Jurassic Park and Cybanetix: How the evolution of insider threat detection is rewriting the script
Too often, modern-day cyber security incidents are action-packed with dramatic consequences. We have seen the British Library held to ransom1, Florida’s water supply almost poisoned by a hacker2, and PlayStation’s gamers in a real-life battle to protect their personal data3. But, back in 1993, it was a cyber security disaster movie making the headlines: Jurassic Park.
“The most advanced amusement park in the entire world… We spared no expense,” claims its creator, John Hammond. This goes as far as Unix, Jurassic Park’s central operating system, that controls its security, automation and communication.
Amongst the gnashing teeth of the T-Rex and rampaging velociraptors, it is computer programmer Dennis Nedry who is the true threat. Nedry creates a “back door” in Unix, and one centralised control becomes one single point of failure, putting intellectual property — and children’s lives — at risk.
Some thirty years have passed since Spielberg’s dinosaurs roamed the globe’s cinemas, and cyber security has not been left suspended in amber. Instead, we are seeing a dramatic evolution in approaches to insider threat detection and disaster recovery. At Cybanetix, our partnership with Exabeam arms us with machine learning enhanced technology capable of taking on new threats, wherever they emerge from.
With such advances, it’s time to go back to the island and rewrite the script.
The Scene:
A PROGRAMMER PLANTS MALICIOUS CODE TO EXPLOIT VULNERABILITIES.
The Rewrite:
The insider threat is detected by Exabeam’s security information and event management (SIEM) system
“You never had control, that's the illusion.”
Disgruntled programmer Nedry conspires with a rival laboratory and agrees to steal dinosaur embryos in return for $1,500,000.
There are two consequences to Nedry’s corporate espionage: firstly, malicious code is activated to allow him to flee to the East Dock undetected and, secondly, the programmer has a fatal run-in with a dilophosaurus.
Exabeam’s modern-day IT access monitoring and behavioural analytics would provide a two-pronged deterrent to an insider threat like Nedry.
User activity logging records login attempts, file accesses and system changes and the enforcement of least privilege principles ensures users have only the access necessary to perform their job functions. IT security can also expect real-time alerts for suspicious activity such as unusual data access patterns.
Machine learning algorithms create profiles for each user, identifying typical behaviours. Risk scores are attached to any deviations from the norm. High scores are indicative of insider threats, with unusual data-related incidents triggering an investigation.
Access monitoring and behavioural analytics solutions often integrate with security information and event management (SIEM) systems. These correlate data from multiple sources and — by analysing data from logs, network traffic and other security sources — enable more comprehensive threat detection.
So, while Nedry was ultimately caught in a prehistoric face-off in the film, he would have been stopped in his tracks far sooner by Exabeam.
The Scene:
The electric fences surrounding the dinosaur enclosures and the tour cars go offline.
The Rewrite:
Robust fail-safes like redundant communication channels and network segmentation minimise downtime.
“Objects in the mirror are closer than they appear.”
In a catastrophic infrastructure failure triggered with malicious intent, both the electric fences and the tour cars go offline. The cars rely on the park’s computerised systems for navigation and safety, and the fences keep the carnivores from making a meal out of tourists.
Before infrastructure failure could occur, Exabeam’s behavioural analytics capabilities would detect compromised and malicious users and block them.
Widespread chaos would now be contained by network segmentation. Dividing the park’s computer network into smaller subnetworks, each with their own security policies, controls and access rules, would reduce the attack surface and the number of entry points affected by a breach.
Network segmentation with SOC teams also aids incident response efforts by isolating affected segments and preventing the spread of malicious activities. This containment allows security teams to investigate the incident more effectively — while keeping an eye on any roaming dinosaurs.
The Scene:
Deliberate power loss sees three deadly velociraptors escape their enclosure.
The Rewrite:
Real-time threat detection systems trigger automated responses to contain the problem.
“Clever girl…”
The electric fence failure enables the velociraptors to escape from the Containment Unit. The velociraptors go on to kill the game warden, Muldoon.
Today, the failure would be remedied before they could escape. At the first sign of malicious activity, the park’s security system would implement automated response mechanisms.
Intrusion detection and prevention systems (IDS/IPS) automatically respond to suspicious network activities, blocking malicious traffic in real-time and preventing attackers from infiltrating systems.
Security orchestration, automation and response (SOAR) platforms automate incident response processes and streamline remediation workflows, enabling predefined actions to be taken.
Vulnerability management systems, such as Cybanetix SOC, automatically identify, prioritise and remediate security vulnerabilities in IT infrastructure. Having detected a chink in the armour, the severity and potential impact is assessed, and patches applied to mitigate the risk of a worst-case scenario.
A lesson for the ages
Like the baby brachiosaurus in Jurassic Park, cyber security was only hatching in 1993. Decades later, it’s hitting its stride. From access monitoring and network segmentation to automated responses and real-time threat detection systems, security systems have grown up.
At Cybanetix, our partnership with Exabeam enables us to combat insider threats quickly and efficiently thanks to its machine learning enhanced technology. Any suspicious activity carried out by an insider threat like Nedry is automatically flagged and responded to, reducing the chance of dramatic and devastating scenarios playing out.
Thanks to modern-day breach detection services, an attraction like Jurassic Park could be the fun family day out John Hammond intended.
Still, the events of the film show there are cyber security lessons to be learnt by modern businesses, and IT security would do well to get their claws into better protocols before bad actors bite back.