I confess I watch a lot of Netflix. House of Cards (best show ever), Breaking Bad, Criminal Minds. Our inspiration for the Bitglass Breach Discovery service was born of binging on Criminal Minds. Hmm.... you say.
The so-called profilers in Criminal Minds try to think like the criminal in order to deconstruct the facts presented by the crimes. Doing so allows them to build a profile of the criminal. As new facts come in, the profile is sharpened until the profile leads to a set of one. In the field fo Computational Learning, this process of "pro
filing" is called "Winnowing." Start with the set of candidate hypotheses, and winnow it down based on the facts. If you can constrain the candidate hypotheses to the available a priori facts, the winnowing process converges faster. If you don't constrain the field of candidate hypothesis you are just sifting through a haystack to find a needle.
Many IT organizations are stuck with vast mountains of log data trying to figure out if they have been breached. Huge Splunk installations, dedicated personnel, alerts everywhere, mayhem and daily triage. That's on a good day. Despite such massive investment, the average breach is 205 days. JPMorgan spent 125M annually on IT security and still took 9 months to detect a breach. And even that was because an outside consultant to a contractor notified JPMorgan. That's a huge gap between investment and results.
At Bitglass, we believe the reason for the gap is that the IT professional inside enterprises is does not think like a hacker. If you want to profile the hacker and detect a breach ASAP, you have to think like a hacker. All of our design decisions and algorithms in our Breach Discovery service are centered around the simple question - What Would the Hacker do?
Sign up for our webinar on April 29th as we discuss how to think like a hacker, and limit the damage of breaches.