On this page, you will learn about the hot tools and technologies that are making the headlines in cyber security.
We’ve also included a list of Universities that are doing cutting-edge research in cyber security and new fields. You will only find the best schools on this page but that doesn’t mean these are the only ones. In order to find more schools, you can get involved with your network and learn about different technologies and where to learn them from.
Why New Technologies Are Necessary
The old methods of protecting system networks from threats are dying. A lot of computer system technologies are aging. Cyber security professionals have to deal with all new kinds of threats that include mobile/wireless technology, wearables, cloud computing and the all new tougher internet.
2013 may be remembered as the “year of the retailer breach,” but a comprehensive assessment suggests it was a year of transition from geopolitical attacks to large-scale attacks on payment card systems. – Verizon 2014 Data Breach Investigations Report.
Hackers and cybercriminals are getting smarter by the day and they have learned to use high end technology. They now use technologies and techniques like:
- Memory scraping malware on POS systems(point of sale)
- MIM (man in middle) attacks that allow them to eavesdrop on data conversations
- Bespoke attacks that are designed to steal very specific data (they no longer have to compromise entire systems)
- Google Glass and various other spying software that allows them to track fingerprint movements specifically on touchscreen devices
”Though dismaying statistics for government officials, the news is catalyzing IT entrepreneurs and venture capitalists to launch startups to meet demand. Research group PrivCo noted companies in the cybersecurity sector jumped by nearly 60 percent in early stage funding from 2012 to 2013, and worldwide, listed investments at $244 million.” – 12 Startups Poised to take on the Latest Cybersecurity Threats.
In short, it means that anti-virus software, tool based security and firewalls are no longer able to deal with threats. Gartner put out a report that predicted ‘by 2020, 60% of all digital businesses will go through major service failures because their IT security team will be unable to manage digital risk in new technologies’.
For these, demand of new services is high and implementation should immediately start.
Next Generation Breach Detection
The Problems Faced
With ‘Zero-Day’ exploits, hackers are now capable of establishing a foothold and mind data from systems and networks for months. This can include credit card details and other sensitive user credentials.
To come up with technologies that merge behavioral analytics with machine learning that helps in detecting breaches that lead to the source.
Many hackers in the past few years have started employing bespoke attacks on networks and systems. This attack allows them to cleverly analyze the defenses of a system before launching an attack on the weak areas. Because of volume, variety, velocity of big data, many companies are simply not aware that their systems have been taken over.
Next generation breach detection doesn’t care what happens before the attack, it doesn’t focus on the defenses, instead it focuses on what to do once the hackers have breached the system. Using behavioral analytics (see below), it adds more tools that help in identifying the breadcrumbs the breach leaves behind.
”The initial intrusion in a typical breach scenario takes minutes to a few hours — in some rare cases, days. The real damage, however, occurs after hackers get around the first line of defense, making new, after-the-fact breach-detection efforts so critical. Once inside a target, it’s like discovering a gold mine. Hackers study their victim’s internal network, carefully extend their foothold and then begin mining the valuable data they find for months, if not years, before being detected — usually by accident.” Why Breach Detection Is Your New Must-Have Cyber Security Tool.
High end breach detection tools are capable of picking unusual movements within the sea of data that allows it to determine something is very wrong within the data.
Context-Aware Behavioral Analytics
The Problem Faced
Many companies state they are being overwhelmed with security alerts that mean nothing.
By using sophisticated behavioral analytics, identify and monitor any suspicious transactions or behavior.
But what is unusual behaviour?
Imagine millions of files being downloaded after getting access to super roots of the system, or any large abnormal file movement throughout a POS infrastructure.
Context-aware behavioral analytics are founded on the principles mentioned above.
Behavioral analytics can be helpful in the following context in which how the data is being used:
Third Party Big Data – when someone sets up a fake business with a full list of employees to gain credentials of their consumers, big data analytics can help in alerting the companies that this fake company has been set up in a area with very low population, which is unusual.
Mobile Location Tracking – If a mobile device starts to log into several accounts from an unfamiliar location, it is an unusual behavior that can be detected using behavioral analytics.
Bioprinting – bioprint markers are the behavioral inputs of users. It keeps an eye on how quickly someone types or clicks on a mouse. Several companies are also using something called the phone printing. This helps them analyze acoustic information that identifies spoof calling.
External Threat Intelligence – Intelligence is all about seeing if contractors and competitors are being target or certain accounts are associated with some kind of fraud. It also sees if the hackers are using the same IP blocks over a multitude of attacks.
