Cobalt Iron Compass: Cyber Inspection That Thinks for Itself

Part of the Cobalt Iron Patents blog series

Wouldn’t it be nice if your data protection solution could just do what needs to be done, secure your data — and get better and better at it — without you ever having to think about it? As it’s analyzing cyber threats and validating data, the solution would remember everything that happens, figure out the best ways to handle it depending on the situation, and then automatically adjust itself to improve protection in the future. Sounds like a dream solution, right?

Well, that’s exactly what Cobalt Iron Compass will be able to do thanks to our newly patented techniques for machine-learning-driven cyber inspection. In other words, Compass analytics will determine which data inspection tools are best for the data or the security threat at hand, and Compass will automatically deploy them ... and learn from the experience.

Why You Need It

Cyber attacks are increasing in frequency and sophistication. While businesses continue to harden various resources and parts of the IT environment, nefarious characters keep changing their attack approaches and targets. Cyber protections that worked yesterday or are working today might not work tomorrow. Companies also need more insight into how well their cyber resiliency schemes are working. In particular, analytics around cyber protection, detection, and inspection operations are woefully lacking in the industry. There’s a dire need for more proactive assistance in protecting data and other IT resources and in detecting suspicious cyber activities.

What It Will Do

This invention addresses those concerns. It qualified for a patent because of several unique characteristics:

• Historical analysis of the usage of multiple cyber inspection tools and their effectiveness in detecting diverse types of cyber events in particular types of data.
• The application of machine learning techniques to cyber inspection operations.
• Automatic adjustment of a time range to perform cyber inspection operations based on cyber attack indications.
• Automatic adjustment of policy-driven cyber inspection using multiple cyber inspection tools and multiple cyber inspection levels:
  • at different times or events in the life cycle of a data object.
  • or for different types of cyber events.

This patent introduces advancements in analytics technology. When fully implemented, the techniques will refine and optimize how Compass applies multiple cyber inspection tools depending on the conditions. Specifically, the patented techniques mean Compass will be able to:

• Store and analyze machine learning training data associated with most cyber attacks (including ransomware attacks), inspection class policies, data protection operations, cyber inspection operations, and operational forensics data.
• Establish inspection-class policies to specify, for various security conditions or events,
  • a class of inspection tool and a specific level of inspection to perform within a defined security zone.

• A specific type of data to be inspected.
• A certain point in a data life cycle (e.g., on creation, modification, backup, recovery, etc.) for the specific type of data to be inspected.

• Monitor for a variety of security conditions and events.
• When a new security condition or event occurs, upon analyzing the machine learning training data and inspection-class policies, determine an inspection tool and a specific level of inspection to perform on specific data at a certain point in the data life cycle.
• Perform the determined cyber inspection operations.
• Dynamically adjust the class of inspection tool and the specific level of cyber inspection to perform on the data to lower the risk and impact of future cyber attacks.
• Dynamically adjust a time range to perform cyber inspection operations based on cyber attack indications.
• Perform cyber attack forensics and historical analysis to determine particular data objects attacked, attack patterns, attack timings, attack sources, and other proactive insights into cyber attack activities and consequences.
• Restrict access control to data objects similar to particular data objects attacked.

For example, Compass might use these techniques to analyze cyber attack patterns and targets, recognize specific types of data or applications being targeted, and automatically restrict access control to similar types of data or applications in the enterprise.

In another instance, Compass might analyze machine learning training data from previous cyber attacks and previous cyber inspection operations to determine whether a different cyber inspection tool or a different level of inspection would be more effective at detecting particular types of cyber attack patterns. And if so, it could dynamically adjust the cyber inspection tool or the level of inspection it performs against particular types of data in future cyber inspection operations.

What It Means for You

Compass will use analytics to figure out in advance which cyber inspection tools will be best for different scenarios. That means your business will be able to adjust proactively and automatically which, how, and when cyber inspection tools are used to validate corporate data.

The business outcome: lower risk of undetected cyber security events and continually improved data validation operations.

Want to know more? Please get in touch!