MIT SDM Systems Thinking Webinar...
Transcript of MIT SDM Systems Thinking Webinar...
system design & management
MIT SDM Systems Thinking Webinar Series
Implementing Better with the Right Intrusion Prevention Solutions: A Computer Implemented Logic that Performs Artificial Intelligence Decision-Making Analysis
By Charles Iheagwara, Ph.D, SDM ‘10
Copyright @ Charles Iheagwara
Outline
• Introduction
• Growing Intrusion Trends
• Enterprise Intrusion Prevention
• Implementing with Unfit Solutions
• A Method of Implementing Correctly
• Summary
Copyright @ Charles Iheagwara
system design & management
Introduction
Copyright @ Charles Iheagwara
What is Intrusion Prevention?
• First we need to define intrusion to answer the question
• If we define intrusion as “Any unauthorized access into an entity’s network or systems, then we can
• Define intrusion prevention as a preemptive approach to used to identify potential threats and respond to them swiftly.
• What are the methods of preventing intrusion?
• There are different methods
• Typically by the use of enterprise –level security products: Firewalls, IDM, IDS/IPS, ETC.
Copyright @ Charles Iheagwara
• Intrusion into enterprise networks continues to grow at alarming rates:
– Recent hacking events at Sony, UMUC, Target Stores and the US OPM provide proof of implementation failures.
• An article by David Weldon [3] on “US cyberhealth report” finds companies underperforming and attributes growing intrusions to ineffective implementations.
• Specifically, Weldon contends that:
– “despite all the attention that Cyber security is getting, and all the money that large corporations pour into prevention and detection, the majority of large organizations are underperforming when it comes to safeguarding their systems.”
Trends
Copyright @ Charles Iheagwara
• According to the article which focused on the Standard & Poor's 500 organizations:
– The companies analyzed spend a significant amount of money on Cyber security, represent 75 percent of the American equity market by capitalization and are also among the leading targets of Cyber-attacks.
– Despite the huge amount spent, these companies continue to underperform. For example [3], the study found that during 2013, at any given time, between 68 percent and 82 percent of the S&P 500 companies included in the analysis had been compromised with an externally observable security event.
•
Trends Cont.
Copyright @ Charles Iheagwara
Intrusion into enterprise networks continues to grow at alarming rates: Recent hacking events at UMUC and Target Stores provide proof of implementation failures. Why did these happen? Deployments were ineffective to prevent intrusions See Article at the following URL: http://www.fiercecio.com/story/us-cyberhealth-report-finds-companies-underperforming/2014-02-26
Attributes growing intrusions to ineffective implementations.
Copyright @ Charles Iheagwara
system design & management
How do Organizations Prevent Intrusions in their Networks Today?
Copyright @ Charles Iheagwara
Implementations
• Largely by deploying intrusion detection and prevention devices: – Firewalls (including NGFW) – IPS/IDS – Others devices including system specific
measures
• We focus on Firewalls and IPS/IDS
Copyright @ Charles Iheagwara
Commercial Intrusion Prevention Tools • Leading vendor products are listed by Gartner, NSS Labs, Others
• Next generation firewalls and intrusion detection and prevention systems feature a diverse product range from leading vendors such as Check Point (NASDAQ: CHKP), Fortinet (NASDAQ: FTNT), McAfee (NASDAQ: INTC), Cisco (NASDAQ: CSCO), Dell, HP (NYSE: HPQ), IBM (NYSE: IBM) and Juniper (NYSE: JNPR).
• The mix represents products from different class families: – Firewalls – Next Generation firewalls (NGFW) – Intrusion Detection Systems – Intrusion Prevention Systems – Threat Isolation Products – Etc.
• With advances in technology, products in different class families are increasingly integrating features from products in other families.
– For example, NGFW functionalities are available as add-ons to the existing M- series McAfee firewalls.
Copyright @ Charles Iheagwara
Securing the Enterprise
Copyright @ Charles Iheagwara
Securing the Enterprise: IPS Security Product Market Growth
Copyright @ Charles Iheagwara
PROBLEM /OPPORTUNITY
• Hundreds of Cyber security products in the marketplace from different vendors:
– Some products are better than others in different functional areas of performance
• Budget and implementation goals are the two biggest determinants in product selection:
– Choice of the best fit product affect the ability of an organization to realize it’s intrusion prevention goal
• End User selection of one product over the other is often a pain-point: – Products and technologies poorly understood – Very complex to implement
• Evidence abound on the so many failed implementations: – Poor product selection – End user selection based on vendor sales pitches – Objective criteria lacking
Copyright @ Charles Iheagwara
Why Implementations Fail
• Deployments were ineffective to prevent intrusions.
– See Article at the following URL: http://www.fiercecio.com/story/us-cyberhealth-report-finds-companies-underperforming/2014-02-26
– Attributes growing intrusions to ineffective implementations.
