Monday, April 1, 2013

Cyber 3.0 - Where the Semantic Web and Cyber Meet

by John Trobough, President, Narus

The term “Cyber 3.0” has been used mostly in reference to the strategy described by U.S. Deputy Defense Secretary William Lynn at an RSA conference. In his Cyber 3.0 strategy, Lynn stresses a five-part plan as a comprehensive approach to protect critical assets. The plan involves equipping military networks with active defenses, ensuring civilian networks are adequately protected, and marshaling the nation’s technological and human resources to maintain its status in cyberspace.

Cyber 3.0 technologies will be the key to enable such protection, and is achieved when the semantic Web’s automated, continuous machine learning is applied to cybersecurity and surveillance.

Cyber 3.0 will be the foundation for a future in which machines drive decision-making. But Cyber 3.0’s ability to deliver greater visibility, control and context has far-reaching implications in our current, hyper-connected environment, where massive amounts of information move easily and quickly across people, locations, time, devices and networks. It is a world where human intervention and intelligence alone simply can’t sift through and analyze information fast enough. Indeed, arming cybersecurity organizations with the incisive intelligence afforded by this machine learning means cybersecurity incidents are identified and security policies are enforced before critical assets are compromised.


In order to stress the full weight of the meaning of Cyber 3.0, it is important to first put the state of our networked world into perspective. We can start by stating categorically that the Internet is changing: Access, content, and application creation and consumption are growing exponentially.

From narrowband to broadband, from kilobits to gigabits, from talking people to talking things, our networked world is changing forever. Today, the Internet is hyper-connecting people who are now enjoying super-fast connectivity anywhere, anytime and via any device. They are always on and always on the move, roaming seamlessly from network to network. Mobile platforms and applications only extend this behavior. As people use a growing collection of devices to stay connected (i.e., laptops, tablets, smartphones, televisions), they change the way they work and collaborate, the way they socialize, the way they communicate, and the way they conduct business.

Add to this the sheer enormity of digital information and devices that now connect us: Cisco estimates that by 2015, the amount of data crossing the Internet every five minutes will be equivalent to the total size of all movies ever made, and that annual Internet traffic will reach a zettabyte — roughly 200 times the total size of all words ever spoken by humans2. On a similar note, the number of connected devices will explode in the next few years, reaching an astonishing 50 billion by 20203. By this time, connected devices could even outnumber connected people by a ratio of 6-to-14. This interconnectedness indeed presents a level of productivity and convenience never before seen, but it also tempts fate: the variety and number of endpoints — so difficult to manage and secure — invite cyber breaches, and their hyper-connectivity guarantees the spread of cyber incidents as well as a safe hiding place for malicious machines and individuals engaged in illegal, dangerous or otherwise unsavory activities.


Cyber is nonetheless integral to our everyday lives. Anything we do in the cyber world can be effortlessly shifted across people, locations, devices and time. While on one hand, cyber is positioned to dramatically facilitate the process of knowledge discovery and sharing among people (increasing performance and productivity and enabling faster interaction), on the other, companies of all sizes must now secure terabytes and petabytes of data. That data enters and leaves enterprises at unprecedented rates, and is often stored and accessed from a range of locations, such as from smartphones and tablets, virtual servers, or the cloud.
On top of all this, all the aforementioned endpoints have their own security needs, and the cybersecurity challenge today lies in how to control, manage and secure large volumes of data in increasingly vulnerable and open environments. Specifically, cybersecurity organizations need answers to how they can:

• Ensure visibility by keeping pace with the unprecedented and unpredictable progression of new applications running in their networks

• Retain control by staying ahead of the bad guys (for a change), who breach cybersecurity perimeters to steal invaluable corporate information or harm critical assets

• Position themselves to better define and enforce security policies across every aspect of their network (elements, content and users) to ensure they are aligned with their mission and gain situational awareness

• Understand context and slash the investigation time and time-to-resolution of a security problem or cyber incident

Unfortunately, cybersecurity organizations are impeded from realizing any of these. This is because their current solutions require human intervention to manually correlate growing, disparate data and identify and manage all cyber threats. And human beings just don’t scale.


