THE EVOLUTION OF CYBER SECURITY
Benefits of SOAR Technology and Artificial Intelligence
By: John M. Bell, Ph.D. and Stephen C. Cardot
EXECUTIVE SUMMARY
Cyber threats will become potentially more harmful as algorithms are employed and artificial intelligence becomes pervasive in affecting aspects of everyday life and business. Unfortunately, as hackers become savvier, it’s not enough for a corporation to secure network systems to recognize a threat before, during or even after their network devices are compromised. One of the biggest problems in the cyber security industry today is that security operations teams are increasingly managing a profound amount of incoming threat data as well as having a shortage of skilled IT staff to address cyber attacks. This often translates into IT departments being operated by a smaller number of technically skilled people. Adequate training is also a concern. These facts combined with the pressure to adopt new technologies as budgets are shrinking is particularly concerning as the threat landscape becomes more complex. Thus, it is essential that organizations utilize proactive security, orchestration, automation, response (SOAR) technology and the comprehensive automated intelligent mitigation capabilities across their data networks to keep up with the growing sophistication and organization of well equipped and well-funded cyber criminals and state-based threat actors.
A recently patented SOAR technology represents a significant evolution in cyber security that essentially provides security teams customizable (risk) controls to streamline and accelerate the investigation and neutralization of cyber threats. SOAR allows IT teams to reduce their risk management resources and the need for human intervention required to respond to security incidents when identifying network breaches. The functional elements of SOAR’s automated intelligence and deep machine learning technology enables the identification of anomalous traffic and patterns, correlate data across systems and perform behavioral risk analytics on users and entities near real time.
Distributed Denial of Services (DDoS) attacks over 5Gbps grew by 967% over the past year. Concomitantly, attacks under 5Gbps increased exponentially and increased by 257% last year. The exploitation of smart devices and IoT devices, as well as cyber-criminal innovations are leading to more frequent and complex multi-vector attacks. This dramatic increase in attacks and their size is the result of attackers amassing complex giant botnets including insecure IoT devices. Multi-vector attacks combined with high volume floods, including application-layer attacks and TCP-state exhaustion attacks are increasing attackers’ chances for success. Ransomware in the U.S. is forcing cities, counties, states, businesses, universities, and telecommunication companies into tough choices. Either pay the ransom and encourage criminals to continue bringing essential services to their knees, or refuse and be left with a massive cleanup bill. SOAR helps security operations teams effectively secure the network perimeter of businesses, governmental agencies, and universities by optimizing their ability to detect and respond to threats (both ingress and egress) faster, quantify key performance indicators, and reduce day-to-day workload through improved intelligence and reporting, streamlined workflows and automated response playbook actions.
INTRODUCTION
Today, municipalities, universities, and corporations must employ cybersecurity systems that manage new hacking threats by taking a holistic view of their entire network data ecosystem and choose how to best protect the privacy and security of their digital data assets. So, what is hacking? Hacking refers to activities that seek to compromise network data, by compromising the digital devices, such as computers, smartphones, tablets, and even entire networks that transport data. And while cyber hacking may not be malicious, nowadays most references to hacking and hackers, is
characterized as unlawful activity by cyber-criminals motivated by financial gain, protest, information (spying), and just for the “fun” of the challenge. More concerning is that cyber hackers have begun to use automation including artificial intelligence to carry out attacks at speeds that are effective at circumventing security command and controls. Therefore, proactive response capabilities are essential to the security of today’s networks and they must be more than anticipatory. Automated Intelligence (AI) and SOAR are not only the next generation advancement in cybersecurity, they are the evolutionary approach to protect networks going forward. (Figure 1).
CYBER SECURITY EVOLUTION MODEL
Cybersecurity in practice, is reactionary. CyberSafety however, is not a reactionary response to a threat, but rather the proactive anticipatory preparedness of AI/SOAR technology (Figure 1). The basis for the anticipatory cyber safety approach evolved from combining software defined networking (SDN) methods with security automation and automated intelligence. Traditional networking is being progressively replaced by SDN capability that enables dynamic programmable networks. It is the new promising approach to designing, building and managing more secure networks. Although SDN promises more flexible network management (Vizv´ary and Vykopal, 2014), the real answer lies within today’s SOAR orchestration, automated intelligence and deep learning risk aware security. Thus, the combination of SDN and SOAR AI deep learning will outpace the conflict between cyber-attacks vs. cyber defensive systems.
