Friday, August 9, 2013

fascinating cybersec insights heard at breakfast today

Right now my car is sitting out in the parking lot next to the building which is very rare because I never get here early enough--7am this morning (commuting from Pleasanton...argh) to be at at a breakfast, hosted by President Mo, that combined SJSU folks with Silicon Valley CyberSec execs. Doesn't sound that thrilling on the surface and I was grumbling on the way in, but it turned out to be worth it. Totally. We heard from the CISO (Chief Info Security Officer) of VISA and the Executive Chairman of RSA and both impressive and full of fairly stunning insights from their experience on the front lines out there.

They said that the days of defending a perimeter, plugging holes, etc., were gone, especially with the advent of the cloud, and that those who still viewed CyberSec that way were in for a rude awakening. You can't try to believe that you can hold the bad guys out, they said, you have to accept that they are in and the best you can do is to discover and disrupt. And you have to do so as quickly and effectively as possible. 

How? Smarter tools & techniques. How smarter? Analytics & "big data". We need intelligent tools that can model human behavior, model it, and then watch for the "weak signals" in the noise that indicate something suspicious going on. Like what? Well, they said when people log into their VISA accounts, for example, they poke around, looking at their balance, etc. before making a payment. But hackers get in, set up a payment (to their account, etc.) and get out. The interaction looks different if you're watching and we need the tools that can pick up on that and alert the security team right now and that's where the "big data" analytics comes in. You have to track/gather all that kind of behavior, recording and modeling it and then use analytic tools to detect anything that seems to stray out of normal bounds and when you do, sound the alarm. So the solution is in the overlap between these areas.

Hmm...that reminds me, in case you hadn't heard, MIS is one of the five departments on campus that have been hiring CyberSec and Big Data faculty as part of the President's interdisciplinary cluster initiative in those areas.  The goal is to encourage research and teaching in the overlapping spaces that span CS, Comp Engr, Library Science, Psychology and...you guessed it, MIS. So if these guys are right, and they sure seem to be, then we're really well positioned to take on the challenge and make something good happen.

So yeah, it was worth it but I'm ready for a nap now. At least it's a short walk to my car today. Had to take a picture though, cuz it'll be a long, long time before that happens again. Rats.

No comments:

Post a Comment