RSA 2016: It's Time to Turn Big Data into Action
The big news at this year’s RSA show was big data and the Cloud.
In a sea of vendors and 40,000 visitors at RSA 2016, I found a UK-based firm with intelligence community legacy partnered with an industry pioneer, an Israeli company with a new technology to accelerate network speed and leverage big data analytics and a university-incubated start up that helps law enforcement fight crime and predict terrorism through “game theory” software.
I had the pleasure of interviewing Nicole Eagan, CEO of Darktrace, and seeing a demonstration of their product. It was without a doubt one of the best products I have seen at RSA in a number of years. The approach operates as an Enterprise Immune System: while an infection is expected and may negatively impact you, the key is to remain operational. In fact, Darktrace can actually “slow down” elements of an ongoing cyberattack in order to respond more effectively, and be proactive during “in progress” situations. Think of it as a “digital antibody” that can quarantine portions of the attack without the adversary knowing it.
The solution involves an onsite appliance, and a multi-year (3-5 year) subscription that includes analyst support to review your operation on a regular basis (weekly/bi-weekly), depending on the contract Service Level Agreement (SLA). According to Eagan: “We make sense of the environment and act as an external set of eyes for the CISO. We give them the top threats by understanding genuinely abnormal behavior changes in the network.” British Telecom was an early customer (now partner) where Darktrace was dropped into its Security Operations Center to learn “patterns of life” across 40,000 network devices. After seven days of service, this sophisticated solution uncovered only five real-world threats. The lack of false positives across a network of this size was unprecedented, and very welcomed, at BT.
While the solution utilizes machine learning to scale across ten of thousands of devices to learn behavior, the “Antigena” solution can also act as a machine learning tool that understands the actual behavior of a “human analyst” and builds that knowledge back into the platform to let networks use that information to self-defend. Eagan reasons that Darktrace machine learning is a huge advantage in that, “People can’t move at machine speed – cybersecurity is way beyond hand to hand combat.” Today, Darktrace has customers globally in the largest financial firms, stock exchanges, transportation hubs, retailers and government agencies. Eagan noted, “The era of machine fighting machine is here.”
Another executive focused on the future of the cyber industry and product innovation is Brian Dye, Corporate Vice President & GM, Corporate Products at Intel Corporation. He is responsible for Intel’s global corporate security products, strategy and solution delivery. Together with Chris Young, General Manager, they drive the Intel Security Group forward.
Dye elaborated on Cloud services and added, “I have not had one customer meeting at this show where the Cloud discussion was not addressed as a business priority.”
Personally, what also impressed me was his understanding of the broader business issues involving the Cloud’s impact on the “sales process,” from product strategy and support to sales compensation plans. He sees Cloud models requiring managed services and multi-year subscriptions. Dye said: “There are essentially three areas to consider in the Cloud market: (1) Technology, (2) Route to Market and (3) Financial/Business issues, and all three have the common theme of ‘pace.’”
Regarding revenue recognition, Dye made a strong point citing that Intel Corporation provides leadership focus on long-term strategic thinking and planning, as a core competency of the company. Dye added, “This is also a competitive advantage, especially when considering that the Cloud represents a shift away from a traditional business model (and revenue recognition) to a subscription-based model, which is backend loaded. Intel Corporation has a long-term business planning mentality, experience in global market cycles, and deep pockets, that many smaller firms simply cannot match,” he said.
As for the foreseeable future, Dye sees a hybrid model playing out in Cloud delivery. “We have a physics problem,” Dye said. “There is a network bandwidth issue required to fit the vision of Big Data Analytics, and not every business is the NSA.” Therefore, a combination of local compute and a subset to the Cloud makes sense in Dye’s view. “Hybrid is the dominant model we see – keep critical data internal, and non-core in the Cloud,” Dye said. This Cloud stuff is simple!
The Israeli cyber market has gotten a lot of well-deserved positive press over recent years. Checkpoint Systems founder Shlomo Kramer recently started CATO Networks, with the idea to “Make Network Security Simple Again.”
I met with Gur Shatz, the company’s co-founder & CTO, who was the co-founder & CEO of Incapsula Inc., a Cloud-based Web security company. Shatz told me right off the bat that CATO provides an infrastructure and Cloud network play that plans to rebuild the network as a Cloud service. He elaborated that “The choke point is broadband access, and I just don’t understand an ‘appliance vendor strategy’ in today’s cybersecurity environment – there is not a single logical choke point for securing the network? CATO delivers network-based security that pushes appliances out of the house.”
CATO builds the backbone platform internally and deploys into Tier 4 data centers globally, similar in concept to a carrier model. They upgrade the inefficiencies of the Internet’s “late 1980s technology” and create a Software Defined Infrastructure (SDI). CATO deploys proprietary protocols in a single stack software implementation to accelerate network speed. This approach embeds security from the packet level all the way up the network stack. Shatz is fond of saying, “Security is the only place where the Cloud is not overhyped.”
CATO Networks might be on to something big. And if so, they might be a potential solution for the physics problem of moving big data to the Cloud for analytics.
Flying below the radar at the show was Zare Baghdasarian, former co-founder of Monterey Networks (Cisco Systems), and co-founder & CEO at Armorway, a start up incubated at the University of Southern California with funding from DHS, DoD and The Army Research Office. Armorway’s software uses cognitive analytics (behavioral, predictive and competitive), machine learning and patented game theory algorithms to transform collected data into intelligent and actionable strategies.
Baghdasarian said, “We utilize cognitive analytics to develop countermeasure recommendations that go beyond the scope of merely sifting through volumes of data looking for trends.” The company’s Trust software identifies inside threats within an organization and its supply chain through data analysis and machine learning. The company’s Sentinel software is a flexible big data solution processing massive amounts of information – past criminal activity, incident reports, social media, event schedules, CCTV feeds and more to make strategic and unpredictable recommendations to best prevent external threats.
The interesting thing about the company’s Armorway solution is that it can bridge security between the physical and cyber domains. “Our platform transcends performing data analytics in a purely cyber domain. From behavioral modeling to real-time situational decision-making, we drive our clients towards their desired security outcomes,” said Baghdasarian.