Impact of Graph Technology and Neural Networks on Data and Cyber Security
Breaches on the Rise
Equifax security breach was characterized among the worst ever in terms of number of people affected and the category of information breached. Information such as names, SSNs, birth dates and addresses are considered Holy Grail of personal data that helps gain access to anyone’s personal, financial and health records. While frequent incidents of security breaches have brought enough anxiety in corporate America, it’s the complexity of managing cybersecurity and addressing unanswered questions that have really got the enterprises nervous.
In order to be successful in preventing such breaches, cybersecurity analysts not only have to be highly knowledgeable about networking fundamentals but also extremely analytical at identifying patterns. Congruously, analysts have to be equally superior at incident response and handling as well as resolving and communicating incidents. Relying on manual analysis in a more complex and breach innovated world is no longer an option for successful detection of security incidents. This has led to several unanswered questions in a digitally transforming and expanding world of data footprint.
This has led to several unanswered questions in a digitally transforming and expanding world of data footprint.
How will companies handle vast amounts of data spanning institutions, jurisdictions and regulations, many of which extend beyond international boundaries? Is there an efficient framework to handle rapidly evolving information spanning these entities? Can there be a way to automate entity resolution across expansive and disconnected datasets?
Tougher Than 2017
Many of the largest and damaging cyberattacks have been state sponsored and carried out by teams with an entire government’s resources at their disposal. Attacks from private entities and individuals have also grown, especially, on social engines. Rapid expansion of volume and variety of security alerts and over reliance on labor intensive analysis has further complicated the cybersecurity landscape as organizations continue to follow the paradigm of building threat detection programs on top of existing tools. The resultant miscellany either hinders growth or leads to a talent shortfall for organizations who can barely keep up with markets in absence of a self-servicing and automated cybersecurity solution.
Let's consider the case of an analyst going through the definition of a regulation and its verbal interpretation to build a new access control. Relying on limitations of human tenability, she has to account for all other preexisting rule-sets required to be fulfilled as part of implementing the control in question. For instance, when writing a universal set of 800 controls with each having 30 different security and regulatory frameworks to follow, a security analyst could be attempting to oversee as many as 20,000 relationships on any given day.
As a result of this, whenever net-new rules are launched, security consulting firms are invariably called upon with job to map edicts into client’s respective Global Risk and Compliance (GRC) database to make sure the new relationships have been appropriately established while prevailing ones are not affected. This is an enormously manual task requiring more work than coding and takes significant expertise to map relationships in the right way. Overwhelmed by data and multiplicity of relationships, this affair quickly finds its way to a major expense item on corporate balance sheet.
Additionally, a lot more time is consumed in processing large amounts of PDF documents with regulation definitions to ensure that current security controls are not overlooked when mapping news ones. This leads us to envision a technology framework that can automatically extract and store entities and relationships, without overlooking any controls, into a Graph database and recommends actionable remediation that’s beyond just compliance checks and reporting.
A technology framework that can automatically extract and store entities and relationships, without overlooking any controls, into a Graph database and recommends actionable remediation that’s beyond just compliance checks and reporting.
Moreover, the technology should be self-servicing and scalable for security analysts to adopt without having to invest time and resources in learning the new approach. Let’s evaluate a framework that makes use of a such technology in combination with machine learning.
Single Security Learning Framework
According to an experiment by Vinay Kumar and Barathi Ganesh, Deep Neural Network (DNN) outperformed the supervised machine learning (XGBoost) on incident detection and fraud detection by 1.00 to 0.997 and 0.972 to 0.916 respectively. Based on this outcome and known benefits of Single View architecture, such as self-servicing and massive document-based item extraction, a Cyber Entity Rendering System can help solve the problem of addressing complexity, interpretation, scale and cost. In fact, all new enterprise security detection solutions leverage Deep Neural Learning and have been for some time before it was categorized as such. It is coined as “anomaly detection” in security industry.
Figure 1, below, shows an example where Graph stores every Infosec/network parameter and structure along with its relationship and supplies extracted meta-info parameters into a Neural Network for detecting an outcome of 0 (benign) or 1 (malicious) with significant probability scores.
Figure 1. Single Security Learning Framework (SLF)
To further validate this, let’s consider another experiment performed by Acalvio Technologies to detect obfuscated Powershell scripts. Findings from this project revealed that DNN outperformed other models like Random Forest and Logistic Regression in terms of precision and recall.
While DNN by itself is transformational, it’s the idea of using Graph database to feed into a DNN that produces the best possible security and operational outcome for an organization. This form of SLF helps save significant amount of time and value spent otherwise on data assimilation, meta-info extraction and the freight of figuring out the best machine learning approach for threat detection.
2020 and Beyond
It is imperative to incorporate graph technologies and neural networks into the cybersecurity field in order to adequately combat a rapid change in relevant threats to organizations. In terms of controlling the data footprint, companies can have the ability to scale their business without having to stress about the impact of cyber regulatory influx on their day-to-day operations.
Enterprises carrying the DNA of innovation with modern data architecture and machine learning are best positioned to win over business demands in a security-tranquil environment unencumbered from regulations, competition and growth.
If you are a CISO and have comments or questions please feel free to reach out to me at email@example.com
I thank Samuel Cure, CISSP, Chief Information Security Officer at AdvisoryCloud for his valuable contribution to this article.