Behavioral Profiles – We all have habits, this is why many companies are now creating something they like to call behavioral profiles of their clients, users, accounts or contractors. They constantly monitor the behavior changes of accounts from device to device and month to month. If the behavioral changes are different from past, the companies can issue a warning regarding security.
”In a session titled “Winning the Breach War with Behavioral Analytics,” Litan explained that many large organizations are flooded with security alerts to the point that the alerts become meaningless. Security teams at Comcast, she said for example, were receiving more than 100,000 security alerts per hour at one point. Litan noted the giant telecom managed to trim that number down to 100 such alerts per hour by focusing on context aware behavioral analytics.” Avoiding Data Breaches With Context Aware Behavioral Analytics.
SAML & The Cloud
The Problem Faced
BYODs and all cloud based applications are not protected by traditional security measures or firewalls.
By merging SAML with intrusion and encryption detection technology, you can regain the control of traffic.
Security Assertion Markup Language (SAML) is XML based open standard data format that is actively used for exchanging authorization and authentication between two or more parties. It isn’t a protective method on its own. Several companies are combining it with SSO, intrusion and encryption detection technologies to help protect the data that is in cloud.
‘’ Finally, whether you’re using SAML now or not, it’s a good idea to try to use cloud services that enable SAML. Once you’ve got a few cloud services, you may want to adopt a single sign-on solution.’’ Simple setup SAML boosts Security Tableau Online.
One of the companies that took necessary steps to protect SAML is BitGlass. They studied the rise of BYOD (Bring Your Own Device) movement and Salesforce, GoogleApps etc and then came up with a solution. You can read more about what BitGlass Designed.
Using this, all data can be confined in the cloud. An alert system is installed which immediately sends out a notification to companies of any failed events, suspicious activities and unexpected failed log-ins. Moreover, if any employee’s device is stolen, security professionals within the company can immediately erase all corporate data without touching the personal data of the user.
Virtual Dispersive Networking (VDN)
The Problem Faced
MiM attacks are on the rise. They target intermediate nodes and crack traditional encryption technologies.
Divide the message into different parts and then proceed to encrypt them and then route them through different protocols on independent paths.
Man in the Middle attacks (MiM) allow hackers to monitor, inject or alter messages into a running stream of communication channel and is becoming increasingly tough to deal with. Data that was once deemed encrypted can now be easily broken with parallel processing power. Not even Virtual Private Networks (VPNs) and SSL can fully or always protect against messages that travel between intermediary pathways.
This is where the use of Virtual Dispersive Networking (VDN) is needed.
Dispersive Technologies can not only split up a single message into several different simultaneous parts, but it can encrypt each component message separately and even route them over different protocols following independent paths. “We put routing on servers, computers, even mobile phones,” explains Twitchell. No longer must organizations rely upon firewalls to ensure message security, as now any device anywhere on the Internet can serve as a “deflect,” Dispersive’s term for one of these impromptu routing devices. – Cybersecurity: Turning The Tide On Hackers With Dispersive Technologies.
VDN divides the message into multiple parts then encrypts these parts and routes them over servers, devices and computers separately.
This leaves the hackers unable to find the data they need in the cloud, data centers or even the internet. To battle cyber attacks from attacking a vulnerable point in the technology, a switch is there which connects two endpoints together. These endpoints must be connected to the switch in order to initiate any secure communications. Dispersive technology has a very well hidden switch that uses VDN. This makes it even harder to be found.
Smart Grid Technologies
The Problem Faced
Critical infrastructures have been left vulnerable to attacks because of field devices and smart meters.
Bring in new security measures and standards to tackle the problem.
A 2014 Smart Grid System Report by DOE listed down few important points about this:
- To enhance grid operations, modernization within the system of distribution includes deployment of communications, sensor and control technologies.
- It was estimated that by the end of 2105, 65 million meters would be installed throughout the country.
- Customer based technologies like web portal, programmable thermostats and in home displays are becoming popular.
When new technology advancements are introduced, it can create vulnerability in digital security. It should come as no surprise that hackers would love to attack and take down infrastructure that involve in supplying the country’s oil, gas and electricity.
To respond to these threats, the DOE is busy working on introducing new strategies and tools to help protect the energy sector. These include:
- SIEGate – Secure Information Exchange Gateway is an information protocol providing cyber security protections for any information sent over a synchrophasor network on transmission system. It is being handled and developed by Grid Protection Alliance in partnership with Northwest National Laboratory, AREVA, University of Illinois, T&D and PJM.
