The designers of Stuxnet are on the prowl again. Last year their computer worm sabotaged machines worldwide that were being used for uranium enrichment. Now, according to cyber security researchers, the people who brought the world Stuxnet are poking around the Internet looking for digital information they could use to launch another similar attack. Their agent: a program called Duqu.
That news is scary enough on its own, but it’s just one threat among the tens of thousands that menace businesses, governments and personal computers every day. Malware used to be mostly the work of malicious hackers intent on gaining anonymous satisfaction from their exploits. Now the stuff is being produced on an industrialized basis by sophisticated crooks, industrial snoops and governments. At the same time, the variety and sophistication of their handiwork is growing rapidly.
As a result, organizations have to think differently about cyber security. “A lot of companies have woken up to the fact that traditional security measures are not enough,” says Latha Maripuri, director of IBM Security Services. Her advice: Organizations need to develop a capability for what she calls “security intelligence”–the ability to understand what’s coming at them real-time and to react appropriately and effectively before great damage can be done. They need smarter cyber security.
Like a lot of human-made systems, computer networks and their components are a snug fit with the Smarter Planet vision. They can be instrumented to monitor for malware intrusions and infections. Their interconnectivity is a source both of vulnerability and of strength–if you assemble defenses that protect the entire system holistically. And the immense amount of data, communications and transactions being handled by today’s networks and computing systems means there are plenty of opportunities to use analytics to mine nuggets of intelligence about vulnerabilities and problems.
The newest analytics capability that’s being brought to the security realm is security information and event management. Using a package of software tools and services, organizations can monitor threat activity across their entire computing infrastructure; collect all the info in a central depository; and analyze the data looking for trends and patterns. Based on what they learn, they can set priorities for their security investments and proactively set policies designed to harden defenses against intrusion. The newest new thing is real-time data mining–software that spots suspicious patterns on the fly. “Analytics helps you decipher what is abnormal behavior,” says Maripuri. “You can’t stop something unless your recognize it as a problem.”
The security services organization that Maripuri supports not only monitors individual client activity but gathers data from more than 4,000 clients and compiles it to spot patterns. Think of it as a global intelligent early warning system.