A Self-Flying Drone and an Autonomous Cyber-Compliance Engine are more alike than you think...
November 8, 2016
A couple of folks have said “Don’t just tell me the time, tell me how the clock is built”. This is counter-intuitive and so I thought it would be a good idea to give you an inside look into the architecture of the Entreda Unify platform (www.entreda.com), especially given all the talk about drones at CES 2016. Unify is the customer facing brand while autonomous cyber-compliance (ACE) is the internal name for our product.
Some major strides have been made in how enterprises (both large and small) draw up their cybersecurity policies. The key objectives of the policy-setting phase for any organization are:
Ensure that the written cybersecurity policy meets the requirements of a specific regulation, or information security framework (for instance a regulating body like SEC or FINRA for the financial industry)
Capture the existing plan of record for cybersecurity policies and procedures in an enterprise
Outline contingency, incident response or risk mitigation plans
Policy Compliance, or Policy Assurance:
So, the next phase is a much more interesting one and that's policy compliance, or as some folks call it - the policy assurance phase. Let's first define what this phase is NOT. The policy compliance phase involves way more than just continuously testing the established policies. As data becomes abundant in the world of infrastructure technology, cyber risk analysis and resulting action becomes quite complex to handle manually. Specifically, the decision-making process becomes prohibitively challenging as resources are at a premium for compliance, legal and IT departments in highly regulated industries or geographically distributed enterprises. So, these types of enterprises are best advised to develop a policy compliance "brain" or an automated system to ensure active policy compliance.
Remember, cybersecurity compliance is not an offline activity but rather an inline one.
So, What is ACE?
This automated system, we call an autonomous cyber-compliance engine, (or ACE) is a "software organism" (my term) that automatically does all of the following items (flawlessly):
Understands regulatory requirements from relevant information security frameworks and regulatory mandates,
Draws up standardized governance policies
Verifies compliance 24x7 on all infrastructure assets under management
Triggers remediation work flows through smart integrations with infrastructures security applications
Generates compliance reports
Here are some of the key components of this automated cyber-compliance engine (ACE).
1. Cybersecurity Agents or Sensors:
Let's just say the data agents or sensors gather information about the security posture of the infrastructure under management, which may include devices, users, network traffic and stored data. In some cases, these agents could utilize existing end-point, network protection or SIEM systems but in reality, these sensors would need to be broader in scope and inclusive of historical user behavioral patterns. For instance, ensuring that all devices are patched is good to know but more useful would be to know what's the frequency of patches applied to the device and does the user, or device get patched when patches are available or only after being prompted 8 times. Time and frequency reference is an important consideration to build proper context.
2. Data pipeline or the nervous system:
A real-time data pipeline to ensure that all data gathered is classified and then routed error-free from the agent to a centralized hub for additional processing. Classifying data is an important consideration as high priority or time-sensitive data needs to be locally processed while other data routed to a centralized hub for additional processing.
3. Correlation, Deep Analytics and Scoring or the "central processing unit":
This is where all the magic happens. Policies and regulations are encoded for the correlation engine to process and then applied to the data. The rules engine verifies functional and contextual compliance to the encoded rules. The result of the rules engine is compared to historical user behavioral patters or 3rd party crowd-sourced analytics. In short, compliance is NOT a simple binary result but instead scored based on a number of risk factors that are taught to the system.
4. Remediation Work flows, or the functional parts - "rotors":
Based on the results compiled by the correlation and analytics engine, remediation work flows are triggered ranging from specific actions to simple alerts and notifications. Remediation work flows and integration with existing infrastructure cyber protection systems is crucial to ensure real-time action resulting from all the complex processing conducted by the central processing unit.
5. Reporting, Visualization or user interface:
The user facing reports and data visualization component is perhaps the most visible attribute of the system. This includes all the user facing alerts, notifications, regulatory compliance reports or audit-trail and real-time dashboard.
Sid is the Co-founder & CEO of Entreda (www.entreda.com).
Sid has over fifteen years of software and hardware technology expertise spanning cybersecurity, enterprise cloud infrastructure and software applications for financial services and other regulated industries. Sid led a program to accelerate Suite B cyrptographic algorithms in hardware as specified by the National Institute of Standards and Technoogy (NIST) and as used by NSA's Information Assurance directorate in solutions approved for protecting National Security Systems (NSS). While studying at Berkeley, Sid worked on software projects involving foundation-based internet and open source protocols widely used today to connect servers on the web, deliver email or transfer files securely and efficiently. Sid holds dual bachelor of science (B.S.) Degrees in Electrical Engineering and Computer Science from UC Berkeley.