Who Is

watching out for you?

In today's world you need to understand a few more things...

Who Is

knocking on your virtual front door?

It could be someone down the block or from the Bloc

Predicting the likelihood and method of attack

image of Chris Pogue - Nuix

18-Sep-2014 - Patented tech not applied to security ‘til now

Recently a cyber discovery company approached 14-year veteran of security consulting, Chris Pogue about marketing its technology in the USA.

The Nuix Engine sifts large volumes of unstructured data in complex file formats into data that’s understandable and permits humans to make decisions.

“Three patents give it capability that has never been applied to the cyber security response space,” said Pogue. “After seeing it I was absolutely sold and have been wrapping my head around what the capabilities are.”

Historically software solutions have accepted precedents. Most members of the Internet response community use commercially available software tools, because they’re proven in court. Yet there is no such thing as “court-approved” software.

“That’s like saying a Nikon is approved and the Kodak crime scene photos aren’t,” Pogue said. “It’s up to the practitioner who testifies. You have to understand what the end scripts are doing behind the scenes, and if you don’t you’re trusting the vendor to do the right thing. If they’re not you can’t tell anyway.”

Nuix wants to turn that paradigm, by not acting like a typical software vendor. To that end the company has gathered a Cyber Threat Team and infused its software with real world intelligence.

“We’ve been doing malware reverse engineering, pen tests, assessments, and we have knowledge of the threat landscape,” said Pogue. “It’s realistic attack vectors, threat patterns and malware signatures. For practitioners to write their own scripts, we have the Rest API, which allows them to use whatever high level language they want.”

He refers to it as a “Combat Force Multiplier – a tool that makes your force exponentially better than the enemy’s.

“This is a fusion of man and machine – wonderful technology infused with human intelligence. It’s a feedback loop that continues to build into the box, so the product is bigger, smarter, and faster with every experience.”

The predictive aspect of the technology was referred to in the Protective Intelligence & Threat Assessment Investigations Guide.

Examining behavioral patterns, a person has a likelihood of x% and needs some action taken. Based on casework they have predictive analysis.

“We have so much data about cybercrime, and yet no one has taken that data, shoved it into the back end of a technology, and said, ‘here’s what is likely to happen,’” Pogue said. “We understand what organizations have been breached and how they’ve been breached. We also have pen testers who know how to breach targets. We have the attackers’ playbook.”

There are only so many ways to move from initial point of entry to data harvesting. Having conducted 1500 investigations, Pogue knows what those ways are. So his team will take that information and add methodology that’s already been developed by law enforcement, to develop markers.

Take for example an organization of a certain size and in a certain industry. Others of that size in that industry have been breached.

Provided it’s not currently or coming out of an attack, it’s possible to assess the likelihood of an attack.

“We’re spending all of this money checking boxes on GRC regimes – SOX, PCI, whatever… at conferences, on technologies, and tools and vulnerability management. Is anyone looking at the techniques attackers are using?” he asked. “All of this stuff we’re doing on the periphery is white noise. We need to know if that vulnerability can be exploited by an attacker to gain access to our system. I want to focus my time and energy on stuff I KNOW an attacker can use against me. THAT’s where our focus should be.”

The Nuix North American team Pogue has assembled consists of a pen tester, a malware researcher, and forensic investigator. The team is combining its collective expertise with the OEM engine, a proven track record in eDiscovery, and forensics.

“We’re focusing on how to snap both components together,” Pogue said. “I think it’s going to breathe new life into the security industry. We can sniper rifle focus on what we know is part of an attack sequence. It’s tried, tested, and proven faster than anything else in our space. The true hook that makes it 10 or 20 times better than anything we’ve seen is the infusion of intelligence. It’ll be far beyond even what I’m anticipating.”