Defensive Cyberspace Operations using Tensorflow
The Jigsaw Security team has been hard at work to release our newest security offering. Our security learning module is now available to customers that want to use our extensive sensor network data, logs, packet data and netflow to make sense of what is happening within their network environments.
During a recent exercise, the team provided 20 different security related designs for use in Defensive Cyberspace Operations. We did not want to develop the platform from the start so logically we went with a proven model in using TensorFlow to get the job done. Our algorithms are finding critical data useful in identifying IoT lack of security issues, DoD information leaks on public websites, identification of heuristic based detection of new attacks that have never been seen before as well as at scale matching of threat intelligence to any device that generates a log file.
"One of the biggest issues faced for Jigsaw was that using our traditional programs and tools we quickly ran out of resources, this was a huge limiting factor in our company being able to compete on larger deployments. " said Kevin Wetzel, CEO and Founder of Jigsaw Security.
Back in early 2017 our technical team kept running into issues with a particular problem where our code would run but it could not run fast enough to take action on things that were occurring as the computations were being run. It was taking hours to complete some of the basic models so we knew we had to step up our game. One of our QA engineers suggested we implement TensorFlow to tackle the problem. Upon researching our development team was able to take jobs that were running 3-4 hours to completion to get the same answers to the same questions we needed answered in under 4 seconds on modest hardware, this allows us to respond while an attack is occurring. This changed the game and allowed us to compete with much larger and mature programs with commodity off the shelf hardware. By providing capabilities in an affordable manner, not only do we have a solution we can support but the customer has a solution they can depend on.
While we love Python, native python applications just were not doing it for us anymore...
We like the ability to set our model and have it give us results in real time whereas our calculations are running calculations, this allows immediate knowledge when a DDOS, Malware Campaign or Attacker spins up a new campaign keeping us ahead of our competition. Finding unknown threats and making them known is the key to us being ahead of the curve and ensuring continued protection of our customers.
By training your sensors to learn what is happening, you continually make the results more applicable to your particular organization. No longer do you need threat intelligence data from any other network's except your own, you can still however compare what you are seeing to what everybody else is dealing with in regards to security. By monitoring the tensors from various customers, we can get a quick representation of what is happening and adjust fire as needed. Google has done a decent job at providing this tool kit but it is only one small piece to the overall machine learning picture in use at Jigsaw Security.
For more information on our TensorFlow project keep an eye on our GitHub repositories.