Like a chess match, the moves of both cyber criminals and cyber attack prevention teams are motivated by the most recent activity of their opponent. Originating around 1995, early phishing emails were easily identified by poor spelling and grammar, which prompted attackers to clean up their content. Email recipients became wary of messages from unknown senders, so criminals learned to hide behind sender addresses of Fortune 500 companies and organizational Help Desks.
Similarly, attacks on institutional resources, web sites, applications and systems –which may have begun as amateurish pranks– grew into purposeful intrusions with intent to steal or corrupt. Antivirus tools for individual computers help thwart commonly downloaded malware, but do not have the capacity to patrol or influence menacing packets sailing through a network like tiny, voracious pirates. Unfortunately, with the escalation of intensity and sophistication of email and network attacks, legitimate email and network traffic have become hampered by the overwhelming tide of malicious activity.
With the advent of RiceNet3, tools like Palo Alto’s Next Generation firewall platform and Splunk’s analysis and visualization products can be used in tandem to increase security and identify attacks as they begin. The Palo Alto system is a suite of tools designed to detect and protect against these attacks. Based on a next-generation firewall, the system also includes an intrustion prevention system that looks for known-malicious attempts to compromise resources on the network. Wildfire, another component of the Palo Alto system, evaluates suspicious content by comparing it against a cloud repository and by evaluating the content in a self contained virtual environment. If the content is determined to be malicious, subsequent instances are blocked.
Splunk is a big data analysis tool that can be used to establish a baseline of typical academic, research, and business processes based on network, system, and other log sources. It normalizes and correlates the data to generate alerts, produce reports and deliver actionable data. Splunk and Palo Alto have already been tested in targeted areas of the network, with a gradual roll out planned for the full network over an 18-month period beginning in spring 2015.