CORE Security Digs Through Data to Find Threats

Milan Shah is senior vice president of products and engineering at CORE Security, a Boston provider of security testing solutions. He's well aware of the exponential growth in the volume, velocity, and variety of data at enterprises of every size. But when he's asked how all that data has affected his job, he offers a surprising response.

"It's made our job significantly more interesting," he said. "When you have the mass of data you have today, you can no longer analyze everything. It's impractical, because of the sheer size. You have to have other technology."

CORE develops test software, based on thousands of known exploits, to help organizations identify critical exposures to their infrastructure and preempt risk. Shah told me its predictive security intelligence platform helps organizations take control of their security infrastructure, communicate risk more effectively, and make better decisions to ensure business continuity.

"The greatest risk an organization can take is to remain reactive in the face of today's IT threats," he said. "Any enterprise that hopes to survive and thrive must go on the offensive and preempt attacks rather than wait to deal with their consequences."

How does CORE Security help organizations do that? The first step, Shah said, is to think like an attacker. Enterprise networks are under constant assault from viruses, worms, and hackers, so CORE engages in attack planning from the attacker's point of view. That includes considering all the potential steps of an attack and modeling the attacker's knowledge of the world.

The next step is developing algorithms for probabilistic attacks and using them in conjunction with automated analytics and real-time forensics to identify areas of concern in a network. Because there is so much data, CORE does not try to evaluate all of it. Rather, it uses heuristics -- algorithms that focus on the most likely areas of concern, rather than every possible area. "We look at infrastructure data to validate the security of networks and evaluate the effectiveness of security systems." Customers then test and measure their security by replicating attacks against their own environments.

The objective is to spot sophisticated attacks in the making, or to connect the dots between individuals, groups, attack types, and vulnerabilities inside and outside the organization. It's a complex task, Shah said, but most high-level executives don't seem to care about the details. "They generally don't care about the technical gobbledegook behind network security. They aren't interested in more data. They just want solutions to their problems."

Noreen Seebacher,

Noreen Seebacher, the Community Editor of Investor Uprising, has been a business journalist for more than 20 years. A New York City based writer and editor, she has worked for numerous print and online publications. Her work has appeared in The New York Times, the New York Post, New York’s Daily News, The Detroit News, and the Pittsburgh Press. She co-edited five newsletters for Real Estate Media’s and served as the site's technology editor.

She also championed the commercial real estate beat at The Journal News, a Gannett publication in suburban New York City, and co-founded a Website focused on personal finance. Through her own company, Stasa Media, Noreen has produced reports, whitepapers, and internal publications for a number of Fortune 500 clients. When she's not writing, editing, or Web surfing, she relaxes in an 1875 Victorian with her husband and their five kids, four formerly homeless cats, and a dog.

Big-Data Draws Attention at Interop New York

Even at a trade fair better known for seminars on information technology, big-data was too significant to ignore.

Time to Tame the Meta-Monster

All Analytics readers have serious issues with the data hidden in digital photos.

Re: That's the crux
  • 7/6/2012 7:05:20 PM

Yes Lyndon, you're right.

A damaging cyberattack against Iran's nuclear program was the work of U.S. and Israeli experts and proceeded under the secret orders of President Obama, who was eager to slow that nation's apparent progress toward building an atomic bomb without launching a traditional military attack, say current and former U.S. officials.

The origins of the cyberweapon, which outside analysts dubbed Stuxnet after it was inadvertently discovered in 2010, have long been debated, with most experts concluding that the United States and Israel probably collaborated on the effort. The current and former U.S. officials confirmed that long-standing suspicion in early June, after a New York Times report on the program.

Re: That's the crux
  • 7/6/2012 7:00:29 PM


Seth writes

It reminds me of the well known F.B.I. software 'Carnivor'.  Either way, it really shows that attacks or spying can come from anyway, even a government


Surely the Elephant in the Room on this issue is the Stuxnet virus, designed and deployed by the U.S. government, which has gone way out of control and now in the hands of Web terrorists threatens to be unleashed as malware against the public at large.


Report: Obama Ordered Stuxnet to Continue After Bug Caused It to Spread Wildly


Re: That's the crux
  • 7/6/2012 7:50:50 AM

The company believes an effecient algorithm exists that provides optimal attack plans with computational complexity O(n log n), where n is the number of actions and assets in the case of an attack tree (between two xed hosts), and O(M2 n log n) where M is the number of machines in the case of a network scenario.

Re: That's the crux
  • 7/6/2012 12:46:27 AM

Thanks for sharing this Noreen. Did Shah mention about the kind of large data available there which can help them boost the performance of their alogorithms if they wanted to ?

Re: That's the crux
  • 7/5/2012 10:32:46 PM

It reminds me of the well known F.B.I. software 'Carnivor'.  Either way, it really shows that attacks or spying can come from anyway, even a government.  It could come from corporate espinioge. Some competitors are more ethical than others. 

Re: That's the crux
  • 7/5/2012 11:39:25 AM

Interesting stuff on the flame virus, including the fact that there is speculation is was built by a government entity.

Moscow - While the identity of the Flame virus authors remains elusive, a security company is convinced that the evidence points to a sophisticated government operation.

"Who built Flame? It's some government; I don't know which exactly because we don't have any real hard proof, but it's not the usual cybercriminals," Alex Gostev, chief security expert at Kaspersky Lab told News24.

He said that though Flame made headlines, it was not the first super virus and it is likely that the developers are already working on a more advanced version.

Re: That's the crux
  • 7/3/2012 9:22:01 PM

It good to be pro-active.  I'm wondering how security is responding to new types of threats such as the flame virus, a virus that can learn about the system it's attacking and adapt in order to hide. 

Re: That's the crux
  • 7/3/2012 1:38:37 PM

Yes, absolutely. But I'm a bit surprised upper management isn't at least curious about the solutions. I'm no tech expert but I enjoy having an understanding of the gobbledygook!

That's the crux
  • 7/3/2012 1:19:21 PM

Hi Noreen. I find myself wanting to substitute in just about any business term for Shah's use of the words "network security," in his closing quote: "They generally don't care about the technical gobbledegook behind network security. They aren't interested in more data. They just want solutions to their problems." Because, really, isn't that what analytics is supposed to be all about, regardless of discipline?