Copyright @ Charles Iheagwara
Why Implementations Fail Cont.
In terms of implementation, effectiveness of the products depend on several factors primary of which is the selection of the right solution for the right environment. Hundreds of Cyber security products in the marketplace from different vendors, some products are better than others in different functional areas of performance and solutions integration. .
Copyright @ Charles Iheagwara
Buying Intrusion Prevention Products
• A lot of companies largely rely on vendors sales pitches
• Some would typically seek out paid reference sources to figure out what is trending:
– Garner
– NSS
– Others (i.e. Forester)
• And then make buying & implementation decisions
Copyright @ Charles Iheagwara
NSS Labs: Security Value Map
17
Gartner Market Data
18 Copyright @ Charles Iheagwara
Lack of Customization and Limited Information Input
• Neither Gartner, NSS Labs or vendor sales pitchers provide users with holistic/custom solutions that are uniquely suited to their environment:
– NSS Labs provide individual product technical/functional capability measures in specific areas
– Gartner provides market data of companies ability to execute
• A missing link is customization to specific customer unique requirements.
• Hence, there is a need for an objective criteria that is more scientifically based.
Copyright @ Charles Iheagwara
system design & management
Artificial Intelligence Solution: A Better Way to Implement
Copyright @ Charles Iheagwara
The Artificial Intelligence Decision Making Approach
• A holistic approach entails adopting a holistic approach that takes into account: – A wider scope of visbility into the anatomical underpinnings of each
vendor product – Relates to the user unique requirements
• “IntrusionPoint” an analytic SaaS tool that performs artificial intelligence decision-making analysis of intrusion prevention solutions that produces the best fit match for end-users from their individual unique requirements and perspectives has been developed .
– Addresses the requirements from a holistic perspective
Copyright @ Charles Iheagwara
IntrusionPoint Optimizes Selection of Best Fit Solution
• The SaaS tool is designed to allow users of intrusion prevention products customize a business case analysis for any deployment and target environment or market.
• The tool accepts a wide range of market data, technical parameters, and business/financial and service planning inputs that a user can tailor for their particular deployment plan.
• It simulates a network deployment and operations using a variety of technical, environmental and service plans and produces detailed reports, Analytics, graphical outputs, and key technical, deployment and implementation comparison charts unique to a user’s requirements.
22 Copyright @ Charles Iheagwara
Implemented Logic
Copyright @ Charles Iheagwara
Implemented Logic Cont.
• The logic tool provides answers to among others the following:
– How do I specify my network environmental requirement? – What is(are) the best fit product(s)? – What other deployment options makes sense for my environment? – How will customer and product support be addressed during the deployment
lifecycle – How would a vendor product integrate into my existing network infrastructure? – What are the performance bottlenecks of a particular vendor product? – What is the comparative advantage of a particular product over the other(s)? – What are the risk factors in implementing a particular vendor solution over time? – How do the costs of vendor solutions affect my budgetary plan? – How can the service agreements be optimized for my deployment or
implementation plan?
24 Copyright @ Charles Iheagwara
Conceptual Approach
The construct of Artificial Intelligence Implemented logic provides answers:
• Define a string of variables mimicking user implementation environments
• Decode the unique attributes of each vendor solution (DNA) in different performance areas such as:
– functional scenarios – technical characteristic – component characteristics – solutions integration – etc.
• Construct a data structure from which a database system is developed
Copyright @ Charles Iheagwara
Conceptual Approach Cont.
• Create a query set database from the data set created from the table of matrixes comprising:
– a query set with multiple alternative possibilities, each having a distinguishing attribute defined in a decision-making matrix.
• Create a query set comprising a query that relates to each of the multiple alternative possibilities set
• Create a set of user primary, secondary and tertiary preference bias values developed by an expert having knowledge of how each alternative affect user input requirement,
– wherein each bias value is associated with a particular alternative, and reflects the expert's conception, based on the distinguishing attribute, of the relative degree of predictive value of the query for the particular alternative relative to other alternatives in the possibility set.
• Obtain a response to the query.
Copyright @ Charles Iheagwara
Conceptual Approach Cont.
• Determine, based on the response to the query and the set of primary bias values, a set of corresponding secondary and tertiary bias values:
– wherein each secondary and tertiary bias value is associated with a particular alternative, and reflects the expert's conception of the relative degree of predictive value of the query for the particular alternative relative to other alternatives in the possibility set; and
• Score and rank the alternatives in the possibility set, based on the secondary and tertiary bias values, to:
– provide a decision comprising the set of alternatives, ranked according to likelihood consistent with the created decision-making matrix; and
Copyright @ Charles Iheagwara
Conceptual Approach Cont.
