What do you get when you add together: Two basketballs; six people wearing black or white t-shirts; and a chest-beating gorilla? Oddly enough, a great analogy for the challenges information security professionals constantly face (more on that in a minute ...).
We'll be talking about security challenges of all kinds at the 2016 RSA Conference in San Francisco, Feb. 29-March 4. To gear up for the event, we’re getting to know some of SAS’ subject matter experts like principal domain specialist Mike Funk, whose focus is cybersecurity strategies.
Mike has a cool last name -- and a cool job, helping companies address their cybersecurity challenges. Since most companies’ security needs are inadequately addressed (as evidenced by many high-profile compromises), Mike is a busy man. With more than 20 years experience, he brings a holistic understanding of how IT infrastructure and enterprise security environments function.
Q: After working in IT positions with the US military, health agencies and federal government, as well as commercial organizations, what excites you most about what you do?
Ultimately, I want to build a better solution for eliminating waste. This sounds altruistic, but it’s true. Cybercrime really comes down to waste. For example, unsolicited bulk email, or spam, currently accounts for 60 to 80% of e-mail traffic worldwide. Spam has steadily grown since the early 1990s, and it’s commonly spread by Botnets, computers secretly controlled by scammers to send spam without using their own computers.
It’s incredibly frustrating and disappointing to see more than half of email traffic consumed for spam delivery. Add to it that much of the spam contains new malware and viruses every week. The pervasive, expensive nature of these relentless and ever-evolving attacks result in tremendous waste. It costs us all time, money and resources.
Q: What do you see as the biggest cybersecurity challenge?
I’d say IT infrastructure complexity. Organizations are challenged with understanding their entire environment and its desired behavior. This drives the need for strong configuration management including systems, services, identities (users), non-person identities (system/service accounts) and change management processes. And it must be scalable in a consistent way for the enterprise.
The more complex the environment, the more opportunities for unauthorized access. A typical enterprise will have thousands of access points for people and other systems to conduct business.
Imagine a bank has 50,000 doors leading to a number of vaults that hold different types of valuables. Each of the vaults has a certain number of doors leading to other vaults. Each vault and its doors have different levels of protection based on the types of valuable in the vault. Some of the doors have strong locks, some doors have flawed locks, some doors have good alarm systems, and some doors are unknowingly left open. It’s incredibly complex to understand and monitor how each of these vaults and associated doors should work. But if you know the infrastructure and how it should perform, you can monitor its behavior and identify anomalies or misbehavior.
If a low-priority vault is breached, followed by a higher priority vault and so on, detection of that misbehavior becomes critically important. Now imagine this breach happens amid 200,000 events per second. You can see the scalability issue at hand.
The hard part is building the right tools, then making them durable and effective in the ever-changing landscape of cyber threats.
Q: How do you see analytics as a solution to these challenges?
A great experiment was done several years ago called The Invisible Gorilla. The idea is that we miss things in our environment. But we would argue that’s not true. In the experiment, subjects were asked to watch and count iterations of basketballs being passed around by six people. A gorilla comes into the picture for nine seconds and half of those watching missed the gorilla completely!
Computer networks work very much the same way. Organizations have numerous protections enabled. But there's always something they don’t see. And that’s where analytics come into play. Analytics fills the gaps to catch things that would be otherwise missed. Analytics allow for continuous visibility even for those things that we don’t expect to see. It’s an incredibly powerful tool.
We’ll likely be in business rather than gorilla suits, but you should definitely talk with us to find out how cyberanalytics can help you scale your network security. Meet Mike and the rest of the SAS team at the RSA Conference in Booth 4234. We'll show you how SAS can give you THE POWER TO KNOW®.