Cyber attack: First comes the scout, and then the killers
AI is the engine that will be driving Systematic’s cybersecurity concept. And if Chamara Bulathsinhala has his way, hopefully without any checklists. The architecture behind the concept rests on virtuous AI and a top-tested concept.
(Written in cooperation with Version2)
We start with a confession from Systematic’s security expert Chamara Bulathsinhala.
“Checklist is a word that I have problems with. It is old-fashioned,” he says, without feeling abashed in any way.
“Checklists are for accountants.” Are you doing this – are you living up to that? “They identify any non-conformities, and off they go, with customers sometimes feeling slightly lost and left behind. Instead of asking what are we going to do from here? And how do we move on? This is where we come into the picture with our ‘digital first approach’ within cybersecurity. Because where the vulnerabilities are, that’s where the fire will start.”
Chamara is fine-tuning and working with Systematic’s cybersecurity concept. It’s a concept that will potentially be rolled out across several industries operating within the field of critical infrastructure.
The concept replaces the classic checklist with AI as a way of preventing attacks. In other words, the digital logic breathes life into the ‘kill chain’, which is the machine that handles the cyber threats.
Kill Chain, Shift Left on Security and Defense in Depth
Systematic’s kill chain approach is designed to destroy external threats. The principle behind a kill chain is that the countermoves are different depending on when a threat is discovered in the chain. The earlier the threat is discovered, the less damaging it is, and the easier it is to destroy the enemy, but the hackers are also smart.
“It always starts with a scout trying to find the gaps in the software’s line of defence. This is how the vast majority of attacks happen. However, the cleverest hackers use methods which we don’t know about. They’re good at developing new ways of attacking,” says Chamara Bulathsinhala.
“We can see that the attacks are becoming more sophisticated, and the way in which the attacks are being levelled at us is changing. Much security is based on static rules which are several steps behind. They are derived from our knowledge about past attacks. What we want to do is spot the new patterns of attack as early as possible.”
“Our AI Intrusion detection system monitors logs that find the abnormal events. However, we must remember that our adversaries also have AI that is knocking on the door and wanting to get in,” says Chamara.
The AI looks at the logs which register traffic, patterns and threats in the data flow. A logic that is built into Systematic’s security concept, where security is a factor in all parts of the business.
“We conduct checks right down to app level, again by looking at the traffic. We get right into the code strings and way down into the bits and bytes when looking at security. We establish whether the packages are real, or whether a hacker is at work. Our AI and machine learning look for anomalies and patterns that don’t fit in,” says Chamara Bulathsinhala.
Highest Michelin star within software solutions
Systematic is a certified CMMI5 supplier, which is the highest maturity level within software development processing. It gives the company access to developing security for critical sectors such as the police, the utilities, hospitals etc. In addition, Systematic is also certified according to the ISO 27001+2 standard for information security management.
“Our development team always starts by building the security elements. The classic approach is to develop the app, and then look at the security. This is expensive, and you’re likely to end up with a flawed solution. At Systematic, security is integrated from the outset. For example, we use the web app scanner OWASP ZAP and other tools to check security if necessary,” says Chamara Bulathsinhala, and goes on:
“The certification dictates that everyone works in the same way and based on strong internal guidelines. Our particular methodology supports international security standards. I.e when and how we test components and security. We are continually improving our processes, and never rest on our laurels. It’s like getting a Michelin star. Once you have it, you need to work hard to hold onto it.”