Articles
Pages
Products
Research Papers
Blogs
Search Engines
Events
Webinar, Seminar, Live Classes
Thursday, 18 January 2018 01:56

Using cyber intelligence to find the bad guys quicker and faster

By: 

Don't think the police will help you find, let alone catch, cybercriminals if they make off with your corporate loot. And don't think this is only a problem for companies in other countries. South African businesses, like South Africans themselves, are increasingly being targeted.

The story of a local bank being taken for R300 million by cyber criminals who had 100 people withdrawing money from ATMs in Japan made the headlines. But South African companies, unlike their US counterparts, are not required by law to report cases of cyber theft so how much more have gone by unmentioned? The bank reportedly never got its cash back so it's still wise to secure your systems from attack; the more proactive the better.

The likelihood of cyber attackers plundering your vaults is already vast and growing daily. The threat landscape today is highly sophisticated but our defenses are typically outdated and reactive systems. That's because today's hackers are often young professionals who work for organized crime syndicates and in many cases, they target specific, high-value organizations.

A colleague of mine from our business partner, IBM, which supplies the i2 Enterprise Insight Analysis solution, worked with the Mexican secret service to combat drug cartels funding organized cybercrime, for example. The cartels have a well of finances the envy of many enterprises so they get the best skills, the best tools, and they have time on their side.

The i2 solution is a sophisticated, next-generation threat analysis solution used by the Mexican secret service, 32 out of 36 police organizations in the UK, including MI5 and MI6, the FBI, Israel's Mossad, various military units, and the police in South Africa. It has evolved to be relevant by helping catch bad guys for 26 years and is now commercialized and available for enterprises.

The reason you need it yourself instead of going to the police for help, when they already have this tool, is that they are under-resourced, just as their counterparts are elsewhere in the world. And they have much bigger physical world crime issues on their hands. They are good at kicking down doors. They're less experienced at hunting cybercriminals who lurk in basements behind packet sniffers, tapped cables, and who make man in the middle attacks on obscure data centers in Brussels back rooms.

But to get the cops to kick in a specific door you must be able to reliably tell them which one. That's what IndigoCube is doing with i2. And it is helping businesses understand their vulnerabilities at any given moment - as well as giving them the tools to investigate, rapidly find the perpetrators, and give law enforcement actionable insights.

Another fact of cyber attacks is that they almost never materialize out of the blue and they're almost never successful on the first attempt. They typically occur in stages. The crooks test your defenses, fail, and return with new approaches to defeat your static counters. They're fluid and you're not, the warning signs are usually there, and we would have seen them had we looked.

We need to keep tabs on insider fraud via structured transactional data, chatter in the deep Web in services such as Pastebin, unstructured data in our internal reports, and social media feeds where more human chatter occurs. We wrap that up in a dashboard that's easy and quick for executives to keep an eye on but into which they can drill as deep as they like to ascertain the precise facts.

Behind the dashboard, tiered security with intelligent analyses forms sophisticated barriers that help you pivot faster than the bad guys. Tier one firewalls have policies that zap IPs that originate from countries in which you don't operate. They trap known malware and vaporize it. They trap large attachments for human inspection. At tier two you correlate events. They take care of what's known as the 5km, one-minute card rule where a single bank card cannot be used to withdraw money from two different ATMs, 5km apart, within one minute of each other.

Once you've matured tier two you begin to create the intelligence I've spoken about. It's tier three, human-driven intelligence with automated help that visualises the associations to feed intelligent questioning. And the entire time it's updating the dashboard vulnerability scenario so the executives can see that cutting security personnel or other resources increases work in progress and cycle times, indicating problems, and demonstrating their exposure in light of legislation such as Protection of Personal Information (POPI) Act.

It's an approach that helps you find the crooks when they're still trying to access your systems and helps you feed law enforcement actionable intelligence they can use to kick down doors

keep your mobile employees connected wherever they call work with WAVE OnCloud push-to-talk service.

Source: This article was published itweb.co.za

Leave a comment

Get Exclusive Research Tips in Your Inbox

Receive Great tips via email, enter your email to Subscribe.
Please wait
online research banner

airs logo

AIRS is the world's leading community for the Internet Research Specialist and provide a Unified Platform that delivers, Education, Training and Certification for Online Research.

Subscribe to AIRS Newsletter

Receive Great tips via email, enter your email to Subscribe.
Please wait

Follow Us on Social Media