Saturday, July 13, 2013

3 Humans + 1 Computer = Best Prediction

For any of you who've known me professionally for more than a couple of years, you know two things about me..

1. I demand strong analytic rigor in thought and writing from my analysts.
2. I really love building operations to take on the hardest analytic challenges.

You probably also know that I'm an carnivorous reader of many things tech.  Beyond the online forums
Source: Harvard Business
Review, May '13
and blogs, I read (consume?) the Nook versions of Wired and Popular Science for mind expansion and idea generation. I read Entrepreneur and Fast Company to learn from others how to take those fun mind expanded products to market, and, I read the Harvard Business Review to understand bigger more strategic issues and how they might affect my business moving forward. Sadly of late I've fallen a little behind on my reading (building a company requires a LOT of time) but I got myself caught up last week, and during my reading of the May edition of HBR, I happened across a paper that I'd previously missed.

Two professors posted a short paper that underscores something I've been pounding into my analysts and preaching from my bully pulpit for years... In areas of new problems, with unknowns and no linear progression to solution, humans are better at predicting than computers [1].  Computers are great at crunching mechanical functions, numbers, and identifying solutions that can be derived through a logical, linear progression, but they don't understand thinks like innuendo, emotion, motivation, determination, opportunity and all of those other things that make humans human... all of those things that make smart human analysts highly valuable.  Even Watson (IBM's super computer that won Jeopardy) was programmed by humans, and threads billions and billions of linear thought. At some point, predicting computer failures as a result vulnerability exploitation as a result of external influencers (hackers) will be an automated function ...but not today. The sheer volume of variables are enormous and to the newly inducted, overwhelming.

This is the Red Sky Alliance value proposition --Humans tackle hard problems through shared thought; each member with a different perspective on the problem(s); each having opinions on the best way(s) to solution; with Red Sky professional analysts distilling the conversations into actionable reporting and farmed indicator lists that you can take and use to protect your own systems.

Through human interaction and facilitated crowd-sourcing, our members receive:

  • High quality unclassified threat intelligence: Red Sky isn't the government. We don't have classified reporting. And we aren't LinkedIn. We don't simply repost open source reporting. Our Professional Red Sky team produces threat intelligence derived from the members, and some, derived for the members. For example, we just published a report that details the exploits of one very active guy, using 14 domains and 10 unique IP addresses. We believe this person will be targeting a specific industry --and company, very soon.
  • Focused analytics and indicators: The indicator race is a cat and mouse game. Indicators are important.. very important, but knowing what to do with the indicators, which ones to implement first, and what to do when they fire is also important. Protect yourself from the wolves closest to the sled.. What will hurt you today? Read the analysis; ask questions of others; prioritize your protective strategy.
  • Gain real context to data presented in your subscription service(s): Subscription indicator services and open source email lists don't give you a LOT of information. Most times they talk of discrete indicators and what it means, but rarely does it come in threaded context, and most all are retrospective in nature. One group that we watch actually operates in real time --it's great stuff. But if you need to know what to do with the information passed, or what they talked about six months ago and how it will affect you today, you're in real trouble. A company can quickly be overcome with data. One of our (more capable) members recently told me that his team processes only 7% of all 'security intelligence' received. But, they process Red Sky reporting first. They use every single one of the indicators Red Sky analysts publish, and read the analytics to understand how/where to use the information.
  • Clean, actionable data: Big data doesn't necessarily mean good data. And (big) data is not intelligence. Data dropped into big cans in the cloud still need to be read out in a useable way. In fact, the 'cloud' is being littered with security vendor cans of indicators in a big way, but which one will you trust? And if your sensors are constantly running out the cloud to identify badness, how much bandwidth can you afford? When your company generates millions of lines of syslog and your IPS is constantly shagging flies, can you really afford to have your security devices hitting multiple repositories of big data in the cloud? If you download data from the cloud, how many cloud based cans of indicators can you load into your systems before inducing latency --this becomes especially important in VoIP users. Red Sky members receive weekly reporting with clean, readable, Kill Chain (Lockheed's version, not the bastardized version) formatted indicators, the story behind them, first and last seen information, and when we know it, attribution.
  • Assistive tech: Malware Analysis: Most security folks don't need to know how malware works. They only need to know how to stop it, and then how to find it. Drop your malware in our portal's malware lab. You'll know in minutes how bad it is, who it calls home to, and the meta data that can be used to find it in your environment --get the benefit of the online malware analysis tools without publishing your data to the world. 

So here's the deal. We have two portals and one service offering:

Red Sky Alliance's private portal is medium and large companies. Our smallest company is a defense contractor with roughly 2500 employees. Our largest is probably a tie between a global Oil and Gas and a Financial Institution.. both boast roughly 350,000 employees. This is private, and exclusive. You must be voted on the island and can be voted off the island if you break a trust. The membership price is roughly half the annual cost of a good subscription service but you get full interactivity with others who can help you immensely in a private, non-confrontational, non-threatening environment.

Beadwindow is more open and can include public or private organizations, including government focused IT personnel (in the Fed, this means GS-XX-2210 or their supporting contractor personnel). Beadwindow currently hosts state, local, and private company personnel. Red Sky members automatically get Beadwindow access. We use Beadwindow for more open sharing, and for coordination during Wapack Labs operations. Pricing starts at $495 per year for individual, small company members.

Wapack Labs is our for-fee cyber operations, forensic and analysis shop located in Manchester, NH. The lab offers a full forensic capability (computers and mobiles), a lightweight cyber security operations center (think US-CERT Einstein with more dynamic capability and live, on-the-fly enterprise wide forensic capabilities), and tailored reporting for your security intelligence needs. Our Wapack Cyber Security Operations Center (Wapack cSOC) monitoring service utilizes data from the portals to protect small and medium sized companies. When we find information that might help them, we push those indicators into the portals... One detection is everyone's prevention. Wapack cSOC starts at $1495 per year per sensor, and with it you also get access to our Beadwindow Information Sharing portal. (Note: Wapack Labs is perfect for small and medium companies facing new cyber regulations.. HIPAA Omnibus which takes effect in September, and for small and mid-sized defense contractors and supply chain companies who will be required (very soon) under the 2012 NDAA to report cyber events to the Federal Government.  Let Wapack Labs handle your monitoring, and government reporting.) 

It's a great time to be a Red Sky member! Interested in joining us? Drop us a note! Set up a demo time.

Until next time,
Have a great week!
Jeff



[1] http://hbr.org/2013/05/3-humans-1-computer-best-prediction/