This is the latest news on
This is the latest news on IGLOO SECURITY, Inc.
having been reported in press.
This is the latest news on IGLOO SECURITY, Inc. having been reported in press.
Paradigm Shifts in Security Control 2016.11.15 1145
As modern security environments change at an unprecedentedly rapid rate, security administrators today find themselves facing an increasing number of issues. As we have witnessed through recent security incidents, such as the Interpark personal information data leak, these worries are fueled by the steadily increasing number of attackers who utilize never-before-seen sophisticated attack methods to expose weaknesses of infrastructures and organizations. These attacks take their time to look over every bit of information before leaking major information, such as personal information and patents, or disabling a company’s systems, thereby bringing about sizable waves to the management activities of corporations and institutes.
In order to counteract the steady appearance of these new and advanced security threats, corporations are also taking measures to change how they defend against and manage attacks. In particular, corporations and institutes have made rapid developments in security control to deal with the constantly shifting threats by observing internal IT infrastructures to ensure they are not exposed to security threats while reacting instantly to any detected risks. Therefore, my aim is to reflect on the progress of security control, which has developed in tandem with the evolution of security threats, from network boundary-based security control to AI-integrated security control.
Network Boundary-based Security Control
In the past, attackers focused on penetrating the boundaries of corporations or institutes to infiltrate the interior, so it is true that traditional security control methods put an emphasis on corporate boundary defense. Defenders concentrated on monitoring with network security equipment such as firewalls, IPS/IDS, DDoS equipment, L7 firewalls, and web firewalls, as well as employing vaccines to detect and stop any known attacks that attempted to go over the network boundary.
However, as centralized computing and isolated networks began to take on a more open and dispersive form, the traditional security management format, which focused on boundary-based methods, began to reach the limit of its capabilities. The steep incline in apps, infrastructure, and users connected to the internet meant that attackers had far more opportunities and potential venues to penetrate and infiltrate. A common example of such attacks can be seen in zero-day attacks, in which attackers discover and exploit software vulnerabilities before patches intended to make up for these vulnerabilities can even be announced.
Attackers are using more diverse tactics than ever to overpower defenders with a constant stream of attacks. These days, attackers are able to raise their chances of success at infiltration through various paths such as PCs, smartphones, E-mails, and websites or by abusing unpublicized vulnerabilities in IT systems to avoid automated detection. Once they have reached their target, they can move around the corporation's internal system and examine every bit of information there is before carrying out their attack and leaking specific pieces of information or disabling the company's system or security service.
Thus, with an increasing number of holes in security that attackers can break in through and the development of technology, defenders have come face-to-face with the necessity to monitor all user actions and events taking place not just on the network boundary but within the entire corporation as well, and to manage them comprehensively. Accordingly, this led to the rise of security control based on enterprise security management (ESM), which manages the security systems of heterogeneous networks in a singular control network, collects security data created from various security devices, and conducts linkage analysis on the collected data.
ESM-based Security Control…Maximizing the Interoperability, Management, and Security of Various Security Systems
The issue of security control can be compared to the story of the blind men and the elephant. Just as how the blind men were unable to identify what sort of animal the elephant was after touching only parts of its body, such as its legs, ears, and eyes, due to its sheer height, we must not make hasty judgements and treat speculations as truths when we only have a limited amount of information to go off of.
This is because relying solely on dispersed information instead of gathering and analyzing information created by countless infrastructures from a comprehensive perspective may lead to flawed judgements that bring about calamities to corporations.
As this shows, ESM-based security control is centered on faster and more accurate threat and irregularity detection through linkage analysis among the various security equipment. As the previous system's log-centered analysis had clear limitations in confirming what issues were occurring within a corporation's infrastructure, this method collects all information created by various security devices, such as systems and networks, in real-time and conducts linkage analysis using a wide array of statistics and pattern analysis tools to identify the action's significance more accurately without tripping over any false detections.
Under these circumstances, big data analysis platforms, which can link massive amounts of security data with the latest information on threats and effectively analyze the results rapidly, has come under the spotlight. This is because the quick analysis of massive amounts of security data, which include tens of thousands of cases a day, within limited time and budget constraints and accurate grasp of attack occurrences and activity based on information provided by the security system allows corporations to make the most optimal decision to maintain their security.
