Digital computers and human brains have different strengths and weaknesses. If you give me a long list of arthimetic problems to solve, at some point I’ll slip up. “How did I get the wrong answer on that division problem? Oh yeah, I thought there was a 3 in the tens place of the dividend when it’s actually a 6. I’ve just been staring at all of these numbers for so long that I’m starting to get tired!” But CAPTCHAs are easy for me to use, and they somehow impede malicious web bots that try to break through authentication barriers.
Intrusion Detection Systems are often pretty good at detecting common types of cyberattacks that we have good algorithms for. But if you were to ask security analysts who work directly with IDSes, they’ll tell you about the everyday frustrations that they deal with.
Alert fidelity is a frequent challenge. A trained human being can manually analyze the event logs that IDSes generate, and they’ll find many more false positive alerts than true positive alerts. Log analysis software helps to cut down the tedium, but even the best software is far from perfect. A lot of time and effort is spent in datacenters trying to separate the true positives from all of the false positives, and it often overwhelms SIEMs.
Deploying an IDS’s hardware sensors is very expensive! They can often cost a datacenter $100,000 USD or more per 10 Gigabit Ethernet (10,000,000,000 bits per second) link. To control costs, detection appliances are used sparingly, with low alert fidelity configuration to increase true positive detection. But that’s at the expense of generating many more false positives. As far as software sensors are concerned, lower fidelity configuration also requires less processing power. Often, a software sensor mechanism can consume most of the processing power of the system that it’s protecting. Fine tuning both hardware and software sensors in an IDS can be a major challenge.
Cyberattacks are getting exponentially adaptive, with IDS evasion in mind. Behavioral analytics are deployed within the boundaries of current technology. Changes in anomalous behavior can be used to identify novel and zero day attack patterns, but the low fidelity nature of current IDS deployments can make the analysis of new anomalies really labor intensive work. Again, a lot of effort is consumed in identifying true positives from an overwhelming number of false positives.
David Follett of Lewis Rhodes Labs is trying to address the problem. His wife, Dr.Pamela Follett, is a neuroscientist, and a co-founder of Lewis Rhodes Labs with her husband. This is where computer science meets neuroscience! A neuromorphic computer system, like the Folletts’ Neuromorphic Data Microscope, imitates the physiology of the human brain. It likely uses neuromorphic technology that’s developed by IBM– their True North CPU architecture, although I cannot find confirmation in Lewis Rhodes Labs’ documentation.
LRL’s Neuromorphic Data Microscope works with stand IDS security expressions and is designed to be used with currently existing IDS software and existing security infrastructure. The main mechanism of improvement is how it vastly improves sensor speed with a much better signal-to- noise ratio. That means a lot fewer false positives!
Development of LRL’s Neuromorphic Data Microscope is ongoing and preliminary, even as the first version has just hit the market. They’ve partnered with Sandia National Labs in their research. Sandia’s John Naegle has analyzed the performance of the novel new tool. “We quickly realized that we could use this architecture to greatly accelerate our ability to look for patterns and even look for complex versions of these patterns,” said Naegle.
LRL’s Neuromorphic Data Microscope systems are priced as low as $20,000 USD, according to a datacenter’s specific needs. Deploying the system as an alternative to standard IDSes likely pay for themselves many times over when the efficiencies in detecting intrusions with much higher alert fidelity for much less processing power are considered.
The technology is very promising and revolutionary. “Having demonstrated that we can mimic some of the brain’s unique ability to process information with the Neuromorphic Data Microscope, we expect the technology to advance rapidly, revolutionizing the way we build and use computers,” David Follett said.
The systems manifest as small motherboards that are designed to be intergrated into current and common network configurations. According to LRL, a Neuromorphic Data Microscope consumes as much electricity as a 60 watt lightbulb, and can be a thousand times more efficient as its alternatives that are commonly deployed.
As the first version of LRL’s Neuromorphic Data Microscope has just been commercially launched, we’ll see in time with real world practice how it can improve cybersecurity performance.
Author Bio: Kim Crawley spent years working in general tier two consumer tech support, most of which as a representative of Windstream, a secondary American ISP. Malware-related tickets intrigued her, and her knowledge grew from fixing malware problems on thousands of client PCs. Her curiosity led her to research malware as a hobby, which grew into an interest in all things information security related. By 2011, she was already ghostwriting study material for the InfoSec Institute’s CISSP and CEH certification exam preparation programs. Ever since, she’s contributed articles on a variety of information security topics to CIO, CSO, Computerworld, SC Magazine, and 2600 Magazine. Her first solo developed PC game, Hackers Versus Banksters, had a successful Kickstarter and was featured at the Toronto Comic Arts Festival in May 2016. This October, she gave her first talk at an infosec convention, a penetration testing presentation at BSides Toronto.
Kim Crawley is a guest blogger, all opinions are her own.