• For scoring and ranking of the alternatives in the possibility set, the computer implemented logic (algorithm) performs weighted scoring and ranking of a query set values from a database:
• the result of the scoring and ranking provides a user a best alternative from the alternative possibilities from the query response to implement intrusion prevention solution in their unique environment.
• the result generated consists of charts of data, graphs, analytics, product data comparison matrix and customized report.
Copyright @ Charles Iheagwara
system design & management
Solution Design
Copyright @ Charles Iheagwara
System Architecture
30
Numbers Frontend Numbers Backend 1 2 3 4 5
Web users Subscribe & Payment Search Matching requirements Reports, Graphs & Analytics
6 7 8 9 10 11 12 13 14
Admin users Dashboard / Control panel Content Administrators Manage content Reports, Graphs & Analytics Activity log Business logic & automation Database Web templates
Copyright @ Charles Iheagwara
Computer Logic (Algorithm)
Copyright @ Charles Iheagwara
• The logic performs mathematical computations - using the system mathematical model - of input feed and produces results that are generated as reports
• It looks for matching information from the data set that was pre-fed into the system database 13 and the user input data 4, and
– It is essentially multiple types of vendors’ intrusion prevention solutions with identifying data attributes that are constantly updated upon enhancement of new product releases
• The input data is the user unique requirements
• Then executes business logic computation to
• Generate desirable output information 5 for the user.
Mathematical Computation Logic
Copyright @ Charles Iheagwara
Function Weight Raw Score ScoreB.7 xx 1 0.00% n1C.1 xx 20 0.00% n2C.2 xx 20 0.00% n3C.3 xx 16 0.00% n4C.4 xx 8 0.00% n5C.5 xx 11 0.00% n6C.6 xx 8 0.00% n7C.7 xx 0 0.00% n8C.8 xx 0 0.00% n9C.9 xx 0 0.00% n10c.10 xx 16 0.00% n11 Total 100 N% Sum
Sample Scoring and Ranking Matrix
Based on the logic the algorithm of the system computes a range of values which represent best fit for each user unique environment
In essence, the business logic and automation uses a pre-defined criteria of system data elements and specifications to compute a range of values that is a match of best fit solution for each user
Copyright @ Charles Iheagwara
system design & management
Specifying User Requirements & Product DNA Mapping
Copyright @ Charles Iheagwara
Specifying User Requirements vs. Product DNA
Eachproductinthedatabaseconsistsofmorethan2000anatomicalnodesthatareheuris6callyprocessedbythelogic.
Copyright @ Charles Iheagwara
Specifying User Requirements vs. Product DNA Cont.
Copyright @ Charles Iheagwara
Specifying User Requirements vs. Product DNA Cont.
Copyright @ Charles Iheagwara
Specifying User Requirements vs. Product DNA Cont.
Copyright @ Charles Iheagwara
system design & management
Reporting, Analytics and Visualization
Copyright @ Charles Iheagwara
System Output: Products Analytics in Comparative Terms for Decision-making
The Product comparison graph is generated by taking the values of each product section-wise scoring that is stored in the database once products are filled with values for their respective fields.
Copyright @ Charles Iheagwara
System Output: Powerful Decision-making Analytics
The subscriber dashboard displays different types of analytics depending on user specified requirements of a particular product section. Each graph in the blocks are generated by pulling the values of the corresponding entry in the database for particular fields.
Copyright @ Charles Iheagwara
System Output: Powerful Decision-making Analytics Cont.
Copyright @ Charles Iheagwara
System Output: Powerful Decision-making Analytics Cont.
Copyright @ Charles Iheagwara
Output: Technical Characteristics Analytics for Decision-making.
Analytics generated on a subset of technical characteristics of a particular product
Copyright @ Charles Iheagwara
system design & management
Summary
Copyright @ Charles Iheagwara
Artificial Intelligence Decision-Making Tool
• The current way of sourcing and implementing intrusion prevention solutions are not holistic enough to realize the set implementation and budgetary goals
• IntrusionPoint fills a market void – performs artificial intelligence decision-making analysis of enterprise intrusion
prevention solutions – A robust solution that meets the needs of customers who are intent of
preventing intrusion with the right solution
• Decodes the DNA of all solution products available in the market & provides users with the intelligence and precision to decide best fit solutions
• Uses a computer logic that heuristically analyze complex metrics
• Addresses the problems of implementation with the unfit products
Copyright @ Charles Iheagwara
Value Proposition
• IntrusionPoint is an innovative implementation tool that:
– solves the problem of limited scope of visibility into intrusion prevention solutions
– eliminates poor product selection and implementation with unfit solution
– Helps organization realize their set goals on intrusion prevention
Copyright @ Charles Iheagwara
Copyright @ Charles Iheagwara
Contact Information
For more information on this presentation, please email me
Copyright @ Charles Iheagwara