Verne Global

Industry | HPC |

18 May 2017

How HPC powered analytics are transforming cyber security

Written by Michael Brown

Michael is Verne Global's Lead Director of Business Development, and is based in the New York metro area.

Despite the pervasive awareness of cyber security threats, a majority of private companies globally are struggling to ensure their own cyber security. According to data released by security ratings firm BitSight, more Fortune 1000 companies decreased in their overall security rating than increased during 2016.

No doubt this cyber security challenge is in part due to the increasing sophistication of enterprise networks. Today, supply chain partners, external employees, contractors - anyone who has access to a company’s network - presents a potential vulnerability. This means that cyber security threats are no longer confined to network edges. These threats are internal, they are external, and they are increasing in number as businesses transition to greater openness and flexibility.

Finding and mitigating network security breaches has typically relied on the querying collected security data, but in this age of radically increased network traffic and increasing file sizes, how can companies achieve this time-sensitive task before the damage is done? The average user in today’s corporate network sends and receives over 100 emails and has over 10,000 network sessions per day. For large organisations which have thousands of employees, this enormous amount of data flow can generate over a billion records daily. Deriving valuable security data from such massive databases, which are receiving a continuous ingest of new data, presents a major problem for cyber analysts.

Timely, effective analysis at this scale requires advanced analytic capabilities that only HPC systems can provide. Processing large network security datasets in parallel on HPC clusters can dramatically reduce the time needed to locate the origin and impact of a cyber-attack, which can in turn helps analysts contain the damage done by attacks before it reaches critical proportions. This capability can not only protect valuable data, but also helps companies avoid the embarrassment of going public as the victim of a successful hack, which can be just as costly and damaging to their reputation in the long-term.

Network security monitoring is just one of the focuses for HPC-powered analytics in the cyber security field, though. There are other important areas, like malware analysis and detection, where HPC is having just an equally significant impact.

Malware, a broad category of software that includes viruses, worms, and other malicious code, is a major weapon in the hacker arsenal, and understanding each piece of malware and how they interact with each other is another key focus of cyber security professionals. Most current efforts at malware protection are centered on identifying known attack signatures inside of files and marking them as malicious. As the sophistication of the attack increases, however, the shortcomings of this older method are becoming more apparent. Even a moderate deviation from known signatures or heuristics can evade traditional anti-malware software, while the software itself can be vulnerable to attack and exploitation. This leaves ample room for the determined hacker to operate.

Thankfully, HPC is opening new paths for greater malware protection. By allowing virtual machines running in parallel to test malware samples in isolation, HPC systems give analysts the opportunity to monitor the network behavior of dangerous code and address questions like, how do new malware techniques compares to older techniques? What new techniques are emerging? This big-picture analysis is leading to the development of predictive methods for identifying and classifying malware based on a set of behavioral criteria, setting the stage for a new and innovative anti-malware toolkit to emerge and deal with the latest adaptive malware threats and sophisticated obfuscation mechanisms.

Looking forward, there is exciting development throughout the cyber security industry that is tied closely with HPC. As the statistical and behavioral analysis of hacker behavior becomes more thorough, artificial intelligence systems that tackle the most pernicious cyber security problems like zero-day vulnerabilities and advanced persistent attacks are becoming possible. This capacity extends to internal threats as well, as artificial intelligence systems learn to intelligently monitor network user behavior and identity potential attacks from inside a company network. Eventually, a deep understanding of the sociology, psychology, and behavior of cyber criminals derived from HPC compute power will lead to the development of anticipatory systems that can predict malicious activity from both internal and external sources. Further into the future, this will lead to self-organising systems of systems that can contain and eradicate attacks in real-time.

Verne Global is committed to helping our clients and partners in the cyber security field stay on the cutting edge of these cyber security trends. By providing companies like ThreatMetrix, a market-leading cloud solution for authenticating digital personas and transactions on the Internet, with the compute power they need to drive increased research and development in the cyber security field, we hope to speed the development of these new cyber security technologies, and provide a safer and more reliable cyberspace for both industry and individuals to thrive.


Sign up for the Verne Global newsletter

Opinion, thought leadership and news delivered directly to your inbox once a month.