The Cyber Security Agency of Singapore (CSA) launched the biggest crisis management exercise in its history last July. With participation from sector owners and leads from all of Singapore’s 11 Critical Information Infrastructure (CII) sectors, the 2019 Exercise Cyber Star saw over 250 participants from public and private sector companies, who underwent scenario planning sessions, workshops, discussions, and a simulated attack.
Such precautions underscore Singapore’s awareness of the vital nature of cyber protection. In today’s information age, critical infrastructure systems are increasingly connected. This could also leave them vulnerable to attack.
We spoke to the search and data experts at Elastic to see how governments and firms can make the most of cybersecurity tools to protect vital systems and information.
1. Extensive data processing tracks suspicious activity
To detect suspicious activity, cybersecurity software needs to be able to store enormous volumes of data and process it as quickly as possible. This allows security experts to keep abreast of potential breaches, or even uncover patterns of malicious activity to prevent attacks before they happen.
The importance of data processing speed is deeply appreciated by cybersecurity experts at Oak Ridge National Laboratory (ORNL), the United States Department of Energy’s largest science and energy laboratory. ORNL’s research is facilitated by the world’s fastest supercomputer, Summit, which is capable of delivering 200 petaflops of computing power which is200,000 trillion calculations per second.
To protect the massive amounts of digital information generated, security experts make use of Elasticsearch search engine and Elastic Security for security information and event management (SIEM). Using Elastic, ORNL’s security system ingests over two billion documents each day and maintains logs for 180 days, amounting to over 300 billion documents and 225 terabytes (TB) of data. Yet searching over 30 billion documents takes just seconds with Elasticsearch.
Similarly, the cybersecurity team at Slack Technologies Inc. takes advantage of Elastic Stack’s flexibility, and builds their security infrastructure around the suite. For example, Slack’s cybersecurity team built tools to trigger alerts based on suspicious activity, requiring users to authenticate such actions. Alerts are only escalated if authentication fails, allowing the lean security team to focus their attention on monitoring genuine threats.
The team also uses Elastic’s audit data-tracking capabilities to monitor and trace the users who start different kinds of processes in Slack’s environment. This allows them to trace suspicious activity with a greater degree of specificity.
Such features allowed Elastic to win the 2019 Fortress Cyber Security Award for Threat Detection, which recognised the Elastic Stack’s ability to securely and reliably ingest and analyse data in real-time to assist security analysts.
2. Targeted machine learning generates more efficient outcomes
In addition to processing potential, cybersecurity software can stand out through incorporating advanced machine learning models. These models identify patterns and form generalisations that allow them to automatically identify malicious files and behaviour in datasets.
Machine learning models cut down on the time that security experts have to spend on mundane tasks, which can prove critical in isolating and confronting cyber crime. They are also able to isolate complex patterns in data that may be overlooked by human experts. For instance, machine learning could isolate a specific combination of several seemingly unremarkable factors in a dataset which strongly correlates with suspicious activity, and flag all instances of this combination in future runs.
These capabilities have been put to good use by the United States Public Service Credit Union (PSCU), which oversees 1,500 credit unions and represents more than 3.8 billion annual transactions. Since 2018, PSCU has made use of an Elastic-powered system to combat credit fraud, allowing the organisation to prevent $35 million in fraud in just 18 months.
Machine learning and alerting have played no small part in this feat. Algorithms allow PSCU to monitor the activity that happens even before a credit card is swiped at checkout, establishing a customer’s card usage pattern. The security team is notified when customers are observed to behave anomalously, allowing them to examine the data in closer detail and take action if necessary.
This pre-emptive approach to tracking suspicious activity assisted PSCU in uncovering a credit fraud ring, allowing them to blacklist addresses, phone numbers, names and other information linked to 37 credit cards attributed to the ring.
These instant insights would not be readily available to the team under manual monitoring.
3. Sleek data visualisation improves incident response
With the massive volume of data processed by cybersecurity softwares, an intuitive user interface can be instrumental in helping users sift out potential threats from the noise of regular activity. Data visualisation support can allow users to quickly zoom into spots of irregular activity, allowing for effective and efficient incident response.
The importance of user workability was most recently picked up on by the United States Department of Homeland Security (DHS), which announced in late 2019 that it would be using Elasticsearch for the second iteration of its Continuous Diagnostics and Mitigation (CDM) Dashboard System. The integrated dashboard solution — a partnership between Elastic and ECS, a leading provider of technology, science, and engineering solutions — allows federal civilian agencies to continually monitor and respond to cyber threats.
The dashboard makes use of Elastic to process the huge volume of activity over all of DHS’ networks. It collates and displays information from CDM tools at the agency and federal levels, allowing federal agencies to efficiently monitor associated cyber risks. The dashboard also provides the DHS with a summary of federal-level risk exposure, presenting a macro view of cyber threats.
These tools improve users’ cyber situational awareness across agencies, and is set to cut time to insight from weeks to seconds.
In a world where cybersecurity threats are mounting, governments need to constantly be prepared. A robust cybersecurity solution needs to be fast, powerful, and easily operable in order to meet these risks head-on.