of time spent in defining, cleansing, and organizing input data should not be underestimated. Highly accurate input data will result in highly accurate machine learning and therefore highly accurate outputs. Preparations for tomorrow’s cyber attacks make accuracy an absolute necessity.

A family of software tools called security information and event management (SIEM) are currently in use by many organizations. The tools collect security log data from many sources, put the data in a standardized format, and analyze the data looking for security issues, and generating alerts. Some systems can take further actions such as blocking malicious activity and running scripts that trigger the reconfiguration of firewalls and other security controls. Different SIEM systems are available as cloud based, hardware based, virtual, and traditional server based.

An organization considering a SIEM implementation must evaluate available systems to find those which will allow their security goals to be met. SIEM systems collect data from log sources. The organization must create a comprehensive list of their log sources which may include, but not be limited to, enterprise security control technologies, operating systems, database platforms, enterprise applications, and other software and hardware.

Each SIEM vendor adds to their log source capabilities on an ongoing basis and generally posts this information on their web site. The organization’s evaluation process for a SIEM tool must include this critical component. Ongoing administration must also be considered as some systems are much more automated than others. The organization must evaluate whether their own logging is robust enough to provide the data needed by the SIEM system. Some of the available products can compensate for native systems that may be lacking through increased log management capabilities.

SIEM vendors typically offer threat intelligence feeds. If the organization evaluating systems desires to make use of feeds the nature, quality, and timeliness of the data in the feed must be an additional point of investigation and comparison. Some top level SIEM systems may also have network forensic capabilities.

The goal of SIEM systems is to automate as much of the activities required to provide a safe environment as possible. That being said, it will also be necessary for the human resources to extract information from the system from time to time to support such things as incident handling efforts. The search and data visualization capabilities of each system under consideration must be evaluated based upon the organization’s expected needs.

Many SIEMs offer automated response capabilities to attempt to block malicious activities occurring in real time. The timeliness, security, and effectiveness of these capabilities must be taken into consideration. Often the local teams are responsible for proving the scripts which trigger the system’s actions.

Another very important consideration goes back to the beginning of our story. That is of course, what legal requirements does the organization operate under and will the system(s) under consideration provide the output needed to support compliance and verification reporting. This requirement is much more critical in certain industries such as health care, pharma, financial, and defense contracting.

We hope that we’ve helped to make some sense of a technical and complicated subject. Very large organizations will most likely have in house resources to evaluate and choose security tools. Smaller organizations will need to arrange for outside expertise. The goal of all is data safe from those who are trying to do harm at a cost that can be supported by the organization.

Did you like this example?

Cite this page

Vulnerabilities to Cyber Attacks. (2022, Sep 27). Retrieved December 22, 2024 , from
https://supremestudy.com/vulnerabilities-to-cyber-attack/

This paper was written and submitted by a fellow student

Our verified experts write
your 100% original paper on any topic

Check Prices

Having doubts about how to write your paper correctly?

Our editors will help you fix any mistakes and get an A+!

Get started
Leave your email and we will send a sample to you.
Go to my inbox