"It's made our job significantly more interesting," he said. "When you have the mass of data you have today, you can no longer analyze everything. It's impractical, because of the sheer size. You have to have other technology."
CORE develops test software, based on thousands of known exploits, to help organizations identify critical exposures to their infrastructure and preempt risk. Shah told me its predictive security intelligence platform helps organizations take control of their security infrastructure, communicate risk more effectively, and make better decisions to ensure business continuity.
"The greatest risk an organization can take is to remain reactive in the face of today's IT threats," he said. "Any enterprise that hopes to survive and thrive must go on the offensive and preempt attacks rather than wait to deal with their consequences."
How does CORE Security help organizations do that? The first step, Shah said, is to think like an attacker. Enterprise networks are under constant assault from viruses, worms, and hackers, so CORE engages in attack planning from the attacker's point of view. That includes considering all the potential steps of an attack and modeling the attacker's knowledge of the world.
The next step is developing algorithms for probabilistic attacks and using them in conjunction with automated analytics and real-time forensics to identify areas of concern in a network. Because there is so much data, CORE does not try to evaluate all of it. Rather, it uses heuristics -- algorithms that focus on the most likely areas of concern, rather than every possible area. "We look at infrastructure data to validate the security of networks and evaluate the effectiveness of security systems." Customers then test and measure their security by replicating attacks against their own environments.
The objective is to spot sophisticated attacks in the making, or to connect the dots between individuals, groups, attack types, and vulnerabilities inside and outside the organization. It's a complex task, Shah said, but most high-level executives don't seem to care about the details. "They generally don't care about the technical gobbledegook behind network security. They aren't interested in more data. They just want solutions to their problems."