Predict Where Your Data is Most Vulnerable with ML

A “boil the ocean” approach to security embodies the concept of treating the entire infrastructure as the attack surface for adversaries. The problem is that your cyber adversaries don’t need to attack your entire infrastructure. They want your data and will target the infrastructure that gets them closest to your data. There must be a better way.

A data first security approach assumes that your data is the target of the attack. Based on this approach, security at the storage layer, categorized as “Cyberstorage” by Gartner, can provide a heatmap of your data’s attack surface. Let’s discuss how Superna’s evolution of our market leading Cyberstorage capabilities will harden your data’s attack surface. We can make precise predictions on the most vulnerable area of the data attack surface and create a remediation plan that pinpoints hosts and users that represent the weakest links.

Your Data is Your Cyber Risk

Your data’s attack surface is defined as the sum of all storage locations, data types (i.e. structured or unstructured) and the users, hosts, and machines that have direct or indirect data access.

If you look at all the data, users, and hosts through the lenses of data access patterns and the data’s importance to the company, you end up with a substantially smaller subset of the total data footprint that needs to be hardened against attacks.   

Superna is developing technology to dynamically compute your data’s attack surface and precisely identify where best to apply hardening and remediation in the infrastructure to reduce the cyber risk to data.

Current approaches to security have used a “boil the ocean” approach to applying security controls across devices without regard for the value of the data or the calculated risk to the company. Applying a machine learning (ML) data-driven approach to estabilishing security controls and remediating common vulnerabilities and exposures (CVE) allows prioritizing high risk data which can accessed by high risk hosts and active user accounts. 

Not only can we predict the high priority vulnerabilities in the infrastructure, this technology can provide an answer as to why the risk is higher for a given host or user account. Data access patterns and vulnerabilities change as your infrastructure changes. For example, as new hosts are added to the network, user data access permissions are changed, new applications are installed, firewall rules are changed, and new CVEs are published. The definition and scope of the attack surface is constantly changing creating permutations that exceed any manual process that can identify data access vulnerabilities and predict a compromise before it happens. Plugging the most vulnerable security holes based on data risk to the corporation is a key tool to ensuring high risk data is protected first.

How to Improve Your Cyber Risk Outcomes 

Superna categorizes this technology as “active defense” and is a key component of a next generation cyber storage platform. By combining “active defense” with “Offensive Security” defined by the NIST 2.0 cyber security framework (CSF) you get a complete storage layer security capability that improves cyber attack outcomes to protect your data.