Open Inference: Combating Intrusion in Real Time using Big Data

Mike Pollard, Co-Founder & CEO The buzz word around the cyber security circle is “sophisticated”. The world is witnessing ‘sophisticated’ cyber attacks on organizations, including government agencies, targeting unfathomable data accumulated over the years. In this age of increasing clandestine attacks, coupled with advancements in the IT industry, where resources are moving outside the firewall, the quintessential concern that demands attention is the real time identification of an attack. A promising solution lies at the intersection of Big Data and machine learning.

Developments in threat prevention and enterprise technology imply that big data-led intelligence defenses are the future of the security industry. According to Gartner, by 2016, 25 percent of large global companies will have adopted big data analytics for at least one security or fraud detection use case, up from 8 percent today, and will achieve a positive return on investment within the first six months of implementation. Mike Pollard, a champion in Big Data Analytics and Co-Founder and CEO of Open Inference, reports that cyber security has now fully transformed itself into a Big Data Analytics problem and the organization’s ability to curate and analyze threats using Big Data will become part of its cybersecurity edge. In fact, he forecasts that we will soon be able to purchase access to global pools of threat information from the IoT, social media, local and federal governments, partner/supplier/customer data, and other exogenous data sources. One step ahead of its competitors in delivering such a change is Rockville, MD, headquartered Open Inference.

The modernist software products and services firm incorporates leading-edge Big Data Analytics tools and techniques to solve previously intractable problems in the cybersecurity, transportation and healthcare knowledge domains. “Inference and Big Data Analytics are tools that allow us to change countermeasures over time to meet threats we cannot even imagine today. And, with our unique ability to inference over unlimited threat information in Big Data in real time, we can create new rules, do further inference lifts, and provide a nearly limitless number of threat responses in real time,” said Pollard.

Pollard cites NSS Labs to elucidate the challenges that are grappling organizations. Their reports point to the fact that efficiency of an average intrusion prevention product is 94 percent. “This huge six-percent gap is exploited by cyber-criminals, spies, nation-state warriors, hacktivists and terrorists who prove, time and again that the determined adversary will eventually get through, if we rely on older technology,” he explains. The world has witnessed such anomalies in the exploits of Bank of America, Home Depot and the White House.

A large rule base of known attacks in conjunction with an Artificial Intelligence engine that responds to new attacks appears as the best approach to the fast-changing threat landscape. The constantly evolving nature of cyber threats necessitates the collection and analysis of threat data from across the entire network. And Open Inference offers just that.

CyberMethods works unobtrusively to defeat cyber attacks and attack vectors in real time without human intervention

A unique product of Open Inference, CyberMethods stores and processes analytics on all attacks and applies a rule base, which in itself can change. “CyberMethods works unobtrusively to defeat known and unknown cyber attacks and attack vectors in real time without human intervention,” says Pollard. “It is compatible with existing network security tools, has no bandwidth constraints, generates no false negatives or false positives, and supports Web and Mobile applications.”

The Big Data Analytics Framework for Cyber Security

CyberMethods is aligned with the recent market trends in the cyber security arena. Scott Streit, Co- Founder and Chief Scientist of Open Inference, believes that hardware-based IPS devices will quickly be replaced with Big Data Analytics tools and techniques, including cloud computing and machine learning. “Our near-term cyber security challenge will be to process the overwhelming amount of information we are now collecting, learning patterns and predict unknown threats based on our past experiences,” Streit explains. “The marketplace will be transformed from today’s inward focus on IPS device management and organization-level threat prevention to organizations collectively participating in and contributing to a rapidly growing worldwide pool of threat information.” This means traditional cyber security customers will no longer install hardware devices to perform relatively simple pattern matching tasks.

“CyberMethods is ready for the marketplace transformation,” remarks Pollard. “As threats change, through the inclusion of new data sources, CyberMethods creates new rules and shares them with the common rule base, allowing all customers to benefit. This is “Collective Security”. The fact that CyberMethods uses Big Data and caching algorithms means it can inference over large data spaces without the constraint of all data being in memory. “We also developed similar algorithms to allow scaling to production,” comments Streit. “Our algorithms for memory management allow inference and the firing of rules against unmatched data set sizes.”

Cloud Computing and Machine Learning

CyberMethods leverages cloud computing and big data analytics tools and techniques to analyze threat data and prevent known attacks by blacklisting attacking machines in real time. This is in-line with the rapidly changing threat environment over internet where machine learning algorithms have already created rules to promote an incident to an attack. “CyberMethods achieves unlimited throughput through radical load balancing and fault tolerance in conjunction with the client’s private cloud or through the public cloud,” elaborates Streit.

To analyze unlimited threat data in real time, CyberMethods incorporates Cloud Computing and a machine learning tool called the Open Inference Engine. The engine uses an open source framework to process data semantically using the Web Ontology Language (OWL).
Using patent-pending algorithms, the engine fires rules to reason over unlimited data in near-real time. CyberMethods then reiterates as each new threat knowledge base triggers additional data and the firing of additional rules in the inference engine. New entailments are continuously created as the data is analyzed and stored for future use. “Like our own brain, CyberMethods’ machine learning algorithms also improve over time; as additional threat data is received over time, CyberMethods grows its rule base and becomes correspondingly “smarter,” resulting in much more valuable output and improving its overall data analytics capabilities. With continual threat data input and machine learning, CyberMethods’ value to the customer improves every day,” elucidates Pollard.

Open Source—the Way Forward

The Open Inference founders have been speakers at various Open Source conferences, contributing to open source projects and being reviewers of dozens of specifications for the past twenty years. “As a result of our contributions to the Open Standards bodies and our choice to implement CyberMethods using best-of-breed Open Source tools, our customers can access continual innovation from us and all other vendors without experiencing “vendor lock in.” And, similarly, we have ensured our customers that there will be full competition among suppliers of IPS technology that implements IEEE 2410 and OASIS IBOPS,” states Streit. The company has contributed CyberMethods’ breakthrough Intrusion Detection and Prevention (IPS) technology to IEEE and ISO, and soon the technology will be published as Open Standards.

"The marketplace will quickly transform itself from today’s inward focus on IPS device management and organization-level threat prevention to organizations collectively participating in and contributing to a rapidly growing worldwide pool of threat information"

“IEEE 2410 specifies the following CyberMethods technology, a description of the RESTFull calls and behavior necessary for an IPS to defeat most attacks and most attack vectors; the format of requests necessary to protect data in real time from known and unknown attacks, and the intrusion prevention mechanism present inside CyberMethods,” states Streit.

Even projects at the Open Inference Laboratory, which Streit leads, are usually initiated to work with the Open Source Community to identify and overcome the limits of the offerings of the company. Upon encountering an obstacle, potential solutions from academia, industrial and government laboratories are considered. “If no reasonable solution is identified, we then look to integrate research from the fields of Data, Inference and Semantic Web to help resolve the limitation,” says Streit.

Intensive research in the Open Inference Laboratory has enabled Open Inference to deliver CyberMethods as an add-on to an organization’s existing security infrastructure. The product was launched recently, and is witnessing a soaring demand. “We have a tremendous set of assets and strengths in place–the people, the plan, and great technology–and we focus without distraction on helping our customers conquer their most important business challenges,” concludes Pollard.

Open Inference

Rockville, MD

Mike Pollard, Co-Founder & CEO and Scott Streit, Co-Founder & Chief Scientist

An advanced software products and professional services company that applies leading-edge Big Data Analytics tools and techniques to solve previously intractable problems in the cybersecurity, transportation and healthcare knowledge domains.