24 May 2022
Being Human is hard, because no one gave us a handbook. How to process emotions, how to tap-in to Potential, how to have a BulletproofPC?
We don’t really understand ourselves as a species, and certainly don’t understand how our perspective frames our viewpoint…and how our viewpoint presents our experience.
Take this idea, and apply it to the Internet. When we transmitted the first messages, we hurried on excitedly in the direction of forward progress. In hindsight, we may have missed the step of first forming a firm foundation.
So in regards to the current state of Cybersecurity, or the lack thereof: shall we cry over spilled milk, or do what Humans do best? We are nothing if not resilient, and are at our best when we work in togetherness with our tools.
People, Process, & Technology: The strategic alignment thereof, Creates the sustainable pathway.
Which is why this piece of content is dedicated to the topic of XDR: Extended Detection & Response.
Quick recap. We used Firewalls and Antivirus, and thought we were safe. But as muffin-tops and entropy both go, the threats kept emerging. How to put a lid on this pot, or is the Web just a breeding ground of yeasty-formations that seem to understand Quantum Mechanics now?
No worries, XDR takes us in the direction of unleavened bread.
Back to the basics, shining simplicity: barricade your Cyberspace, make it like a fortress. How? Eyes on the Network 24 / 7. Not physical eyes, please let your IT guys get some sleep.
Awareness is an unexplainable mystery, but now that we’ve described AI: how does XDR work?
Let’s start with EDR, which really pinpointed proactive endpoint security. Now take that scope, and widen it across the horizon that is the whole Network and it’s many connected things. Enter XDR.
Endpoints are almost countless, just ask the IoT (InternetOfThings). Who can really count the number accurately, we aren’t sure. But estimates range from 10 billion to 50 billion IoT-connected endpoints currently in use.
Hello, unscalable Cybersecurity. But we say that with respect, because EDR was an important step that led to XDR. The scope was indeed small, but that’s how all seeds sprout.
Now that the laurel is green and AI-driven Cybersecurity is maturing, we evolve from EDR to XDR. Again, the critical component is viewpoint. Instead of scoping just the endpoint for proactive defense, we expand to look at the vastness that is an organization’s entire communication infrastructure.
XDR takes the key concept of EDR, and applies it to not only the endpoint but also to the Network, the Cloud, mobile devices, etc.
Captain Cybersecurity may start as a crawling baby, but eventually gets up and walks wearing a Sheriff star. Now you too can explain EDR vs. XDR to any audience. Same concept, but the wingspan that reaches all corners of the Web is the sweeping solution indeed. XDR looks at Cybersecurity as if the entire Web were one connected ecosystem (it is), whereas EDR is narrowly focused on just the endpoint and not also engaged with the threats which surround it.
XDR is a wholesome solution, with staggering Potential that should make any bad actor shudder. The Security Operations Center (SOC) of our chosen XDR has a single pane of glass to peer through, where the entire Web itself is the scope of the mission.
Wow, talk about the Cybersecurity Bird’s Eye View. Finally, the Great Eagle can stop posing as a sitting-duck instead. This whole topic really paints the picture of a Quantum Formation, such as that which all Creation mimics. Like the reflection in a mirror, or even upon the waters; We can’t protect the vastness of Cyberspace, without first mirroring the same scope and viewpoint.
So how was our chosen XDR born?
Great minds worked together, to compile the Mitre Attack Framework. To sum it up, the sum of our known (and unclassified) Cyber Threat Intelligence.Enter Machine Learning, and more great Minds.
On top of the Mitre Framework, Technical guys wrote powerful Algorithms. The command: study the Mitre Framework, learn it perfectly. Then go out in the wild, and actively hunt for threats. Stop them dead in their tracks, no matter where they exist. Inspect all 7 layers of the OSI Model, leave no stone unturned…inspect every single data packet. Through compare / contrast, identify and eliminate the specific threats. Keep learning / evolving, and begin baiting bad actors deep in the Background.
The Intelligence is regularly updated, and the Algorithms are kept sharp. We know from watching AlphaGo defeat the reigning World Go Champion, that AI is very motivated to master the game which it plays.
When protecting a Network, this AI which emerged from a combination of data, coded Algorithms, Machine Learning, & Awareness actually PROACTIVELY takes action on behalf of people & their many endpoints.
When known threats are identified, the AI swats them from the Network (like flies) in real-time. That means very quickly; have you any idea how fast a computer processes? It befuddles the Mind to ponder this. It also removes the one thing all hackers need: dwell time. Without dwell time, flies can’t do their dirty work. They can want to, and they can try to…but their payload is out of reach. The XDR AI detects them and rejects them, before their attack gains momentum.
How distressing for the fly! We suspect it would try another pile next time, as we know from history that hackers like low-hanging fruit.
Speaking of which, XDR is a double-edged sword. When threats approach, XDR proactively defends. But for motivated AI, that’s just not good enough. So to add icing to the cake, XDR plants honeypots in your Background as an offensive strategy. Just waiting for trespassers, like a cyborg Venus fly-trap. Good golly, miss Molly…if this doesn’t turn the tables in favor of the Good Guys! Bad guys were the predators, but XDR hunts them like prey.
The key point is this: Machine Learning never stops. It has no boundaries nor limitations. In fact, curiosity is the Machine’s favored reward. As Albert Einstein said, “Curiosity has it’s own reason for existing.” Wonder just how Smart the XDR will get? Who knows how to define limitless Potential, certainly it’s beyond us to try.