Embedded SOAR has been a buzzword in the security space for some time. Recently, the U.S. Patent Office issued several new patents that completely embrace SOAR systems, methods and architecture. One patent, No. US 10326777 B21 covers the Internet technology used to identify threats, orchestrate security, automate security, and apply AI-based proactive response. The three key elements of SOAR technologies employ: 1) orchestration methodologies that interface multiple cybersecurity technologies to prevent an attack, and 2) automated technology that automatically writes a new-rule and inserts the rule into the exact area of the code to prevent a new never-before-seen (polymorphic) attack within milliseconds, without human intervention. In short, from the inspection mode to the analytic mode to the action mode, i.e., SOAR technology automatically inserts proactive security code to block a cyber-attack and alert (react) the security technology of the attempted breach and stops it at the first packet handshake. The unique factor of SOAR technology is that its “R” or response attribute, literally represents three proactive risk attributes, i.e., risk aware, risk response, and risk reporting.
SOAR can not only prevent all known forms of cyber-attack, but also can “learn” to anticipate any future attack from new “unseen” mutated attack threat. The automation and orchestration features of SOAR have reached a level of sophistication where it can be integrated into an existing security framework without relying on human assistance. Therefore, the motivation behind this paper is to provide a perspective on AI-based SOAR technology and how it effectively prevents attacks.
BENEFITS OF SOAR ORCHESTRATION AUTOMATION TOOLS
Today organizations battle complex multi-vector cyberattacks, complicated technology environments, and a growing skills gap making response more complicated than ever. Even for the most skilled team, keeping up with the day-to-day threat landscape, increasingly complex IT environments, changing regulatory compliance mandates, and mounting security alerts is not easy to achieve, let alone being able to do it quickly and accurately.
SOAR software is capable of integrating into a range of new and existing platforms or applications which allow its proactive defensive nature to increase effectiveness in stopping, containing, and preventing cyber-attacks.
Now let’s take a deeper look at the benefits of the orchestration and automation tools within SOAR technology and fully define what we mean by automated orchestration and intelligence. SOAR orchestration is a method whereby disparate security systems are integrated so that they can become aware of security threats and information collected across the entire security ecosystem. Automated intelligence hence forth definition is based on the principle that algorithms can understand, analyze and perform cognitive assigned tasks effectively and remove the human factor of their learning process using algorithms to bolster situational risk awareness to further perform specific assigned tasks. Listed below are some of the AI orchestration and features:
ORCHESTRATION:
• Capable of integrating disparate security systems.
• Improve and enable measurement of SOC productivity.
• Alleviate skills gap and staffing shortages.
• Improve speed of the data breach notification process.
• Enable guide responses to complex attacks.
• Greater visibility and unified dashboard.
• Reduced SOC operating expense.
AUTOMATED INTELLIGENCE:
• Instantaneous deep learning.
• The ability to “hunt” threats.
• Predictive threat management.
• Co-mingles and streamlines the alert process.
• Reduces workflow barriers.
• Alleviate staffing shortages and the need for human assistance.
The unspoken benefit of SOAR’s orchestration and automated intelligence capabilities is realized with the delay in response of a data breach. According to the Ponemon Institute’s 2018 Cost of a Data Breach study, a data breach goes undiscovered for an average of 197 days. It takes another 69 days to remediate the data breach. By the time the security failure is discovered and fixed, the damage is already done. The criminals responsible had unfettered access to databases full of valuable data — your intellectual property including third party vendor data. Not to mention the personal private information of hundreds of millions of customers who had the bad luck of doing business with a company that got hacked. Hence, to be cyber safe must go beyond thinking response in zero-days to thinking in zero seconds. Therefore, sub second reaction is required to be cyber safe.
