Lets take a quick look at industry security technologies:
Firewalls - Essentially firewalls are designed to block IP addresses. Several firewall corporations do a pretty good job at blocking IP addresses. The only real complaint about firewall technology is knowing what to block. Therefore, most of the advanced firewalls perform (stateless or stateful) packet inspections. But the fact is that firewalls perform packet inspections on the TCP header(s). If the TCP header(s) are clever enough to "fragment themselves" through a targeted firewall, then they have successfully penetrated the targeted network.
Intrusion Detection Systems (IDS) - Another great security technology that is either network-based or host-based, and inspects communications with a comparison of Signature IDs, Statistical or Heuristic IDs, Network Based IDs or Host-Based IDs. In simple terms, if an IDS gets a signature match, or the network traffic instantly appears to be abnormal, or if the network traffic over time appears to be malicious, or if the computer begins to act abnormal, then the IDS blocks the IP address.
Sounds like the industry has it all covered.
It's not. At CDS, we believe the entire essence of computer security is NOT the actual blocking of IP addresses. We believe the essence of computer security is actually NOT a security function per se - it is instantly detecting what is actually a cyber attack and instantly reporting that cyber attack to other security and analysis technologies.
Another BIG problem - network attacks now use legitimate methods of communications (passive intelligence) and attempt to gain access to remote entry points/gateways - the cyber attack looks exactly like the rest of the ongoing network traffic and there is no technical difference.
And yet another even BIGGER problem - Open Source Network Security Tools utilized for penetration testing have been improved by hackers and repackaged as "attack tools". These attack tools have the capability to successfully connect to a targeted network/device and exploit the active programs that reside in memory. Many of these type of attacks are now referred to as "fileless" attacks. Exploiting the targeted device's active programs allows the attacker to successfully penetrate the target without leaving any physical evidence of a cyber attack.
What do you do? What technology do you rely on to resolve these problems?
At CDS, we have a group that has recognized and studied these problems for years throughout their careers.
Cloud (virtualization) is a major leap forward in technology. A corporation needs a new server, and in a matter of a few minutes a new virtual instance can be created to install server software. Cloud technology is truly amazing. However, virtualization has a price - cloud networks and virtualization now make it much more difficult to detect malicious traffic (cyber attacks) because of all the obfuscation possible.
Cyber attacks can detect and bypass cloud virtual instances. With only a few lines of computer code, a cyber attack can detect if it is connected to a real computer or a virtual computer. The attack will search the cloud network without executing, until it finds the target it is searching for.
Honeypots/Sinkholes are being deploying by corporations/organizations worldwide, and are recommended to be installed and utilized by the SANS ISC. The problem with honeypots are numerous; 1) They can be instantly detected, especially if they are cloud-based virtual honeypots, 2) They have no instantaneous analysis or reporting mechanism. They require research. There is no instantaneous honeypot alert or forensic data generated out of the attack.
Yet the worst problem with honeypots are that hacking sites such as Shodan have released a hacking tool that will allow anyone to search the Internet and successfully detect honeypots, and remain anonymous while searching the Internet!
Traditional computer/servers. This is an easy one; nobody wants to take the time, energy and money to deploy traditional computers or manage a traditional network. They are just too expensive, time consuming and out of the question - for now.
What did we do at CDS? We developed an embedded device about the size of your hand.
Our embedded device has been designed to resolve/overcome all the industry defined problems with cloud (virtualization) computing, traditional computers, honeypots/sinkholes, Internet sensor detection, cyber attacks that appear to be legitimate such as passive intelligence gathering, accessing remote entry/gateway points, utilizing open source network security tools as "attack tools" and "fileless" attacks, which target and successfully penetrate a network/device without leaving any physical trace of a cyber attack.
Where is our embedded device installed?
Our CDS embedded device is installed outside of (not within) the main network traffic ingress point and parallel to a network gateway entry point, and is configured to emulate the exact functionality/characteristics of the devices within the surrounding network operating environment. Therefore, if a customer has a specific type of dedicated servers (cloud/traditional), workstations, specialized devices, industrial control systems (ICS), IoT devices, etc, our embedded device will appear to be a typical device no different than all the surrounding operational devices.