New prevention paradigms for cybersecurity

By
Peter Nichol
-

Cybersecurity experts are quietly changing their approach to security. What you know and value about security prevention is eroding. The federal government’s HR department learned the hard way. You don’t have to.

You probably won’t believe it. The new approach to enterprise security is tectonic; traditional virus protection software is not required. You can stop doing your daily enterprise updates of new virus definitions. The premise that antivirus software is useful in the identification and removal of unauthorized software is flawed. Now introducing the new paradigm of prevention-based incident response.

Past, present and future paradigms

A new paradigm shift is changing the prevailing security frameworks. First, let’s uncover the underbelly of a paradigm.

Thomas Kuhn’s famous book, The Structure of Scientific Revolutions, changed scientific thinking and introduced the concept of a “paradigm shift.” He shared his view that “Men whose research is based on shared paradigms are committed to the same rules and standards.” Whether we’re speaking of concrete scientific achievements, emerging theories or traditional paradigms, old beliefs can slow progress.  What is particularly of interest is Kuhn’s viewpoint that a shift can’t occur using full communication, forced logic or neutral experience. Rather, this uprooting must occur all at once. In other words, you can’t be “half in” when it comes to adoption.

Past, present and future belief systems rest on a bedrock of paradigms: Beliefs that are internalized by the practitioners who study their effects. Several paradigms were entrenched societal belief systems — until they were changed. We are familiar with many of the past paradigms:

  • The Earth is flat.
  • The speed of sound may not be exceeded.
  • The poles of the Earth are stable.
  • It is not possible to split an atom.
  • Steel is solid.
  • Consciousness is inside our brain.

It’s often more intriguing to pontificate about modern quantum physics and unified field theory and the design of future paradigms:

  • There are universes inside of universes.
  • Everything is a “Fractal.”
  • Everything that is happening is the past.

In this modern world, we wrestle with existing paradigms that are accepted, if not overtly then by limited attempts to prove the alternative. Expanded value requires expanding thinking. The U.S. Office of Personnel Management (OPM) data breach presents a transferable case relevant to every CIO responsible for organizational security. A practical case that presents a lesson and has a clear solution.

How the government jeopardized our national security for more than a generation

Thomas Pace, a principal consultant at Cylance, delivered a presentation titled “Dissecting the OPM Breach” at the East IT Leader Forum (#EASTIT), which kicked off in sunny Miami in mid-November and was hosted by Ross Abbott, CEO of SINC USA.

Pace led an amazing presentation on the advanced persistent threat (APT) case study on the Office of Personnel Management data breach full report. APT is a type of threat actor, an “advanced persistent threat.” An APT utilizes network-based attacks to gain unauthorized access to exfiltrate data.

The OPM data breach resulted in personnel records (4.2 million), background checks (21.5 million) and fingerprint records (5.6 million) being exfiltrated from OPM undetected. OPM had traditional antivirus software running. It didn’t help.

This threat went undetected until 2015 (not a typo). Records from current, former and prospective federal employees were compromised from a system called Standard Form 86 or “SF-86.” The template for the SF-86 form is 127 pages, and most applications require additional pages. This system contained detailed lists of federal and military personnel going back 30 years. To emphasize the significant harm to national security, Pace provided one example. He noted that special operatives were not listed in the database. Imagine that there were 15 personnel stationed at a foreign embassy. Twelve are listed in the database, who are the other three? It would not take long to identify the special operatives with this information.

The OPM data breach leaked our country’s most sensitive information, including the identity of anyone employed in a “national security sensitive position.” The data exfiltration encompassed a wide range of personnel at all federal agencies, from employees to contractors. The magnitude of this breach was massive.

The lesson: New tactics are required to thwart security threats — the old antivirus paradigm is no longer effective.

A new security paradigm

Prevention-based incident response uses artificial intelligence to identify threats, dispelling the foundational belief that antivirus software is required.

Are you thinking, “Well that just can’t be?” I’d kindly draw your attention to the past paradigms that were staples of belief — until they weren’t. I didn’t say it would be easy. Changing your core belief system is difficult.

