By Geoff Fein
As the government looks to improve its situational awareness of cyber intrusions on its networks, a Washington-based provider of cyber defense solutions believes it has the capability to provide that capability.
NeuralIQ‘s Event Horizon provides real-time forensics that works with other computer security technologies, William Fallon. chief executive officer of NeuralIQ Government Services, told Defense Daily in a recent interview.
“How do we get better situational awareness about what’s going on? It’s a challenge,” Fallon, a retired four-star admiral, said.
In the year or more that he has been looking at this issue pretty closely, Fallon noted a majority of the solutions or advertised solutions to the cyber problem fall into two categories: devices, firewalls and similar type tools that look for certain types of behavior and then deny access to the network.
“Is it effective? Yeah, in a way. If you limit the number of access nodes or potential connections to others through the Internet, you can probably limit the potential damage to yourself,” he said.
But what is the cost to do that? Fallon asked.
He cited the example of a company interested in Event Horizon, but because of the company’s online security systems, they couldn’t access NeuralIQ’s site. “In [that] example, the company said it could take a week to get that undone.”
The other solution basically looks at a network’s operating system and at established patterns of behavior. A company can define aberrant behavior and if one of those security measures put in place are tripped by what is defined as aberrant behavior, the system will shut down or block anything from coming in, Fallon said.
“Inherently, fundamentally the problem with both of these approaches is they are only good against what has already occurred,” he said. “That’s OK for things you have already discovered, but what about things going on today and likely to happen tomorrow? How do you find out about these things before they have already caused a problem?”
Fallon added that his understanding, from talking to people in government and the commercial sector, is that the government and companies are usually late in discovering there is a problem. “What are you going to do to fix those firewalls or the behavior based protective systems to prevent that behavior from occurring again? [And] what about the new things that are happening?”
NeuralIQ believes that the particular product, Event Horizon, comes at this problem in a little different way, he said.
“It aims to give you that knowledge in basically real time, pretty much as it is occurring, and to give you insight into what is happening and then give you the option of choosing what you are going to do about it,” Fallon said.
Unlike the fairly predictable and more than brute force tactic of just blocking things, Event Horizon intentionally does not block an intrusion, he added.
“We can see this real time and give you amazing insight into what’s going on, how they (hackers, criminals, adversaries) do it and what sites they are using to maybe store their malware,” Fallon said.
NeuralIQ achieves this using virtual technology, he noted.
“We are not hindering your operating system at all…there is no effect to the client’s operating system,” Fallon said.
“We enable you to actually look down at the operating level to see what is happening, how these folks are doing it. You gain insight and intelligence. You can do the forensics on the attack pretty much as it’s occurring,” he added. “You can store all this data, of course. You can have all of the past data to go back and compare and see what kind of behaviors appear to be following the same pattern, and you can actually do something about it.”
At the end of the analytic phase, Event Horizon will recommend fixes if that is what the customer wants, Fallon said. “And the idea is to make our stuff compatible with other [systems].
“We are not a ‘take ours and throw the other stuff out,’ not at all. We are suited to be working in conjunction as a complement to other systems that are providing protection,” he said. “We give you a different view, much more in depth real time ability to see what is going on.”