The Air Force and private industry are refining new cyber techniques designed to anticipate and thwart enemy attacks before they happen.
IT management firm Robbins Gioia, a cyber security partner with the Air Force and other government entities, told Defense Systems about some cutting-edge methods currently used to examine code behind firewalls.
“We create an intelligence radar for upcoming threats” to allow them to detect and respond proactively, Andrew Robinson, CEO of Robbins Gioia, said in an interview.
These tactics are aimed at filtering through current systems to establish areas where cyber-attackers might seek to penetrate networks.
“Look behind the firewall and start to filter through current systems and determine where weaknesses in their code and structure exist,” Robinson explained.
Another element of this approach involves a thorough assessment of prior cyber-attacks on other government systems as a method of setting up a defense against them.
Robinson explained that, in some cases, porting data to different architecture, new blade servers or modernized firewalls can be part of the calculus for a so-called “active defense” posture.
The strategy is intended to leverage security data form multiple sources, including operating system logs, application logs, firewall log data, proxy logs, intrusion detection systems, host-based intrusion detection systems, identity management systems and dynamic malware execution environments, RG officials explained.
Robbins Gioia’s collaboration with the Air Force incorporates an approach called “cyber radar.” This is, as it sounds, a cyber-threat detection technique using a dashboard to assess risk and real-time vulnerability.
RG’s efforts also include implementing Risk Management Framework guidance from the National Institute of Standards and Technology.
This is an important move, said Robinson, because as security controls are no longer a one-size-fits-all compliance drill. Instead, the agencies can focus on identifying and prioritizing actual risk, based on mission impact, and tailor controls for each system.
Although Robbins Gioia did not cite specifics regarding various cyber techniques, their effort to identify and thwart would-be attackers is consistent with a common cyber-security tactic known as a “honey pot.”
“Honey Pot” cyber techniques generally involve luring potential malicious actors to a particular system where their actions can be more easily observed, RG officials said.
“The technique also helps protect key data stores since their activities are diverted and defenders can assess the best methods to intercept or block new attacks," a company official told Defense Systems.