Big Data Log Analysis-based Security Control…Faster Linkage Analysis of Massive Security Data
Recently, big data is becoming a major talking point among those in the IT field. Big data refers to data sets so massive that they cannot feasibly be collected, saved, and analyzed via existing data management methods and tools. In the span of just 1 minute, over 2 million Google searches and 200,000 tweets take place, so these data sets are growing at a breakneck pace. Many corporations are accelerating their efforts to extract and use meaningful value from big data, and the security industry is no exception. Big data analysis technology that can conduct quicker and more accurate linkage analysis of massive amounts of security data is being actively welcomed and sought out.
In order for the security administrator to make the right call, there is a need to conduct linkage analysis on security data collected in real-time from various security equipment as well as long-term archived past data and data on the latest external threats. However, as it is nigh impossible for people to manually analyze all this data, security control has experienced a paradigm shift from the ESM-based format to the enhanced big data log analysis-based format.
Big data log analysis-based security control utilizes distribution-based data storage and processing technology for a quicker and more accurate linkage analysis with security data than the previous format. This format predicts threats and irregularities by conducting linkage analysis of information on the asset information and vulnerability information of corporations with security data created from the security equipment of heterogeneous networks based on parallel computing. Furthermore, even if a breach event occurs, it is possible to quickly react and sever the link of attack by quickly searching and analyzing comprehensive details such as the attack inflow path, range of attack, and damage conditions.
A recent hot topic garnering interest from many people regardless of industry is that the issue of ‘AI.’ The most commonly noted examples of AI are AlphaGo, the AI Go program that defeated the 9-dan Go genius Sedol Lee, self-driving car technology based on AI, and IBM Watson, the AI doctor that can analyze massive amounts of patient information to diagnose diseases and suggest treatments.
In particular, attempts to use ‘machine learning’, a field in AI, stand out. Machine learning refers to an algorithm and technology in which computers learn how to imitate the cognition, inference, and learning abilities of humans to carry out actions that are not defined in their code as well as steadily develop their thinking abilities without any separate outer intervention.
If applied to the information security field, the AI would be left unsupervised to go through all sorts of security data that have been accumulated for months or years by the institute or corporation in order to learn how to recognize regular and irregular situations. Through this unsupervised study, the institutes or corporations would be able apply attack detection scenario that have been optimized and customized for them. Then, this attack detection scenario would consistently update itself while remaining optimized for its institute or corporation.
As such, the security control field is expected to actively implement the ‘machine learning’ algorithm in the near future. By allowing machines to learn the experience and knowledge of humans who have conducted linkage analysis on massive amounts of data for long periods of time through ESM and big data analysis platforms, it becomes possible to resolve the cumbersome issue of having to look into each and every piece of security data, as well as to more effectively detect new types of security threats that deviate from usual patterns.
For instance, if a machine learning-based system was able to take in the knowledge and experience of a security control expert to analyze logs collected from various equipment and filter out 90% of regular events, then the security control expert would only need to focus on the remaining 10% of events, allowing for increased efficiency in security control. Afterwards, the system could learn once more from the analysis of the security control expert, and repeating this process over and over would allow it to create results that equal or even exceed the expert’s intuition.
However, despite such expectations in machine learning, there have not been any noteworthy attempts to invest or make developments in Korea. In contrast with global corporations such as Google or IBM, who quickly integrated machine learning technology into the security field, Korean corporations are discussing the side effects of AI. Considering that security threats are becoming intelligent and expanding vastly in size with each passing day, I believe that there is a need to engage in-depth discussion regarding these changes and seek out methods of utilization.
Increasingly Intelligent Security Threats and the Future of Security Control
So far, we have looked into the development process of security control. Network boundary-based security control kept up in pace with next-generation IT development, which is represented by big data, cloud, mobile, and Internet of Things (IoT) by advancing into ESM-based security control, which conducts comprehensive linkage analysis on information created by countless types of infrastructure. This change was necessary to fight back against intelligent attackers who discretely infiltrate through various passages, take their time to thoroughly comb over every aspect of a corporation’s internal system, and leak specific information or disable key systems and services.
ESM-based security control also underwent change, this time into big data log analysis-based security control, which uses big data analysis platforms, due to the exponential increase in security data that security administrators were forced to gather, process, and conduct linkage analysis on. The new big data log analysis security system allowed security administrators to analyze massive amounts of security data, which numbered over tens of thousands of cases every day, more quickly while on a limited budget and time frame.
Big data log analysis-based security control is about to take yet another leap forward thanks to its combination with machine learning. IT systems that have studied through the machine learning algorithm are able to automatically process and analyze large amounts of security data while constantly learning and improving. This reduces the burden on security administrators suffering from time and resource constraints, and it is anticipated to develop even further to detect and react to new types of never-before-seen threats in advance.