Even more alarming is the cost of a data breach. Cyber-criminals want to steal names, email addresses, usernames, passwords, and credit card numbers. Personal private information is not the only thing cyber-criminals will steal. They will take any data that can be sold, used to breach other accounts, steal your identity, or make fraudulent purchases. The fines, clean-up costs, legal fees, lawsuits, and even ransomware payouts associated with a data beach add up to a lot of money. The same Ponemon study found the average cost of a data breach to be right around $3.9 million, an increase of 6.4 percent over the previous year. While the cost for each stolen record came in at $148, an increase of 4.8 percent over the previous year. According to the same study, the chances of experiencing a data breach are as high as one in four.
SOAR: INGRESS AND EGRESS DATA
A common and often overlooked vulnerability impacting professionals in the manufacturing industry is data egress or often referred to as DLP (data leakage prevention). The best way to combat it is to better understand what it is and how it impacts organizations. Data egress refers to data leaving a network in transit to an external location, the opposite of that being data ingress. Egress traffic is a term used to describe the volume and substance of traffic transferred from a host network to an outside network. This can happen via simple everyday actions like sending outbound email messages, cloud uploads, transferring files to external storage, web uploads and removable hard drives.
Understanding what cyber criminals are looking for when it comes to egress data can help security professionals narrow down how to make data sharing more secure. We know most cyber criminals are targeting sensitive, proprietary, or easily monetizable information, but it is important to remember that this information is also coveted by competitors, nation states, and malicious insiders. These criminals use various data exfiltration techniques, such as backdoor Trojans or leveraging built-in Windows tools like Windows Management Instrumentation (WMI), to steal or expose sensitive data. While data loss is always a serious issue, imagine the amount of data traveling across a supply chain from just one manufacturer to several different wholesalers or customers. Infiltrating the data egress of one manufacturer can have a devastating impact on hundreds of companies.
To help cut down on the amount of data breached by data egress, organizations should ensure that their cyber security solution has a SOAR level of egress filtering, which involves monitoring egress traffic to detect signs of anomalous activity. SOAR provides successful data discovery and proactive network awareness for effective security of data egress within a network system.
DDOS ATTACKS
Denial-of-service cyber-attacks can have profound consequences on a business, computer networks, or the private sector user. Even more concerning is that the frequency of these types of cyber-attacks are on the rise (Mahjabin, et. al., 2017). Briefly, there are two classes of denial-ofservice cyber-attacks. The first class is the basic denial-of-service (DoS) which is a cyber-attack in which the perpetrator seeks to make a network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to the Internet. Denial of service is typically accomplished by flooding the target or resource with superfluous requests to overload the system and prevent some or all legitimate requests from being fulfilled. The second class is the more complex distributed denial-of-service attack (DDoS attack) in which multiple compromised computer systems, i.e., synchronize attack of a target, such as a server, website or other network resource, and cause a denial of service for users of the targeted resource. This effectively makes it impossible to stop the attack simply by using ingress filtering. It also makes it difficult to distinguish legitimate user traffic from attack traffic when spread across multiple points of origin impossible to stop the attack simply by blocking a single source. What is even more staggering is that the frequency of these synchronized DDoS attacks is on the rise and represent the greatest threat to the availability of networks, applications and online services. The main victim for a DDOS attack is web server or proxy server. The attack strategy can be either manual, semi-automatic, or automatic and usually is some form complex multivector attack to drop the packets which exceed some threshold limits arising from one or more sources (Mahjabin, et. al., 2017). Let’s look a little closer at the attack strategies of the three DDoS attack methodologies.
1. DDoS attacker creates what is called a command-and-control server to command the network of bots, also called a botnet. A computer or networked device under the control of an intruder is known as a zombie, or bot;
2. The second type are network-centric or volumetric attacks overload a targeted resource by consuming available bandwidth with packet floods;
3. The third type are protocol attacks that target the network layer or transport layer protocols using flaws in the protocols to overwhelm targeted resources. Ultimately, the perpetrator effectively makes network resources unavailable to its intended users by either of the three types of attacks by successfully disrupting either temporarily or indefinitely the host’s connection to the Internet (Mahjabin, et.al., 2017).