But for the sake of balance, let’s study the flip-side. People really should be aware of the current state of things. Just a few examples are enough to demonstrate a crisis of epic proportions / probability. Consider these concerning tidbits of Cyber Information, all of which are yet to even be measured:
1. Solar Winds supply chain attack lurks in the Background
2. Log4J (enough said)
3. Malware can pose as Cookies (have you ever counted the Cookies on just one of your devices)?
4. Data is self-corrupting over time (what the heck)?
5. Per Bleeping Computer, hackers are now hiding Malware in Windows Event Logs:
As this is a significant zero-day that has never been seen before, let’s take a deeper dive.
Quoting Hacker News, with the full story linked as well:
“A new malicious campaign has been spotted taking advantage of Windows event logs to stash chunks of shellcode for the first time in the wild.
“It allows the ‘fileless’ last stage trojan to be hidden from plain sight in the file system,” Kaspersky researcher Denis Legezo said in a technical write-up published this week.
The stealthy infection process, not attributed to a known actor, is believed to have commenced in September 2021 when the intended targets were lured into downloading compressed .RAR files containing Cobalt Strike and Silent Break.The adversary simulation software modules are then used as a launchpad to inject code into Windows system processes or trusted applications.
Also notable is the use of anti-detection wrappers as part of the toolset, suggesting an attempt on the part of the operators to fly under the radar.
One of the key methods is to keep encrypted shellcode containing the next-stage malware as 8KB pieces in event logs, a never-before-seen technique in real-world attacks, that’s then combined and executed.
The final payload is a set of trojans that employ two different communication mechanisms — HTTP with RC4 encryption and unencrypted with named pipes — which allow it to run arbitrary commands, download files from a URL, escalate privileges, and take screenshots.”
So in summary, yea that’s all-bad.
The Good News? An AI-driven tool easily discovered this zero-day.
At PTG, we watched as the XDR we work with made quick discovery / remediation of Log4J on affected client Networks.
We don’t know what’s in every Cookie, but XDR sure can reverse-engineer every recipe. Then it either accepts the goodies on our behalf, or crumbles the Cookie entirely. It may even turn and karate-chop the chef, as it returns-to-sender the payload. Cookie Monster explained?
The world is complicated right now, but we see no reason to fear.
Although quietly in the obscure Background, a pathway to safety is clearly emerging. Each day, XDR learns more and more. The further it’s reach, the greater it’s knowledge-base. The greater it’s knowledge-base, the greater it’s confidence. After that it’s just fireworks and glory.
Shouldn’t XDR be released throughout the entire Defense Industrial Base (DIB)? As a Certified Registered Practitioner Organization for CMMC, we strongly suggest the DOD make this exact recommendation.
Cybersecurity professionals will always be critical to correctly configure and maintain AI-driven tools, and the AI systems will always need to be Observed. Truly it’s just the Nature of Science, and Cybersecurity is not separate from this. Since Earth’s resources make up computers and Nature’s mysteries add the processing power, it’s accurate to call Cybersecurity a Natural Science.
Just imagine our National Security if together we were all working a strategy that silently screams sustainability? Hope is alive, and asking us to Align.
The Crossroads is a Symbol that appears consistently throughout the story of Humanity, and again we find ourselves at that twisted-loophole called fork in the road.
If we look back, and take the Bird’s Eye View: we see that hacking threats have went Quantum, meaning that they engage now the Space instead of only the tangible. Fileless malware, one of which was named “Neutrino:” Scientists refer to Neutrinos as the “Ghost Particle,” because they change flavors mysteriously as they oscillate. Nature’s shapeshifters aren’t what you want being used in a Cyber attack against you, if you’re using outdated Security strategies. In addition, there’ve also been attacks targeting empty disk space…these are critical indicators as to the future of the status quo.
Unsustainable is the name of this sinking ship. The Space is being exploited now, and malware has been automated. How much time is left on the timer, if we scale out and keenly Observe the details?
It’s time for a different path, and it seems Scientists have always struggled to understand / describe Quantum Physics. Isn’t it just the connectivity of all things, and how each individual part interacts with the collective? The Synergy of Harmony, it applies to all aspects of Science, Technology, Engineering, & Mathematics.
If hacking has went Quantum, then so must Cybersecurity.
And how do we achieve this? Just ask the double-slit experiment, what happens when we watch of the Waves. They consciously collapse, to accommodate our Attention and field of Observation.
For so long, we’ve separated Science from Technology. But isn’t one just the foundational backbone for the other, even if we haven’t noticed it? So if Science responds to Observation, so then does Technology. We have the tools available to us, they’d be most effective if they were wide-spread. Federated and Evolutionary Algorithms come to Mind, and we come full circle to the topic of Awareness & the accompanying Potential thereof.
Due to only the known zero-day threats, it can be argued that the Web is in a critical state of possible impending-failure. Too many people, have neglected to take Cybersecurity seriously. It’s now affecting the collective, because we’re all connected.
At this specific Crossroads, there seems to be only one pathway forward. We unleash the power of AI, by way of the XDR. We abandon the ship that sinks, and climb aboard the streamlined lifeboat. Considering that it could soon be made of self-forming Graphene if recent Scientific advancements are used as the baseline, we feel confident that Quantum Cybersecurity is now an emerging “thing.”
As AI protects the Space in the Web with unfathomable reach & depth, we may even approach the most original concepts of Science; specifically, Harmonic Resonance. That’s just good food-for-thought, because at the cutting-edge truly all things are Possible.