Indeed, given the great velocity, volume and variety of data generated now, the cyber technologies that rely on manual processes and human intervention — which worked well in the past — no longer suffice to address cybersecurity organizations’ current and future pain points, which correlate directly with the aforementioned confluence of hyper-connectivity, mobility and big data. Rather, next-generation cyber technology that can deliver visibility, control and context despite this confluence is the only answer. This technology is achieved by applying machine learning to cybersecurity and surveillance, and is called Cyber 3.0.

In using Cyber 3.0, human intervention is largely removed from the operational lifecycle, and processes, including decision-making, are tackled by automation: Data is automatically captured, contextualized and fused at an atomic granularity by smart machines, which then automatically connect devices to information (extracted from data) and information to people, and then execute end-to-end operational workflows. Workflows are executed faster than ever, and results are more accurate than ever. More and more facts are presented to analysts, who will be called on only to make a final decision, rather than to sift through massive piles of data in search of hidden or counter-intuitive answers. And analysts are relieved from taking part in very lengthy investigation processes to understand the after-the-fact root cause.

In the future, semantic analysis and sentiment analysis will be implanted into high-powered machines to:

• Dissect and analyze data across disparate networks

• Extract information across distinct dimensions within those networks

• Fuse knowledge and provide contextualized and definite answers

• Continuously learn the dynamics of the data to ensure that analytics and data models are promptly refined in an automated fashion

• Compound previously captured information with new information to dynamically enrich models with discovered knowledge

Ultimately, cybersecurity organizations are able to better control their networks via situational awareness gained through a complete understanding of network activity and user behavior. This level of understanding is achieved by integrating data from three different planes: the network plane, the semantic plane and the user plane. The network plane mines traditional network elements like applications and protocols; the semantic plane extracts the content and relationships; and the user plane establishes information about the users. By applying machine learning and analytics to the dimensions extracted across these three planes, cybersecurity organizations have the visibility, context and control required to fulfill their missions and business objectives.

Visibility: Full situational awareness across hosts, services, applications, protocols and ports, traffic, content, relationships, and users to determine baselines and detect anomalies

Control: Alignment of networks, content and users with enterprise goals, ensuring information security and intellectual property protection

Context: Identification of relationships and connectivity among network elements, content and end users

Clearly, these three attributes are essential to keeping critical assets safe from cybersecurity incidents or breaches in security policy. However, achieving them in the face of constantly changing data that is spread across countless sources, networks and applications is no small task — and definitely out of reach for any principles or practices that rely even partly on human interference. Moreover, without visibility, control and context, one can never be sure what type of action to take.

Cyber 3.0 is not a mythical direction of what “could” happen. It’s the reality we will face as the Web grows, as new technologies are put into practice, and as access to more and more devices continues to grow. The future is obvious. The question is: How will we respond?

By virtue of machine learning capabilities, Cyber 3.0 is the only approach that can rise to these challenges and deliver the incisive intelligence required to protect our critical assets and communities now and into the future.

About the Author

John Trobough is president of Narus, Inc., a subsidiary of The Boeing Company (NYSE: BA).  Trobough previously was president of Teleca USA, a leading supplier of software services to the mobile device communications industry and one of the largest global Android commercialization partners in the Open Handset Alliance (OHA). He also held executive positions at Openwave Systems, Sylantro Systems, AT&T and Qwest Communications.

About the Company

Narus, a wholly owned subsidiary of The Boeing Company (NYSE:BA), is a pioneer in cybersecurity.  Narus is one of the first companies to apply patented advanced analytics to proactively identify cyber threats from insiders and outside intruders. The innovative Narus nSystem of products and applications is based on the principles of Cyber 3.0, where the semantic Web and cyber intersect. Using incisive intelligence culled from big data analytics, Narus nSystem identifies, predicts and characterizes the most advanced security threats, empowering organizations to better protect their critical assets. Narus counts governments, carriers and enterprises around the world among its growing customer base. The company is based in the heart of Silicon Valley, in Sunnyvale, California.