Enterprises primarily use antivirus software and run quick scans on endpoints daily if not hourly. Each of us has been on the receiving end of these “quick scans” that are supposed to run at 3 a.m. but somehow kick off during that critical meeting at 9 a.m.

CylancePROTECT is a product that focuses on the prevention of attacks before they ever cause harm. CylancePROTECT predicts, prevents and protects enterprise endpoints from known and unknown threats by using artificial intelligence, removing the requirement for traditional signature updates.

Cylance takes a mathematical approach to identify malware, using machine learning techniques instead of reactive signatures, blocking threats in real time.

Part of the allure of being a CIO is that as leaders we learn new concepts daily and have the good fortune to share exceptional ideas with our organizations. This paradigm shift is one of those exceptional ideas. It’s worth your attention.

OPM, true believers in the new paradigm

A DLL file was ultimately found masked as a McAfee antivirus executable (OPM doesn’t use McAfee antivirus software). For over two years, OPM was infected with malware while data was exfiltrated from OPM databases. How does OPM plug this breach? How many endpoints points are affected? Think for a moment, how long would it take your organization to respond and address every endpoint in your infrastructure — days, months, years?

Cylance was engaged to evaluate 10,000 endpoints and discovered 2,000 pieces of malware and contained the entire breach in 10 days. The result was nothing short of spectacular. The analysis was conducted within 48 hours, and the entire formal report was delivered in one week.

After the Cylance analysis was completed, a law enforcement entity performed a detailed incident response that spanned three months; they found nothing additional.

The solution: Embrace prevention-based incident-response approaches that utilize artificial intelligence to identify known and unknown threats — threats with no published signatures.

Prevention-based incident response is a new security paradigm that utilizes artificial intelligence and machine learning to predict threats, prevent attacks and protect enterprise environments. A new security paradigm has arrived.

Previous articlePlatform strategies for the co-creation of value: strategies for profit growth
Next articleAn economic driver for life fueled by blockchain: Bitcoin changes lives
Peter Nichol
Peter is a technology executive with over 20 years of experience, dedicated to driving innovation, digital transformation, leadership, and data in business. He helps organizations connect strategy to execution to maximize company performance. He has been recognized for Digital Innovation by CIO 100, MIT Sloan, Computerworld, and the Project Management Institute. As Managing Director at OROCA Innovations, Peter leads the CXO advisory services practice, driving digital strategies. Peter was honored as an MIT Sloan CIO Leadership Award Finalist in 2015 and is a regular contributor to CIO.com on innovation. Peter has led businesses through complex changes, including the adoption of data-first approaches for portfolio management, lean six sigma for operational excellence, departmental transformations, process improvements, maximizing team performance, designing new IT operating models, digitizing platforms, leading large-scale mission-critical technology deployments, product management, agile methodologies, and building high-performance teams. As Chief Information Officer, Peter was responsible for Connecticut’s Health Insurance Exchange’s (HIX) industry-leading digital platform transforming consumerism and retail-oriented services for the health insurance industry. Peter championed the Connecticut marketplace digital implementation with a transformational cloud-based SaaS platform and mobile application recognized as a 2014 PMI Project of the Year Award finalist, CIO 100, and awards for best digital services, API, and platform. He also received a lifetime achievement award for leadership and digital transformation, honored as a 2016 Computerworld Premier 100 IT Leader. Peter is the author of Learning Intelligence: Expand Thinking. Absorb Alternative. Unlock Possibilities (2017), which Marshall Goldsmith, author of the New York Times No. 1 bestseller Triggers, calls "a must-read for any leader wanting to compete in the innovation-powered landscape of today." Peter also authored The Power of Blockchain for Healthcare: How Blockchain Will Ignite The Future of Healthcare (2017), the first book to explore the vast opportunities for blockchain to transform the patient experience. Peter has a B.S. in C.I.S from Bentley University and an MBA from Quinnipiac University, where he graduated Summa Cum Laude. He earned his PMP® in 2001 and is a certified Six Sigma Master Black Belt, Masters in Business Relationship Management (MBRM) and Certified Scrum Master. As a Commercial Rated Aviation Pilot and Master Scuba Diver, Peter understands first hand, how to anticipate change and lead boldly.
Linkedin Twitter Youtube