The Dutch research institute TNO has worked with a variety of partners to develop self-healing security software.
The software is based on the capabilities of the human immune system and is based on the concept that cyber attacks can be evaded much faster by mimicking the human regeneration process in IT systems.
Cybersecurity has become an important agenda item for almost all Dutch organizations. While it is difficult to completely protect a company’s systems, cybercriminals need only one weakness and cannot afford to slip at all. This means that the criminal is, by definition, one level higher.
Bart Gisen I’m a TNO consultant He also participates in the Partnership for Cyber Security Innovation (PCSI) Self-Healing Project Team. “Every time an attacker comes up with something new, the victim has to find a defense mechanism. If a new protection is found, the attacker will come up with a way to crack it again,” he said. Talked about the competition.
To overcome this, TNO and various Dutch banks and insurers have been working on the possibility of new approaches to cybersecurity. “It was Rogier Reemer who started working as an enterprise architect at PCSI’s partner Achmea. He originally graduated as an immunologist,” says Gijsen.
Reemer found all sorts of similarities to the human immune system in the field of cybersecurity and gave an organizational presentation about it. “”At the same time, another partner in the PCSI program came to the conclusion that in the fight against cybercriminals, current cyberdefense views can never overcome deficiencies, “he said. “They wanted to see security in a radically different way.”
The strength of PCSI’s cooperation is that different parties can inspire and learn from each other. “We sat together and asked a TNO expert in the field of ICT. And Microbiology that contributes to ideas. “
The idea of autonomic computing was first presented by IBM in 2003 and wanted to allow systems to manage their ICT networks as autonomously as possible.
“It’s a great idea, but IT’s flexibility is actually pretty low,” he said. Gisen“Natural self-healing mechanisms are evolving. Designed and built in IT. This means that adaptive content for self-healing in traditional IT technology does not exist on its own. “
Nevertheless, for the last five years or so, the world has seen increasingly adaptable IT products. he Here is an example of a web server.
“In the past, starting and shutting down a web server required human intervention and took at least a few minutes, but it could easily take 30 minutes. Today, starting and shutting down a web server is fully automated. It’s possible to do it, and it’s only a few seconds. “
With this development, playback is possible. The fundamental difference between ICT systems and the human body is “disposable”. This means that the human body frequently replaces its own living cells.
Our immune system also uses this principle.The cells Infected Viruses accelerate the update process.
Another important difference is that the human body functions in a distributed manner. In IT networks, central security software runs and as soon as an attacker hacks a workstation, Cut off From the network so that the rest of the environment is kept safe. In the human body, each cell performs its own scan.When a cell becomes infected, the cell shuts down itself Warn all other cells without control From above..
“We are also building a decentralized disposability system for IT,” he said. Gisen“TNO achieves this by building a distributed system, repairs itself, and recognizes the moment.”
He said existing container technologies like Kubernetes and Docker are at the heart of this technological rebirth. “This technology already includes restart and update options, but we’ve added the ability to the software to allow the container to update at preset intervals,” Gijsen said.
This update ensures that there are several moments during which a cyberattack can be intercepted. In addition, the software includes anomaly detection, so containers that detect anomaly behavior can be terminated immediately without first passing through the central system. “This allows for very quick intervention if something goes wrong,” he said.
Disposables have two major advantages to cyber security. One provides protection against undetected infection attacks and the possibility of automatically increasing protection in the event of suspected infection.
“This development is part of an automated security trend,” he said. Gisen“This allows us to respond quickly in the event of an attack. It also gives cybersecurity professionals the opportunity to focus on the cause rather than constantly extinguishing the fire.”
He said the system does not replace current security measures. “It complements existing security mechanisms and has the added value of being able to respond at“ machine speed ”. “
Close the front door
Gisen Does not expect self-healing software to be the holy grail in the rat race between cyber attackers and defenders.
“Rat races don’t disappear suddenly, but this technology makes a difference,” he said. “Once attackers have been using automation tools for years, we are also beginning to develop effective automation techniques for defense. This is a new weapon in the defender’s arsenal. “
Hackers primarily target widely used software. TNO’s self-healing software has not yet been used on a large scale, so attackers will not target it for the time being. Gisen..
“But of course You have to wait until cybercriminals attempt to attack this technology. Still, that’s not a reason not to use self-healing software.
“Organizations that do not apply this type of technology have been found to be good targets for attackers. Although they cannot be 100% secure, this software allows attackers to break into the network. This means that you have to work hard for it. “In other words, criminals are more likely to ignore closed homes than homes with wide open front doors.
The research institute, TNO, is not the party that brings the software to market commercially. The organization has made self-healing software available under the following conditions: Open source license Organizations such as IT service providers also want to unlock the potential of software in their own security products.
“We are inspiring and hope the market will accept this,” Gijsen said.
Companies outside the Netherlands are also invited to use TNO’s self-healing security software.
Dutch researchers develop security software that mimics the human immune system
Source link Dutch researchers develop security software that mimics the human immune system