- Padlock – Schweitzer Engineering Laboratories developed this security measure. It is a cyber security gateway that can establish encrypted communication between field devices and central stations. The design assures detection of digital and physical tampering. The Padlock was developed in partnership with Sandia National Laboratories and Tennessee Valley Authority.
- NetAPT – NetAPT is developed by University of Illinois. It is a software tool that helps utilities in mapping their control system communication pathways. It allows the completion of compliance audits and vulnerability assessments within minutes.
- Watchdog – Schweitzer Engineering Laboratories is behind Watchdog. It is a managed switch that carries out deep packet inspection for control system LAN (local area network) By using whitelist configuration approach, it is able to find out about a set of allowed and known communications.
‘’Next Generation Secure, Scalable Communication Network for the Smart Grid – Oak Ridge National Laboratory is a developing a wireless technology that is robust, secure, scalable for smart grid applications using an adaptive hybrid spread-spectrum modulation format to provide superior resistance to multipath, noise, interference, and jamming’’. – Resiliency and Security of the Electric Power Delivery System.
‘’Advanced technologies with built-in cybersecurity functions are now being developed and deployed across the grid. For example, research funded by DOE has led to advancements in secure, interoperable network designs, which have been incorporated into several products, including a secure Ethernet data communications gateway for substations, a cybersecurity gateway (Padlock) that detects physical and cybersecurity tampering in field devices, and an information exchange protocol (SIEGate) that provides cybersecurity protections for information sent over synchrophasor networks on transmission systems.’’ – Smart Grid System Report 2014
DOE is hard at work laboring projects like automated vulnerability detection, next generation secure and scalable communication networks, a tool suite for situational awareness and bio-inspired technologies.
Active Defense Measures
The Problem Faced
Cyber Criminals and Hackers are becoming more and more aggressive.
Use counter attacks – the use of techniques that can help find or even attack the hacker back.
Active Defense Measures is something of a controversial topic when it comes to cyber security. The concept is very simple, you fight the hackers with fire instead of waiting for them to come and attack you.
Active Defense Measures include the following examples:
Honeypots – honeypots take the classic bait and trap approach. Cyber security professionals set up an isolated computer, network or data site as a bait for hackers. Moreover, security analysts study the complexity of Black Hat tactics, catch spammers, prevent massive scale attacks etc. These measures have been around since 1999, but continue to grow and become sophisticated as technology advances.
Counter-intelligence Gathering – In this scenario, a cyber security professional takes the role of a secret agent and goes undercover to gather information about tools and techniques the hackers are using. The methods used to do this can both be simple and complex in nature. For example, you could cloak your identity and go through internet malware storefronts, or just do a simple reverse malware analysis.
Retaliatory Hacking – like the name suggest, this security measure is all about becoming the hacker and attacking back. But this is considered unethical largely because you will be forced to take down innocent third party infrastructure. Also your hackers can retaliate with a bigger force for revenge. This makes this method highly risky.
Another method came into limelight when Edward Snowden leaked information stating that NSA was busy working on an automated program that used algorithms to go through repositories of metadata and block and identify malicious network traffic. This was called the MonsterMind. It is also capable of launching back attacks at the server that is trying to breach or attack.
“Active defense is happening. It’s not mainstream. It’s very selective,” said Tom Kellermann, chief cybersecurity officer for Trend Micro and a former member of President Obama’s commission on cybersecurity. Then Kellermann added, as if by reflex, that he and his company would never do it: “For you to hack back, you actually put at risk innocents.” – Cyberattacks Trigger Talk Of Hacking Back
‘’Does the CFAA, prohibit counterhacking? The use of the words “may be illegal,” and “should not” are a clue that the law is at best ambiguous. . . . [V]iolations of the CFAA depend on “authorization.” If you have authorization, it’s nearly impossible to violate the CFAA . . . [b]ut the CFAA doesn’t define “authorization.” . . . The more difficult question is whether you’re “authorized” to hack into the attacker’s machine to extract information about him and to trace your files.’’ – Cyber Security Active Defense: Playing With fire Or Sound Risk Management.
There is no doubt that using Active Defense Measures can be highly risky. For example, if you decide to infiltrate a hacking community, you will be required to provide your identity and may even have to prove yourself worthy by actively taking part in illegal projects.
