Cyber security operations is a complex business. Each new device connected online is a target for cyber attackers to exploit, highlighting the need to find solutions to detect and defend against increasingly sophisticated attacks. This challenge is only going to become more difficult in the age of Internet of Things (IOT). The MOD collects a huge amount of network and cyber data, but the sheer volume and complexity of this data means we need increasingly automated methods to find system anomalies and flag them for action, allowing our highly skilled cyber analysts to zero in on the right things, at pace, to identify and address any issues.
The Defence Digital Innovation Team initiated an Alpha project in early 2019 to test the hypothesis that Machine Learning and Data Science can assist in making cyber security operations quicker and more effective. Building on the initial validation of the hypothesis, and working with the Service Delivery & Operations Defensive Cyber Operations Delivery Team, this progressed into a Beta phase to prove the methods against a representative MOD data set. This successfully accelerated progress in this exciting area and has led to the transition of an initial capability into Live Service.
MOD cyber vulnerability analysts and security teams need tools and advanced methods to support their analytical process to identify events of security interest, either device or person generated, in increasingly complex and dense network data. Surfacing events for specialist review through automated tools allows human operators to focus their efforts and use their time much more effectively.
There are many highly sophisticated cyber security products on the market which deliver new capability. The challenge to Defence is not only the cost of purchasing and licencing these products across the size of our enterprise, but also the complexity of integrating products across different suppliers that comprise an end-to-end service. Moreover, these products may be considered ‘black box’ solutions. This means that the MOD may not learn anything about how to solve the problems of the future, or how to refine the output of a jigsaw puzzle of commercial tools to improve outcomes.
Developing this capability in-house, rather than simply buying third party tools, means that we avoid the cost and complexity of implementing new tools; whilst also optimising the technical data required to input to them. We also learn how to solve future challenges as our enterprise becomes more complex and threats continue to evolve.
Original Source: https://defencedigital.blog.gov.uk