FREQUENCY OF DDOS ATTACKS
DDoS attacks have reached new levels in the past year, advancing in both style and severity. The recent trends indicate we can expect to see more of the same in future (Chadd, 2018). Half of all organizations today have been victims of DDoS attacks and 42% of those organizations report they were hit multiple times (Belding, 2019). The DDoS landscape is driven by a range of actors, from malware authors to opportunistic entities offering services for hire. They are a busy group and constantly evolve new technologies enabling new services while utilizing known vulnerabilities, pre-existing botnets, and well-understood attack techniques. A recent report also outlined advances in DDoS attacks, revealing the new techniques cybercriminals are using that caused a 16% increase in attacks last year (Bayern, 2018).
Every day more than 1000 sizable different DDoS attacks are tracked by them around the world. Attacks sized 100Gbps and higher increased by 967% in Q1 2019 compared to Q1 2018, the report found. The largest attack measured — 587Gbps — was more than 70% larger than the biggest attack in the same period in 2018 (345Gbps) (Raymone, 2019). Additionally, they reported that while the largest DDoS attacks experienced the most growth. However, smaller attacks under 5Gbps also increased exponentially and increased by 257% in the last year. They also report that this year’s attacks use a variety of ports and protocols to locate and exploit vulnerabilities. Even more concerning is that they change their signature identity in milliseconds over the course of the attack with 51% targeting three or more vectors.
DDOS AND THE CLOUD
Cloud providers currently enjoy a profound opportunity in the marketplace due to its benefits like fast deployment, pay-for-use, lower costs, scalability, rapid provisioning, rapid elasticity, ubiquitous network access, greater resiliency, hypervisor applications, data storage solutions, on-demand
network controls, the possibility of real time detection of service tampering and rapid reconstitution of services. However, the burden that cloud service providers have is that they attempt to ensure that they can provide a service foundation , however the user is responsible for their security, as for cloud providers are not the ones who will shoulder the responsibility of a data breach, if security goes wrong. Consequently, until some of the risks are better understood, and cloud security is more available, many of the major players will not embrace the cloud and will be tempted to hold back from using its benefits (Su, 2019).
The benefits of cloud service providers are they deliver their scalable services by sharing infrastructure, platforms and or applications. Cloud technology divides the “as-a-service” offering without substantially changing the off-the-shelf hardware/software that sometimes comes at the expense of security. Underlying components that comprise the infrastructure
supporting cloud services deployment may not have been designed to offer strong isolation properties for a multi-tenant architecture or multi-customer applications. This can lead to shared technology vulnerabilities that can potentially be exploited in all delivery models.
SOAR AND DDOS
Denial-of-service (DDoS) cyber-attack is todays’ most highlighted and important cyber-attack and they are on the rise (Raymone, 2019). The targets of these DDoS attacks range from the in-home user, businesses of all scale to government agencies. In some attacks, a victim can be an ecommerce site, a bank, a commercial organization, or even an Internet service provider (ISP).
Today’s DDoS attacks are increasingly multi-vector and multilayered, employing a combination of large-scale volumetric assaults and stealth infiltration targeting the application layer. Organizations must place as much emphasis on security as they do on any other part of their business if they are to stand a chance at surviving a cyberwar-like attack.
It’s easy to see why DDoS attacks today, are considered one of the most serious threats to Internet availability given that the Internet’s resilience is coming down to a fraction of a second. Response times must be in milliseconds and only SOAR technology is able to thwart these DDoS attacks. Relying on human intervention is archaic and too late. New complex and multivector DDoS attacks are short in duration and are much quicker — with 63% lasting under five minutes (reference). Organizations that rely on the human response are failing to identify that they’ve been hit by a DDoS attack. Even more so, the everyday DDoS attack cannot be properly defeated with traditional Internet gateway security solutions such as firewalls, Intrusion Prevention Systems and the like. Similarly, on-demand cloud-based DDoS scrubbing alternatives cannot achieve successful mitigation with the low volume, short-duration attacks that are now impacting organizations every day.
