Cybersecurity threats are at an all-time high and have severe, lasting implications on the organizations they affect. Hackers are getting more sophisticated, finding new vulnerabilities and ways to target victims. Assessing the extent and impact of a data breach is often a time-consuming, manual process.
Researchers at the Georgia Institute of Technology are developing a new system that will help to playback a detailed record of a cyberattack. Funded by DARPA, the research team intends to bring the solution to market, which will provide a graphic representation of how hackers infiltrated a system, despite hacker attempts to cover their traces.
Recording and playback system compiles relevant data for forensic analysis
The software application, called Refinable Attack INvestigation (RAIN), creates a record of data from a cyberattack, providing multiple levels of detail. RAIN allows users (e.g. forensic investigators) to pull appropriate data for analysis. Using a range of high-level to granular views, a person can query the data to pinpoint relevant details about the attack.
RAIN monitors your information system on a regular basis, logging anomalies and significant events. At the 2017 ACM Conference on Computer and Communications Security (CCS) on October 31, authors indicated that RAIN sorts out unrelated processes and “determines attack causality with negligible false positive rates.”
Wenke Lee, co-director of Georgia Tech’s Institute for Information Security & Privacy, points out that a RAIN user can go as far back as they need to figure out important information, such as how the attacker infiltrated the system. Within the portal you can synchronously view different data sets concerning breach events, such as the inputs, environment and resulting actions. The automation of monitoring and analysis helps to paint a clear picture about data breaches.
Now in their third year of the project, the researchers are tweaking the system. They have yet to work out a way to make this solution widely available. The amount of storage capacity required is high, which could make it cumbersome for organizations with fewer resources. However, the storage needed can be purchased relatively cheaply. For instance, a typical desktop computer might produce four gigabytes of information each day – less than two terabytes per year. According to Science Daily, which reported on this new development, that amount of storage can now be purchased for as little as $50 per year.
Protect your data against data breaches today
Although technology like RAIN that will help your organization protect personal data is on the horizon, you can protect your organization now by ensuring it has a strong information security management system (ISMS) to enforce cybersecurity protocol. The protection of personal data is one of the most important challenges an organization will face. If you’d like to learn more about implementing the right ISMS for your business, IT Governance is offering the white paper Implementing an ISMS – The nine-step approach.