Cybersecurity technology and methods are struggling to catch up with the way organizations build and deploy critical applications today. There is a need for a better approach to protect applications at large, but there is also a critical need to change the way lnfoSec, operations, and networking teams implement security processes and policies within the organization.
To solve critical problems in cybersecurity, CSPi, a 50-year-old U.S.-based security, and IT solutions provider, takes a disciplined approach in providing innovative, highly effective enterprise-wide cybersecurity. It has put its focus squarely on protecting an organization’s most critical data. The firm has a record of achievement—its focus on security solutions started with defense systems, including critical components within AWAC’s radar systems currently deployed across the globe.
Its Myricom® ARC line of intelligent network adapters plays a strategic role in fighting the global war on terror, capturing critical data off the wire for intelligence agencies around the world. There has never been an option for failure in any of the missions the company has taken on. CSPi now brings that same mentality to bear when solving cybersecurity issues.
Most recently, CSPi has been investing in an industry breaches challenge that was not being adequately addressed—namely stopping the loss of PII/PHI as well as other critical data.
“The industry approach to date has been an abysmal failure," stated Gary Southwell, CSPi’s GM of Cybersecurity Products. “There were 1,400 such breaches in the U.S. last year, another new record. Even companies like Equifax, with 172 dedicated security professionals and all the latest tried-and-true security tools, needed months to determine that all of its PII data was breached and gone.”
These cataclysmic failures illustrate a need for a radically different approach. To address it, CSPi first sought to understand the problem. Data from many industry studies all pointed to the key issue: On an average day, an average large company receives almost 5,000 intrusion alerts from their security solutions or tools. There simply is not enough time in the day or trained staff to consistently reliably review them all and identify the breaches that matter.
CSPi's approach with the ARIA Software-Defined Security (SDS) platform centers on two main ideas.
The first is to provide a foolproof means to detect the breach of PII/PHI records that reliably tells exactly which records have been exposed. This can’t be done with logs since they can be turned off by the attacker. It has to be done by wiretapping the network and recording the data streams.
Next, the system has to be able to tell staff when the breach of such PII/PHI data is occurring. We can't rely on humans using tools to find the breaches because this has proven to be unreliable. The ideal security system must also detail which records were exposed and provide evidence if such records were properly protected by encryption for compliance purposes.
The second effort is to make it easier for companies to properly protect the data in the first place with appropriate type and level of encryption. Yet adding encryption to existing, as well as new applications, has been a challenge for most organizations to date.
The first problem: It has been difficult to go into existing systems and add encryption applications on to the host running the production applications without impacting the performance and stability of such applications. There often are not enough free cores available on the servers when the systems are under load to run properly. The second problem is it has been difficult for developers to understand how to build encryption properly into their own new applications and ensure they are properly and safely configured.
CSPi solved both issues with the patented approach provided by its ARIA solution, which provides its own simple connectors that developers can pull down into their applications. These connectors point to encryption applications that run on a CSPi provided PCle NIC card that adds up to 24 additional cores to any server. This not only offloads encryption but runs the functions, including the handling of keys to do the work safely off the server so those keys are not exposed during a breach. The NIC card can handle multiple applications and meets the strictest security standards. The best part is that it can allow encryption to be offloaded and run at wire rate—no matter what the rate of that wire is.
CSPi's ARIA SDS solution also looks to solve the process problem. “If we don't automate the deployment of such tools and generate immediately actionable outputs, we will have failed in our mission to solve these problems,” noted Southwell.
To do this, the company makes its ARIA agents that get deployed inside of the applications and its software running in its intelligent NICs under the control of a central orchestrator. The ARIA software instances beacon out to this orchestrator, which then loads them with their proper configuration—automatically provisioning and activating each instance.
If an instance comes up and the orchestrator does not know what to do, it notifies the lnfoSec team that a new instance has appeared and needs to be dealt with. This stops a critical problem: That lnfoSec often never learns of new DevOps-built applications until its well after they are in production. In this case, they learn about them, as they become active thanks to ARIA.
Breach identification is also fully automated. The system listens for alerts from existing security systems and uses these alerts to trigger a search of the protected assets it is recording. If it sees a match, it generates a file that details the entire conversation that suspicious device or external source has been having with the monitored critical asset and then emails a link to it to the security team.
“Its hard to miss something when the tools tell you,” said Southwell. “Especially when it tells you we have a breach of a critical asset and here is the conversation and the records exposed.” This gives the teams all the data they need to take immediate action. Perhaps the best part is thanks to automation, they know within hours of the PII/PHI breach that it's happening. Not months as is typical with today's methodologies. With three-day notifications to maintain compliance with various regulations becoming the norm, these tools help make a real difference in protecting our PII/PHI.
With this as a backdrop, it's clear that CSPi's ARIA SDS solution is uniquely positioned to transform the way companies perform cybersecurity work.
CSPi will continue to focus on effective ways to protect an organization's critical assets, no matter where the data is accessed, processed and stored. The company has thrived on providing solutions when failure was not an option. Its philosophy gives the industry hope in an environment where, until now, failure has been the norm.