SOAR AND THE CLOUD
Cloud providers are the attractive target for the hackers to attack as massive amounts of data are stored within cloud computing services and centers. However, despite of the many advantages of the cloud services there are lots of issues in cloud computing environment regarding the security of cloud transaction’s shared access including data storage. Understanding the capabilities of SOAR will provide the reassurance to cloud users as to the security capabilities SOAR technology extends to cloud users as well as its potential to decrease operational costs through streamlining security and effectively establish proactive cyber safety applications.
Review of several potential cloud users indicate that the “potential inability” of cloud services to provide cyber-security and threat protection assurance from of denial of service (DDoS) attacks and worm containment is their fundamental concern blocking their adoption of a cloud security platform
(Tabassam, 2017). Fortunately some of today’s SOAR providers and SOAR capabilities that include automated intelligence machine learning and millisecond response technology do provide unequivocal protection and enable users to identify and respond to anomalous traffic and patterns,
correlate data security across systems, and perform behavioral analytics that will outpace the coevolutionary war of DDoS cyber-attacks vs. cybersecurity (verbal citation, Demopoulos, 2019). The benefit of SOAR technology in the cloud is that it is capable of being deployed and provide an organization the ability to implement an automated intelligent (AI) cloud-driven security strategy. The underlying basis of SOAR is that it can also be deployed as an orchestrated solution that enables the exchange and coordination of relevant security controls concerning known security threats, shared security communities, and external security vendors’ emerging threats into intelligence suitable for automated decision-making, and be able to leverage new intelligence updates to empower cloud security automation including accuracy and proactive methods.
SOAR: SOC VS. N-SOC
The main efficiency when SOAR is deployed correctly is that it gives an organization the foundation required to implement an automated intelligent-driven real-time security strategy, i.e., cyber safety in milliseconds. You may ask why is this important? Even for the most skilled IT team, keeping up with the threat landscape’s increasingly complex IT environments, changing regulatory compliance mandates, and mounting security alerts is not easy to manage, let alone do quickly. Historically, attempting to meet these security objectives has necessitated coordination and manual labor, and yet has failed to resolve threat of breach. Now, with the SOAR technology available, one can codify and automate and orchestrate security objectives, yielding faster time to market. Working off a SOAR platform is critical to successful coordination, detection and response initiatives, as it keeps knowledge sharing fluid and instantaneous. Security orchestration integrates different technologies and enables implementation of automated instantaneous defensive actions, i.e., it increases your effectiveness in stopping, containing, and preventing the attacks.
An [effective] security operation center (SOC) must have three key interrelated components: cyber security platform, people, and process (Crowley, 2019). The advent of SOAR reduces the financial burden of a SOC. In the past, a fully functioning SOC allows you to monitor, detect, investigate, and respond to cyber threats 24/7. The problem with SOCs is that it requires human assistance which can be both expensive and difficult to find skilled staff. Another problem that is more critical is that SOCs require human intervention to stop the cyber-attack which in this sub-second cyber world, is not fast enough to stop and prevent the attacks.
The SOC is an expensive proposition with substantial operational costs and staffing needs. Facility overhead and labor costs are reduced since SOAR represents the N-SOC (No-Security Operation Center) technology. SOAR technology operates automatically and is responsible for the ongoing operational component of enterprise information security including sub-second risk awareness, reaction, and reporting factors.
INTERNET OF THINGS AND DDOS ATTACKS
Over the past decade computer networking has changed from localized servers and desktops contained within four walls to a world filled with mobile devices (Donner, 2019). The Internet was created utilizing insecure networking, switches and routers that ensured high-capacity traffic handling and support over a protocol-based network. Security was an afterthought, brought about by the advent of encryption and virtual private networking. The advent of low-capacity traffic handling Internet-connected devices or Internet of Things (IoT) devices that are simply devices that are not part of traditional computing networks. IoT devices are everywhere and transforming our personal lives and the way we do business (Donner, et., al., 2019). However, the multitude of performance benefits IoT devices possess come with drawbacks. IoT devices are a common weapon in enormously destructive DDoS attacks and are predicted to be increasingly used as both attack targets and sources (Netscout, 2019; Paul, 2019). IoT devices are soft targets for cyber criminals and other aggressors due to of their lack of fundamental security controls. The firmware in most IoT devices does not have the same level of protection as do the operating systems running on most computers. This means that they can be easily hacked and added to botnets, which are used to launch attacks against organizations.
