This post is also available in: עברית (Hebrew)
New methods for cyber security have been trying to offer an original approach to cyber security. Cyber behavioral pattern analysis, a state-of-the-art commercial method, emerged from the US Army’s month-long Cyber Quest 2017 event as one answer to the cyber threat, according to Army officials speaking at a Cyber Quest ’17 media roundtable at Ft. Gordon, GA.
The pattern-based cyber threat detection method is a commercial innovation just entering the cyber-defense domain. According to Col. Steven Rhen, the key is to monitor and understand the normal patterns of traffic and user behaviors on a given network. Then, it becomes possible to rapidly identify anomalies that could indicate an enemy cyber intruder.
The multi-layered system, according to defensesystems.com, includes a physical layer, a network layer, a social layer, and a persona layer to cyberspace. Monitoring for threats includes gathering behavioral data on each layer and then correlating and combining that data, according to the commercial developers.
It’s a method that is “no longer looking at rules, but looking at the pattern of life on that network,” said Col. Rhen. It can be approached from the persona approach (monitoring email traffic and times the network is in use), a physical approach (monitoring where the network is in use), or a network approach.
A network approach involves asking, “this server always talks to this server, but why is that server suddenly talking to a router or a different server that it’s never talked to?” These types of anomalies will trigger an alert and further investigations, says Col. Rhen.
If applied to the internal networks of the services, the behavioral pattern analytics method would also be a valuable tool for what Gen. Don B. Morrison Jr. referred to during the roundtable as “information assurance.” In other words, by monitoring internal network patterns, it would be able to mitigate the threat of insider cyber-attacks and security breaches.