Bear Systems is building on its next generation cybersecurity platform to provide a range of SIMPLE (Secure Integrated ML Platform Leveraging Expertise) solutions for the world’s most pressing needs. This blog entry is one of a series of introductions showing how Bear can provide a SIMPLE solution for specific vertical challenges.
If you have been reading all of our blog posts, first of all – Thank you – YOU ARE AWESOME!!!
Second, you probably noticed that this post is out of alphabetical order with the other posts (it will happen again down the road…). In talking with various people, I realized that people really want to understand the underlying security present in every SIMPLE solution. More importantly, Bear Systems uses SIMPLE for its cybersecurity and this reality provides a great use case.
First, let’s quickly overview some of the main issues with other cybersecurity solutions.
They don’t work…
Is that sufficient? No? OK, FINE.
Current cybersecurity solutions sit in the way – in your applications, in your networks, always causing disruptions, angst, and always behind. These solutions cannot get updated without disruptions much less solve anything. In fact, the best nonintrusive option is anti-virus software that was created 25 years ago…
Sad, isn’t it?
These solutions force cybersecurity experts into operations and then overwhelm those experts with too many problems that each require manual intervention. The really “sophisticated” solutions tout their ability to quickly isolate and shutdown infected servers. I read that as “we are GREAT at quickly ruining your day by completely disrupting your operations!”. None of these solutions can scale, none provide anything useful to aid operations – and, no, using machine learning to filter data is NOT useful to an operator – and none really work in modern environments.
These solutions are so limited that they limit their customers. “Well, sir, we really only provide Ethernet so you will have to get rid of all of those awesome Bluetooth devices”. These solutions collectively push people away from diversity, away from better Operational Technology (OT) efficiencies, and attempt to use hypnotic digital pendulums to distract people from these issues. “Look at the pendulum…ignore the hackers…look deeper…”
And did I mention that these options are terrible at actually detecting anything?!?
OK…let me get off of that pedestal and go over to this comfy chair…
SIMPLE Security has been built on the SIMPLE platform and it is that platform that enables SIMPLE Security to overcome all of these issues. The SIMPLE Platform operates over any type of device, across all types of communications, and does so in a manner that is completely invisible to applications, users, and missions. You can literally add a SIMPLE Platform to your enterprise today and not have to change a thing to any part of your operations. How is that for zero touch deployment?!?
Now this is not to say that the deployment is something…err…simple. Under the covers, this SIMPLE Platform is leveraging quantum resilient methods, distributed ledgers and our own SIMPLE Blockchain (all of the protection, none of the math…) to thoroughly identify every endpoint in every system. The SIMPLE Platform is constructed to work in Local Systems that each operate completely independently and only exchange data as needed. Local Systems provide an endless ability to scale without the overhead.
Every aspect of the SIMPLE Platform uses workflow engines – in fact, the invisible agent placed on each device is comprised of numerous tiny workflow engines. These engines contain absolutely no hard coded behaviors. Instead those behaviors, and they are behaviors and not static fill-in-the-blank values, are controlled through policies. Changing complex behaviors within devices, or across systems, is as simple as changing policies.
SIMPLE Security then takes over and provides deep levels of on-device protection (think BIOS level, or the very bottom of the device, on up) as well as quantum resilient communications security. Combining these features alongside the SIMPLE Platform deployment results in a virtual fortress that is incredibly secure and has not intruded on anything in operations.
That stated, this is just a baseline and the true power of SIMPLE Security is based on its unique ability to handle remediation through Security Expert Intelligent Remediation (SExIR) Profile. As discussed in other posts, SIMPLE enables the ability to capture domain expertise into reusable, visual tools. In the case of SIMPLE Security, the reality is that the same type of exploit can be solved with the same behaviors over and over.
Take, as one example, a typical email exploit that results in somebody clicking a link that should not be clicked. In all of these cases, the link installs a small application called a payloader that then reaches out and attempts to pull in and install a myriad of different types of malware. Current cybersecurity options focus on blocking the incoming malware, attempting to find bad exploit sites, and generally leverage historical data to identify bad actors. If these solutions figure out that malware got in, they isolate or shutdown the server/device and disrupt operations (some in as little as 15 minutes!). Then some cybersecurity expert gets into that device, deletes the malware (not so easy at times) as well as any located payloader. Given the reality that the malware instantly spreads to every possible known device on the network, that expert manually repeats these steps over and over again. Hopefully, the experts gets it all…and if you have been attacked then you know what I mean…
Let’s revisit this scenario from a SIMPLE Security perspective. Already running on that device is a SExIR profile that controls what communications are allowed to occur by each application. This control is not simply restricted to where the communications are occurring but further to the types of allowed communication. In the case of email, email messages are allowed and perhaps launching known applications such as a browser are cool, but nothing unknown is allowed. With this SExIR profile in place, the user clicks on the bad link and the payloader attempts to get itself installed…and is immediately deleted. Suppose that somehow the payloader does install itself, then the unknown new communication coming from the unknown new payloader application triggers another SExIR response – and is still deleted.
So current cybersecurity options freak out, shut down systems, and eventually…manually…hopefully… fix things. The employee that clicks on the link is yelled at, terminated, or otherwise is miserable. Production grinds to a halt and everybody suffers. With SIMPLE Security, the user clicks on the link, a message may or may not be sent to operations, and nothing else happens. There are no disruptions, no infections, and nothing bad occurs – even to that employee.
As for operations, all of those annoying cybersecurity experts are gone. Instead, OT admins are provided visual SExIR tools that are wrapped with operational-oriented information. These admins understand that running a given SExIR tool will cause processor, memory, and even power cycling impacts and can act accordingly. These OT admins can enable automated management to handle 99% of the cybersecurity efforts and only get involved when a disruption might occur.
OK, this is probably the longest SIMPLE post I have written, so if you are interested, please contact us to learn more!