The rapid diversification of IoT devices is creating an enormous problem when interconnected multiple highly heterogeneous networked entities (Mahjabin, et. al., 2017). All too often these devices are not designed with security in mind. Moreover, cyber threats will become potentially more harmful as they develop algorithms that become pervasive in affecting aspects of everyday use of mobile devices (Donner, 2019). Thus, exploitation of these highly heterogeneous IoT devices and attack innovations are leading to more frequent and complex attacks that are increasingly being used to wage massive DDoS attacks against corporations, municipalities, and governmental agencies that literally can shut down operations altogether (Mahjabin, et. al., 2017; Tabassam, 2017; Donner, et. al., 2019; Cimpanu, 2019). SOAR technology can stop these attacks by creating an unbreachable perimeter preventing a cyber-criminal’s compromise.
SOAR PROTECTION AT THE IOT PERIMETER
Ransom Denial of Service (RDoS) attacks are increasingly more common as cyber-criminals hang on the edge of networks launch their assault attempting to extort money from their victims, especially universities and municipalities (Cimpanu, 2019). In these attacks, the criminal will typically send a message to the victim demanding a ransom and if the victim refuses to pay, the attackers threaten to harm important infrastructure services or expose personnel private information from their hack. Doing so almost certainly encourages the same or similar threat actor groups to come back around again later attempting to collect their daily dose of extortion racketeering money.
Recently, hackers broke into the information technology software used by 22 cities that shared the same managed outsourced subcontractor. Texas officials confirmed that computer systems in 22 municipalities have been infiltrated by hackers demanding a $2.5 million ransom (Allyn, 2019). Unfortunately, this is the risk cities across the country face as their online services increase and their digital dependency on IoT devices continues to increase, especially mobile devices.
SUMMARY
Today’s Internet threat landscape is constantly evolving, sophisticated and complex, and security operation teams are finding it increasingly difficult to keep up. AI-based SOAR — automated deep learning technology is redefining every aspect of cybersecurity from proactive to anticipatory capabilities that operate in milliseconds and remove the need to rely on human intervention. The advent of SOAR technology comes at a time when the cost of cyber protection is increasing, and corporations bottom line are severely impacted due to a data breach. The pressure is growing to adopt new technologies and budgets are shrinking, leaving security operation teams increasingly dealing with serious resource constraints. This is particularly concerning as the threat landscape becomes more and more dangerous and complex. The big problem is that security operations teams are increasingly managing a profound shortage of skilled IT staff in a cyber world where an attack can take a network down in less than a second. This often means IT departments are being run by a small number of people, some of which may not be adequately trained for the job at hand. SOAR technology and its instantaneous risk aware-reaction-report capabilities can transform an organization’s security operation into a N-SOC strategy.
While IoT devices make it possible for organizations to diversify their operational reach more efficiently, they are too often used with little regard to their security risk. The rush to deliver new types of IoT technologies sacrifices security. It’s easy for malware to compromise networks, or for a hacker to gain access through them and steal critical information once IoT devices are on the network. The exploitation of these highly heterogeneous IoT devices and innovation from DDoS attack services are leading to more frequent and complex attacks that are increasingly being used to wage massive data breaches. Fortunately, the timely advent of SOAR technology protects the edge of a network from hackers attempting to use IOT devices as their infection host. SOAR creates a defensive-aware barrier at the edge and thereby encircles a customer’s entire network. Today’s networks need a human-less approach, i.e., N-SOC, to manage their data security in milliseconds. SOAR is an important aspect of any advance cybersecurity strategy to monitor the network and perform actions to protect data from potential threats especially in today’s cyber climate. SOAR’s automated intelligence is the best-line of defense to understand and mitigate anomalous behavior on the network and automatically respond to the threat-reducing dwell time of a breach target. Lastly, the “R” of SOAR represents the three “Rs” risk aware — react — report – and the 3Rs remove all the manual, menial tasks of IT security teams so they can focus on more important cyber tasks and feel safe in the knowledge that their customers are protected. Ultimately, SOAR helps network administrators and security operation teams to optimize their ability to detect and respond to cyber threats faster, quantify key performance indicators, and reduce their day-to-day workload through improved risk intelligence and risk reporting.
