We live in the Age of Information. Given a computer and a wireless connection any user has access to a seemingly infinite flow of information, and the burgeoning social, electronic communities that pass it around. Superficially, the Internet seems to be gilded in an endless stream of memes and cats, but in actuality it allows for any number of miraculous things to occur by connecting people and resources around the globe. Doctors can perform surgery in Brazil while never leaving their offices in Oregon. Online Video Conference calls can be made to a distant family grandmother in Vietnam from Texas. You can attend a university in Scotland from the comfort of your North Carolina living room.
But the price of this global interconnectedness comes with a cost: that no amount of data is entirely safe from prying eyes. And that includes people playing games, especially MMOs and those with a social component. That’s where individuals like Dr. Vincent Berk, cybersecurity professional and CEO of FlowTraq, make their entrance.
Like many of you, I have heard of ‘big data’ and ‘cybersecurity’ but for me these words seemed nebulous: I kept imagining the trope of poorly lit rooms and a Matrix style menagerie of international super hackers. All sunglasses and trench coats, slo-mo and coding speak.
It was a privilege to correspond with Dr. Berk from FlowTraq http://www.flowtraq.com/ to get his take on cybersecurity and it’s growing global importance, and now I can imagine the nature of his profession without the added air of mystery I so graciously pictured in my mind.
GiN: How did you decide to get involved with cybersecurity?
Dr. Berk: This was not so much a decision as it was coincidence. I was a student in high performance computing, and therefore, understood the security issues that can arise when dealing with large data sets. With this background, I was often asked to help out with security projects, so basically it was more an accidental development than a chosen path. My career pathway has been big data meets security analytics.
GiN: I’ve been hearing more and more about “big data” recently, but to me it’s nothing more than a buzzword. Could you expound upon the nature of big data and why it inherently requires more security support compared to smaller forms of data?
Dr. Berk: Big Data is indeed a buzzword, and much overused lately. I’ve heard many definitions, but all of them are nebulous and imprecise. To me it is more about the algorithmic approach to solving a problem, than it is about data storage. Meaning that a particular problem requires computational resources that cannot reasonably be brought together with a general-purpose architecture.
Servers, networks, and storage hierarchies are thus constructed with specific knowledge of the particular problem at hand. This logically means that data streams, communications, or behaviors that would be considered abnormal in a generic computer network, are benign and expected in these “big data” processing environments. The custom nature of the problem that is being solved makes it harder to spot security anomalies. And often these big data problems bring together a lot of sensitive data from other sources.
In these scenarios we are typically concerned with data exfiltration, or data modifications that could have a harmful effect on the data owner. Patterns that are straightforward to pick up in a normal workstation environment may look very different in big data processing environments, making it much harder to spot. Secondarily, big data processing environments bring much data together, often from multiple data sources. This means that sensitive data that is typically not linked together, or hard to obtain separately, is now being processed together in one place, potentially compounding the damage done by a data theft.
GiN: How have your systems benefitted those that use them compared with those that do not?
Dr. Berk: The key benefit that my customers have enjoyed is rapid visibility into ongoing attacks. In computer security every second counts when figuring out what kind of attack you are under, especially when service uptime is concerned. For instance, being able to quickly determine that a DDoS attack is originating from a particular source address range, or has a fixed source port set, may allow you to quickly mitigate and keep your service up and available. FlowTraq is focused on getting the analyst the insight needed to determine what is going on, as fast as possible.
GiN: How can the average person become more aware of their Internet presence in an attempt to thwart hacking or theft? And is there any advice that you would be willing to give on how to better protect yourself?
Dr. Berk: Each time you enter personal or private information into a web browser, pretend that someone is looking over your shoulder. Not a friend, but someone with ill intent. That usually helps me decide quickly whether I really need the site, service or product. This applies to credit card information, but also other personal information and even passwords. Finally, trust your instincts. If it sounds fishy, it probably is.
GiN: How have you seen the role of cybersecurity change over the course of your career, and what projection can you make for its future growth as far as game development is concerned?
Dr. Berk: Attacks and threats have shifted largely from technical hacks of software faults to subversion of the end user, which means more computers and networks are hacked nowadays through deception of humans that have access to them than by any other factor. The image of the skilled and eccentric hacker who deeply understands the bowels of a computer system and can break in is slowly being replaced by the caricature of a con artist able to trick people into letting them in.
GiN: How do you account for end user subversion when you develop a security system and how have these small-scale con-artist hackers forced changes in the cybersecurity industry?
Dr. Berk: We are [definitely] seeing a shift in the industry with this regard. Ten years ago people would focus primarily on defending the border, considering the “insiders” trusted. Increasingly, network defenders are coming around to understanding that the insiders may not be trustworthy themselves, or may have been subverted by outside attackers. So there’s a slow but steady tidal shift happening on the security front, where increasingly companies are investing in monitoring what’s happening inside the network, and trying to catch what data is flowing out. After all, what matters the most is the damage done after a bad guy gets in, not how they got in.
GiN: The current situation surrounding the Sony hacking scandal and the halted release of The Interview brings to mind the Sony hacking scandal from 2011. Professionally, how do you think these and similar sized hacks will change the nature of future security systems?
Dr. Berk: I believe there is an ample array of security defenses available, but it is up to the defender to actually deploy and watch them. Legislating security defense is very difficult, because networks and the nature of data vary so much from company to company. In fact, if we look at national defense budgets as a portion of GDP, meaning how much of a nations efforts are focused on military defense, we notice that worldwide that ratio averages 2.4 percent. This means that roughly 24 out of every 1,000 people worldwide have as their primary task the defense of the nations borders. Similarly, would it not be reasonable to spend 2.4 percent of company revenue on defending computational assets? And be mindful: this does not include the people that build the infrastructure, such as networks and data centers – that is a separate group of people. After all, the Military cannot also build the roads and power grid.
Does Sony employ 3,300 people in network defense?
GiN: Are you currently working on new products that you will be able to tell our readers about?
Dr. Berk: We are. Our focus is on providing visibility to analysts, even at a very big scale. It turns out that the human mind is spectacularly good at figuring out what is normal, and what is abnormal. But with so much data floating around, and moving so quickly, providing a sufficiently processed view where the human mind can be effective, is very difficult. We spend a lot of our time working on security data processing techniques such that analysts can have views into their network data that allow them to decide what is happening, regardless of how big their networks are. In itself this is a big data processing problem!