With these in mind, the ADM is only going to get more controversial, so seek advice before attempting these security measures.
Early Warning Systems
The Problem Faced
Hacking vulnerable servers and websites is rapidly rising.
Come up with an algorithm that is able to find out which servers or sites are likely to be hacked in the future.
The idea of creating such algorithm is still in the very early stages but it is still worth noting down. Researchers at Carnegie Mellon created a ‘classifier’ algorithm using data mining techniques and machine learning. It is capable of predicting which servers are likely to become malicious next.
In order to test their algorithm, the researchers Nicolas Christin and Kyle Soska released it to 444,519 websites that were archived in WayBack Machine. Over the period of a year, their tool’s finding was 66% accurate while returning a 17% false positive rate.
‘’Although the classifier has already looked at almost 5 million web pages, it’s eventually going to target the entire Internet, even as it expands and changes drastically over time.’’ – Carnegie Mellon researchers create Big Data tool to predict cyber attacks.
Basically, the algorithm is based on the premise that all websites that are vulnerable share the same kind of characteristics that make them unsafe. The algorithm takes the following characteristics in mind:
- The traffic statistics of the website
- The structure of the webpage
- The software installed
- The filesystem structure
Many other relevant features across the website are taken in hand and if it is found that these are common denominators that are known to be part of other malicious websites in the past, it returns the results then steps to prevent hacks can be made. The algorithm instantly warns the website administrators to take action and as well as blocks search engines from indexing or returning results of the page.
‘’To train our classifier, we must have ground truth on a set of websites—some known to be malicious, and some known to be benign. Confirmed malicious websites can be obtained from blacklists’’ – Automatically Detecting Vulnerable Websites Before They Turn Malicious.
What’s even better is that this algorithm was designed from scratch to adapt to newer threats. The more it absorbs the data, the more accurate it becomes.
Research Initiatives By Universities
George Washington University
George Washington University is an NSA CAE IA/CD Institution that is in close proximity to the federal government. In addition to offering certificates, the University also offers undergraduate and graduate level degrees in Cyber Security.
It has two security institutes worth noting:
- Homeland Security Policy Institute (HSPI) – This nonpartisan institute focuses on creating bridges between practice and theory of homeland security. Regular policy reports and as well as journal articles are published on cyber security threats and issues. Many security symposiums and conferences are also held.
- Cyber Security Policy and Research Institute (CSPRI) – Working hand in hand with the government and private organization, the CSPRI promotes interdisciplinary policy analysis and technical research of cyber security threats and issues. PrEP: A Framework for Malware & Cyber Weapons, Privacy and Civil Liberties Project, developing code for Medical Software Security are few of the current research projects by CSPRI.
MIT has a very good reputation when it comes to IT research mainly because it has a history of Nobel Laureates and having received the National Medal of Science.
Their initiatives include:
- Lincoln Laboratory – The Lincoln Laboratory was set up in 1951 as a Department of Defense research and Development Laboratory. It conducts research and development related to critical national security. There are a large number of different cyber security projects involved.
- The Computer Science and Artificial Intelligence Laboratory (CSAIL) – It is responsible for developing the RSA cryptography algorithm that helps in protecting online financial transactions. The CSAIL is world renowned laboratory that is also responsible for developing any future architectures and infrastructures of IT, including cyber security. It is also the largest research laboratory within the university.
- Geospatial Data Center – In order to enhance the security of the national information infrastructure, the GDC researches new technologies. It is currently working on projects that include cyber physical security, large-scale simulation, holistic system data visualization and big data.
MIT also received a grant of $45 million for research from the Hewlett Foundation which it chose to use for immediate policy concerns such as medical and financial data.
Carnegie Mellon University
Carnegie Mellon University has a strong reputation in cyber security research thanks to its researchers that developed the ‘Classifier’ algorithm (mentioned above in the Early Warning Systems Section). CMU is an NSA CAE IA/CD institution that offers different graduate and undergraduate programs in cyber security and information assurance. PhD program is also available. The CMU was also awarded $5.6 million grant in 2014 through the CyberCorps SFS program.
It’s initiatives include:
- Cylab – Being a cross disciplinary security initiative, Cylab was formed to make a connection between university faculty, public private partnerships, graduate students and industry partners to research and work on bringing new security technologies.
- Software Engineer Institute (SEI) – sponsored by the U.S. Department of Defense, the SEI is a world famous federally funded research and development center (FFRDC). It sponsors conferences and hosts the CERT division as well as providing training programs that are widely recognized in the world.