As a result of emerging security threats with unprecedented detail and strategy, corporations today find themselves in more dangerous situation than ever. As more devices, infrastructure, and users are connected through the internet, security threats targeting corporations, institutes, and individual users will also increase in the future. As the types and attack methods of security threats evolve just as quickly as technology develops, it is my hope that corporations can enhance their security through the construction of a security control system that comprehensively analyzes large amounts of security data and preemptively takes action.
|Next||Collapsing Border: IGLOO SECURITY Discloses Report on Security Threat and Technological Prospects in 2017|
|Prev||Significance of Network Partition Management from the Incident of Personal Data Leakage from Interpark|
문의 사항을 남겨주시면 상담을 도와드리겠습니다.
'(주)이글루시큐리티'는 (이하 '회사'는) 고객의 개인정보를 중요시하며, "정보통신망 이용촉진 및 정보보호 등에 관한 법률"을 준수하고 있습니다.
회사는 개인정보취급방침을 통하여 고객이 제공하는 개인정보가 어떠한 용도와 방식으로 이용되고 있으며, 개인정보보호를 위해 어떠한 조치가 취해지고 있는지 알려드립니다.
수집항목 : 이름, 회사명, 이메일, 연락처
회사는 수집한 개인정보를 다음의 목적을 위해 활용합니다.
회사는 개인정보 수집 및 이용목적이 달성된 후에는 예외 없이 해당 정보를 바로 파기합니다.
회사는 원칙적으로 개인정보 수집 및 이용목적이 달성된 후에는 해당 정보를 바로 파기합니다. 방법은 다음과 같습니다.
회사는 이용자의 개인정보를 원칙적으로 외부에 제공하지 않습니다. 다만, 아래의 경우에는 예외로 합니다.
회사는 고객님의 동의없이 고객님의 정보를 외부 업체에 위탁하지 않습니다.
이용자 및 법정 대리인은 언제든지 등록된 자신 혹은 당해 만 14세 미만 아동의 개인정보를 조회하거나 수정할 수 있으며 가입 해지를 요청할 수도 있습니다. 이용자 혹은 만 14세 미만 아동의 개인정보 조회ㆍ수정을 위해서는 ‘개인정보변경’(또는 ‘회원정보수정’ 등)을 가입해 지(동의철회)를 위해서는 “회원탈퇴”를 클릭하여 본인 확인 절차를 거치신 후 직접 열람, 정정 또는 탈퇴할 수 있습니다. 혹은 개인정보관리책임자에게 서면, 전화 또는 이메일로 연락하시면 바로 조치하겠습니다. 귀하가 개인정보의 오류에 대한 정정을 요청하신 경우에는 정정을 완료하기 전까지 당해 개인정보를 이용 또는 제공하지 않습니다. 또한, 잘못된 개인정보를 제3자에게 이미 제공한 경우에는 정정 처리결과를 제3자에게 바로 통지하여 정정이 이루어지도록 하겠습니다. 이용자 혹은 법정 대리인의 요청으로 해지 또는 삭제된 개인정보는 “회사가 수집하는 개인정보의 보유 및 이용 기간”에 명시된 바에 따라 처리하고 그 외의 용도로 열람 또는 이용할 수 없도록 처리하고 있습니다.
쿠키 등 인터넷 서비스 이용 시 자동 생성되는 개인정보를 수집하는 장치를 운영하지 않습니다.
회사는 고객의 개인정보를 보호하고 개인정보와 관련한 불만을 처리하기 위하여 아래와 같이 관련 부서 및 개인정보보호책임자를 지정하고 있습니다.
정부의 정책 또는 보안기술의 변경, 개인정보 위탁업체 등의 변경에 따라 내용의 추가ㆍ삭제 및 수정이 있을 시에는 개정 전에 홈페이지 “소식” 게시판을 통해 고지합니다.
재화나 서비스의 홍보 및 판매 권유, 기타 이와 관련된 목적으로 개인정보를 이용하여 정보주체에게 연락할 수 있습니다.
귀하께서는 회사의 서비스를 이용하시며 발생하는 모든 개인정보보호 관련 민원을 개인정보관리책임자 혹은 담당 부서로 신고하실 수 있습니다.
회사는 이용자들의 신고사항에 대해 신속하게 충분한 답변을 드릴 것입니다.
기타 개인정보침해에 대한 신고나 상담이 필요하신 경우에는 아래 기관에 문의하시기 바랍니다.