REFERENCES
Allyn, B. 2019. 22 Texas Towns Hit With Ransomware Attack In ‘New Front’ Of Cyberassault. https://www.npr.org/2019/08/20/752695554/23-texas-towns-hit-with-ransomware-attack-innewfront-of-cyberassault.
Bayern, M. 2018. Advanced DDoS attacks up 16% from last year: Watch for these methods. https://techrepublic.com/article/advanced-ddos-attacks-up-16-from-last-year-watch-for-thesemethods
Belding, G. 2019. Threat Hunting for DDoS Activity and Geographic Irregularities. InfoSec. https://resources.infosecinstitute.com/category/enterprise/threat-hunting/iocs-and-artifacts/threathunting-
for-ddos-activity-and-geographic-irregularities/#gref.
Chadd, A., 2018. Network Security. (7): 13–15.
Cimpanu, C. 2019. No municipality paid ransoms in ‘coordinated ransomware attack’ that hit Texas. https://www.zdnet.com/article/no-municipality-paid-ransoms-in-coordinatedransomware-attack-that-hit-texas.
Crowley, C. Common and Best Practices for Security Operations Centers: Results of the 2019 SOC Survey. SANS Institute. https://www.sans.org/media/analyst-program/common-practicessecurity-operations-centers-results-2019-soc-survey-39060.
Demopoulos, R. 2019. CTO CloudCover USA. Minneapolis MN.
Donner, H., Steep, M., and T. Peterson. 2019. Crossing the Urban Data Layer: Mobility as a Data Generating Activity. Stanford School of Engineering Disruptive Technology and Digital Cities Program.
Johnson, J. 2019. Cybersecurity maturity model lays out four readiness levels. https://searchsecurity. Techtarget.com/tip/Cybersecurity-maturity-model-lays-out-four-readinesslevels? src+5923837&asrc+EM_ERU_116181485&utm.
Mahjabin, T., Xao, Y., Sun, G., and Jiang, W. (2017). A survey of distributed denial-of-service attack, prevention, and mitigation techniques. International Journal of Distributed Sensor Networks, vol. 13, 12.
Nazario, J. 2008. DDoS attack evolution. Network Security (7): 7–10.
Netscout, 2019. NETSCOUT Arbor’s 13th Annual Worldwide Infrastructure Security Report (WISR).
Paul, F. 2019. “Six IoT predictions for 2019”. Network World.
https://www.networkworld.com/article/3330738/six-iot-predictions-for-2019.html 174.
Ponemon, L. 2018. Cost of Data Breach. https://securityintelligence.com/ponemon-cost-of-a-databreach-2018.
Raymone, A.D., 2019. Major DDoS attacks increased 967% this year.
https://www.techrepublic.com/article/major-ddos-attacks-increased-967-this-year.
Su, J. 2019. Why Cloud Computing Cyber Security Risks Are On The Rise: Report. Forbes. https://www.forbes.com/sites/jeanbaptiste/2019/07/25/why-cloud-computing-cyber-security-risks-are-onthe-rise-report/#1d28acf85621.
Tabassam, J. 2017. Security and Privacy Issues in Cloud Computing Environment. J Inform Tech Softw Eng., 7:5.
Vizv´ary, M., and J. Vykopal. 2014. Future of DDoS Attacks Mitigation in Software Defined Networks. In., Monitoring and Securing Virtualized Networks and Services. (8): 123–127.
1 US Patent Office No. US 10326777 B2 covers the Internet technology used to identify threat, security orchestrate, automate, and apply incident response utilizing its SOAR technology to automatically generate in millisecond, custom rules directing one or more of its defensive module technologies to prevent subsequent communication traffic from specific sources from infecting a customer’s protected network.
© CloudCover 2019 All rights are reserved.
ACKNOWLEDGMENTS
The author is thankful to Jim Libersky, Robert Demopoulos and Marc Weintraub for their support and technical assistance during the writing of this paper.