- Picoctf – a collaboration between Team Daedalus of the Entertainment Technology Center and Carnegie Mellon’s Plaid Parliament of Pwning (PPP), the Picoctf is a computer based security contest that is targeted towards the middle and high school students.
University Of Illinois At Urbana-Champaign
The University of Illinois doesn’t have the same high level reputation as other universities like Stanford and MIT, but it has still shown a very solid commitment towards cyber security research. The university’s efforts in universal parallel computing, cloud computing and multi-modal information access are well known.
Their initiatives include:
- Blue Waters – The Blue Waters is popular for being the world’s most powerful super computer. It is open for any sort of scientific research. It was brought forward with the help of joint efforts of UI, Cray, NCSA and Great Lakes Consortium for Computation.
- Coordinated Science Lab – CSL was originally founded as a classified defense laboratory in 1951. Since then, it has become into an innovation hub with high end technology installed. It actively builds next generation IT technologies as well as researches about security threats and issues.
- The Cyber Directorate at the National Center for Supercomputing Applications (NCSA) – The NCSA is equipped with cutting edge computers that can be used by engineers and scientists from across the nation since 1986. The Cyber security Directorate’s specialists and researchers focus on creating advanced cyber security applications such as the incident response and production security at the NCSA.
In 2013, University of Illinois also received a four year $4.2 million grant to renew the Illinois Cyber Scholars Program (ICSSP). This program trains students of cyber security in the latest methodologies and systems.
University of Illinois also has many other computer science research centers which can be viewed here.
Being a neighbor of Silicon Valley, Stanford University has always been at the front of technology research. It has three cyber security centers. The university has also developed a cross-disciplinary effort with University of Michigan and UC Berkeley on the Secure Internet of Things Project. Researchers of the effort will delve into analytics, hardware and software systems and what security measures are needed to protect new technologies of the new world.
The three centers of Stanford University are:
- Stanford Networking Research Center (SNRC) – it is a partnership amongst Silicon Valley Industries and IT corporations. It focuses on three research directions that include internet technologies, wireless access and information services.
- Computer Science Security Lab – This is where most of the things related to cyber security issues happen. Its research projects revolved around web security, cryptographic primitives/protocols and secure voting.
- Center for Internet and Society – it primarily focuses on cyber law. Cyber security is the center of the debate of the emerging legal doctrines in civil rights and technological innovation.
Just like UC Berkeley and MIT, Stanford was awarded $45 million grant in 2014 from Hewlett Foundation. The university chose to us $15 million on the Stanford Cyber Initiative.
University Of California Berkeley
The US Berkeley is a dream come true for anyone who is interested in cyber security research initiatives. The university enjoys strong partnerships and donors to give you lot of choices. UC Berkeley is also one of the three universities to receive the Hewlett Foundation grant in 2014.
The following initiatives are from UC Berkeley:
- The Intel Science and Technology Center for Secure Computing (SCRUB) – it is funded by Intel and is tasked with focusing on turning computer technology secure and safe for the users. Many projects are part of this initiative including software/hardware analytics and architectures and research into mobile computing.
- Center for Evidence-Based Security Research (CESR) – CESR is a joint project with UC San Diego, George Mason University and the International Computer Science Institute. It is responsible for working with economic and social elements of cyber security.
- A Center for Correct, Usable, Reliable, Auditable, and Transparent Elections (ACCURATE) – Funded by the NSF, ACCURATE is a multi institution voting research center. It is tasked with conducting research, issuing reports, and developing educational material.
- Team for Research in Ubiquitous Security Technology (TRUST) – TRUST was originally established as an NSF Science and Technology Center. It is now a well known group that has a number of different interdisciplinary cyber security interests including the science of security, health, financial and physical infrastructures.
- Infiltration of Botnet Command & Control and Support Ecosystems – responsible for looking at botnet problems from all angles. The effort is a joint project between UC Berkeley and UC San Diego.
- Cyber-Defense Technology Experimental Research Laboratory (DETER) – DETER is responsible for operating the Deterlab, which is a controlled test bed facility that helps the researchers experiment with security solutions within a complex and real world environment.
Latest posts by Jake Ciber (see all)
- USA Muni market is slowly paying attention to cyber risks - June 15, 2017
- The cybersecurity industry will face massive worker shortfall by 2022 - June 8, 2017
- Is cybersecurity a threat to our interconnected future? - May 22, 2017