CyrusOne Builds Texas Internet Exchange (IX)

CyrusOne introduced its Texas Internet Exchange (IX), an on-net platform deployed across its data centers in Austin, Dallas, Houston and San Antonio.

The exchange uses redundant Brocade MLXe Series switches, which enable high-density, 10-Gigabit Ethernet (10GigE), and 100-Gigabit Ethernet (100GigE) connections, enabling huge traffic exchanges at line-rate speeds. At the optical transport layer, CyrusOnes is using Infinera DTN digital optical platforms that have rapidly scalable point-to-point transport at up to 2.5-terabit speeds.

The company said its platform enables hot-hot production or disaster recovery operations to occur MPLS ports or dedicated optical waves for interconnection failover between metro areas with online carrier selection via CyrusOne automation tools.

“Using the CyrusOne Texas IX platform frees customers from the constraint of having to choose solely between telecom carriers housed within a specific physical facility,” said Josh Snowhorn, vice president and general manager of Interconnection for CyrusOne. “Now, customers can identify and configure connections with any provider or partner at any connected facility. Customers who choose to deploy on the CyrusOne Texas IX gain significant advantages in performance, efficiency, and workflow continuity. No matter what kind of scalability the customer chooses, this solution is built to deliver superior capabilities and return on investment when connections are required within a metro area or city-to-city.”

CyrusOne currently operates 24 data centers worldwide.

FCC to Review Cell Phone RF Exposure Limits

The FCC will undertake a review of rules  related to health and safety of radio frequency (RF) emissions from radio transmitters.

Specifically, the FCC is opening an inquiry to consider both the currency of its RF exposure limits and possible policy approaches regarding RF exposure so as to determine whether the current rules and policies should remain unchanged, or should be relaxed
or tightened.

More specifically, the FCC said it aims to clarify evaluation procedures and references to determine compliance with current RF limits, including specific absorption rate (SAR) as a primary metric for compliance, consideration of the pinna (outer ear) as an extremity, and measurement of medical implant exposure.

AT&T Reaches Labor Agreement in California and Nevada

AT&T and the Communications Workers of America District 9 reached a tentative labor agreement covering more than 17,000 wireline employees in California and Nevada.

The three year deal, which will be submitted to the CWA's membership for a ratification vote, includes general wage increases in each year of the contract – 2.25 percent effective Oct. 1, 2012, 2.75 percent in 2013, 3 percent in 2014, and 2.5 percent in 2015. It includes a 1 percent pension band increase in each year of the contract for most employees, and expansion to additional employees of a provision that provides qualified surplus employees a guaranteed job opportunity with AT&T. It maintains one of the most robust health care plans in the nation, with increases in employee contributions.

Shehzad Merchant Joins Gigamon as Chief Strategy Officer

Gigamon named Shehzad Merchant as Chief Strategy Officer.

Previously, Merchant served as the CTO at Extreme Networks and prior to that as the co-founder and VP of Products at Polytime Systems. Merchant has also held various senior architectural and research roles at Allied Telesyn, Nevis Networks and SRI.

Proximal Data Raises $2M for Hypervisor Caching

Proximal Data, a start-up based in San Diego, raised $2 million in Series B funding for its server-side caching solutions specifically designed for virtualized environments.

Proximal Data offers adaptive I/O caching to increase virtual machine (VM) density up to three times. It plugs into hypervisors, such as VMware’s ESXi, and transparently works on all I/O without requiring agents in guest operating systems. By placing hot I/O onto a PCIe flash card or SSD, AutoCache intelligently supplies priority data traffic to VMs.

Funding came from Avalon Ventures and Divergent Ventures.  Proximal has raised $5 million to date.