Combining analytics and security to treat vulnerabilities like ants

It is a digital world, and business models have shifted; in order to succeed, a business cannot afford to wait until an external attack or an internal breach has occurred before action is taken, according to Teradata chief analytics officer, Bill Franks.

Having been with Teradata for over 12 years, Franks said if there is one thing he has experienced too frequently in his time, it is that a lot of companies wait until after they have experienced a compromise before they act.

"Companies have to take this seriously," he said.

"You think that the bad guy hackers are going to call in advance to let you know they are about to come and steal some sensitive information from you so you can make sure your padlock is in place?"

With a spotlight on the banking sector, Franks said that the focus is shifting regarding what a company is looking for from its analytics requirements.

"When you get into fraud, companies are starting to do some additional security analytics over what they used to do. One of the methods that is really getting a lot of attention, and being used broadly is network, or social network analysis, which is the linkages between places, or things.

"In a fraud scenario, it's often the relationships between, for example, bank accounts. Is there a pattern of money moving from A, to B, to C, to D, that seems to be repetitious with a certain dollar amount that would look suspicious?"

"It is not just a transaction-by-transaction focus anymore, now we are also looking at that bigger picture of 'Is there a network or a grouping of accounts here that has activity that in total seems suspicious, even if the individual transactions look fine?' That's one of the big things that companies have been beginning to adopt."

Franks said that whilst it is not always enough to solve or fix the problem, it opens up larger avenues that are worthy of further investigation.

The analytics officer said that banks are doing more around trying to understand their customers better and marketing intelligently to a customer. He said that it is not worth showing a customer a product that will not be of use to them, when there could be a multitude of other services that would be better suited to that person, "Is a credit card really the best thing for Bill, or is one of our other products more suited for him?"

Franks also said banks are also able to pay a lot of interest in internal operational compliance.

"There have been lot of new regulations, which has brought with it a lot of paranoia almost, so we've been doing a lot of work around some things that we weren't doing a lot of in the past, such as looking at all of the communications all of our service agents and bank employees have had with a customer, to identify if they are saying things they shouldn't, as well as employees in different departments conversing, which might be worth looking at.

"It is not as sexy, but it is necessary; it is not as cool as the customer stuff, but it needs to be done -- there is a heck of a lot of data and some sophisticated analytics involved."

"It seems like almost every week now in the US that we are hearing about a major security breach of organisations that were theoretically the least breachable."

Yesterday, the United States Internal Revenue Service (IRS) revealed in excess of 220,000 taxpayers may have had their personal information accessed, in addition to the 100,000 originally reported in May, as a result of a data breach that targeted the department's Get Transcript system.

"People would have thought that the IRS was locked down as tight as anything," Franks said. "Some of the major healthcare companies -- one of the big ones a few weeks back -- again, you think of as being very solid, even the banks and credit companies are thought of as unbreakable.

"Anybody with highly secure information, especially when you get into sensitive government documents, it is almost a full on war of people trying to hack into that information versus the agencies trying to stop it. The same happens with private companies, even smaller ones."

In June, a report leaked by former US National Security Agency (NSA) contractor and whistleblower, Edward Snowden claimed the NSA and the UK Government Communications Headquarters (GCHQ) had been actively reverse engineering security and anti-virus software to obtain intelligence, since 2008.

The documents obtained reportedly highlight the Russian software security firm, Kaspersky Lab, as one of the main targets, with GCHQ reverse-engineering Kaspersky's anti-virus software looking for vulnerabilities that could be subverted.

"It pretty much seems that nobody is as secure as anybody thinks," Franks said on the matter.

"These companies are getting beat up as though they are completely irresponsible and never put anything in place, and they could very well be doing the equivalent of you going to bed and dead bolting your house down every night, it just happened to be that someone showed up who knew how to open that deadbolt."

Talking about the cyber-security breach Italian-based Hacking Team fought in early July, Franks found it ironic that their revenue stream -- the hacking code -- was exposed.

"Their code -- which they were selling to hack -- got hacked, and now it is worthless and useless to them as it is now readily available. Companies have changed their lock structure, and are now secure, for now.

"When the hackers themselves are getting hacked, it's sort of a poetic justice, but it also just shows the magnitude of the problem. These are the people that show best how to perform the hacks, and they're still getting hacked."

Franks believes companies should offer reward-based systems to deter hackers from misusing what they find.

"Without exploiting us, we'll give you 'X' as you are helping us keep secure. I think it will have to be that way. It is so sophisticated out there; I don't think any given company, no matter how experienced your people are, could be up on every possible opening and hacker opportunity that there is."

One for analogies, Franks compared it to trying to keep ants out of your house.

"There's always going to be tiny cracks somewhere in your house that an ant is going to get through, all you can do is close it when you find it, and the more people that are looking for it, the more proactive you can be and actively close it before you end up with a bunch of ants running around your house.

"From our point of view, it is about collecting very low level data on exactly how the traffic is moving through the network, and the data packets -- the data around the cyber security is very sophisticated -- the need for it becomes more obvious as you get deeper and deeper," he said.

"If you think of a data packet being somewhat similar to money transferring in a bank account, and a log on or a port probe being comparable to calling the bank and asking a question, and I show up trying to do something presenting an ID that may be false, in principal it's the same thing, but of course the data is different and more detailed, from a system perspective."

Using DHL -- the German logistics company cum information technology business -- as an example of what he has termed "cross industry pollination", Franks said that that industry lines are increasingly becoming more and more blurred.

"Everybody thinks of DHL as a transportation company, with transportation issues, but problems they are defining are exactly the same issues with, say for example, revenue issues at a hotel, or an airline.

"It may be in a shipping or transportation context, but the math and the data; the problem is identical to something people think of as being specific to another industry.

"A lot of companies that you think of as being industry one, or industry two, have caught up with a lot of industries that aren't anything like them."

He said it is not just the blurring of industry lines from a business perspective, but also from an analytics perspective; different industries having to delve into areas that were traditionally not tied to their industry set at all.

"It is because of all the data we now have available," he said. "That allows them to do so much more."