Preventing Target’s Massive Data Breach and the Ousting of CEO Gregg Steinhafel

Alex VarshavskyAlex Varshavsky, CEO, Talksum

Target announced last week that Chairman, President, and CEO Gregg Steinhafel has been ousted nearly five months after the retailer disclosed a massive data breach, which has hurt its reputation among customers and hammered its business. According to an Associated Press (AP) article, “experts say his departure marks the first CEO of a major corporation to resign in the wake of a data breach and underscores how CEOs are now becoming more at risk in an era when such breaches have become common.”

Preventing Target's Massive Data Breach and the Ousting of CEO Gregg SteinhafelThe Talksum Data Stream Router (TDSR) provides a mechanism for protection against security breaches. First of all, security revolves around the continued stability of a system within boundaries. A “security event” occurs when the stability of a boundary has been compromised. Ultimately, you need to know “what changed” and whether the changes were expected or unexpected. This is what the TDSR was built to do.

A couple of questions arise once an unexpected change occurs:

  1. Who is attempting to get unauthorized remote access from where, and how frequently?
  2. Why are login attempts failing on some hosts?
  3. Who is attempting to get unauthorized local (PAM) access from where, and how frequently?

In the first case above, the TDSR first looks at different layers within the data center, for example, the network layer, virtual hosts layer, and applications layer. Then it looks across sources within those layers and applies filters as necessary. For example, if a “filter 0” defines the source as an SSH, then a message is sent to a “filter 1,” which looks for a tag that equals “failed” to alert a failure. In that instance, the user, IP address, and time are immediately sent to the alerting database. In this case, the TDSR can show, in real time, how many IP addresses, for example, tried to attack the system.

In the second scenario, the TDSR looks at the physical host(s) and applications to filter anomalies that cause login attempt failures. If a “filter 0” defines its source as “NSLCD,” then it sends the information to “filter 1” that, upon a “connection_error” tag, writes a detailed message that may include time, the user, the error, the IP address, and so on, to the alerting system.

In the third example, the TDSR looks at the virtual host(s) and virtual applications, the physical host(s), and applications to filter local authentication errors. If a “filter 0” defines its source as “PAM,” then it sends the information to “filter 1” that, upon a “local_auth_error” tag writes a detailed alert that may include time, the user, the error, the IP address, and so on, to the alerting system.

These are just a few of many example security use cases that the TDSR can handle. The Talksum product uses a new approach to break down data silos to provide real-time actionability in response to security, compliancy, and compatibility-related information. In addition, the TDSR includes foundational components for regulatory compliance, government standards, and policy control, so it is easy to keep pace with on-going changes.


How Big Data Solutions Help Cyber Security at Reduced Costs

Alex VarshavskyAlex Varshavsky, CEO, Talksum

In a recent Beacon Report entitled Balancing the Cyber Big Data Equation, it was pointed out that Big Data is showing great promise on many fronts, including combat against fraud, waste, and abuse; improvement to our nation’s health; and capabilities to support cyber missions.Talksum Solutions Help Cyber Security

In addition, according to a webinar last summer entitled “Smarter Uncle Sam: The Big Data Forecast,” panelists identified what they felt were the top three priorities for government focus – enhanced cyber security, combining structured and semi-structured data, and using video/data visualization. In this blog, we’ll take a look at their top-most priority – cyber security and how Big Data can benefit.

According to the government-focused webinar panelists, a few – among many – applications where Big Data helped cyber security, included:

  • Postal Services: Uses Big Data today for the indicia – the postage block located in the upper right-hand corner of mail packages – to detect fraud. The Post Office loses millions of dollars of revenue because of criminals who are duplicating indicia marks on packages.
  • International Attacks: Uses Big Data to formulate bubble maps showing attacks from different nations. In the example given at the webinar, Big Data had been used to create a visual map that showed attacks from nations within a 20-minute time period. By marrying Big Data to visualization, a panelist noted that the agency could “see” who was attacking the most frequently in near real time.
  • Air Traffic: Uses Big Data to look at the routes airlines use and the density caused by the number of flights occupying the air space and other data that includes cyber security information. Officials can use this information to increase the efficiency and safety of airports.

In the Beacon Report, it was noted that Big Data and cyber security, together, “have the potential to fundamentally reinvent broken and siloed Federal information technology (IT).”  The report goes on to emphasize that there is tremendous value in the data currently segregated across the Federal government, but that agencies lack both infrastructure and policy to enable correlation, dissemination, and protection.

The good news today is that a solution does exist. The Talksum Data Stream Router (TDSR) was built for this – fixing broken and siloed information coming from multiple sources and in disparate file structures while enforcing strict cyber protection and detection capabilities. The TDSR ingests disparate data, aggregates, filters, data reduces (and eliminates data not of use or that grows stale at the collection point), and intelligently routes pertinent information down stream only to the designated recipients who have the need-to-know for their specific applications. In addition, since the TDSR works via machine-to-machine without personally identifiable information (PII), there is never a breach in personal identity. The solution allows for enhanced data and information sharing over a secure network.

In regard to challenges related to outputs from different agencies and vendors, the TDSR ingests any type of information and normalizes it so that the information “talks” the same language, creating a holistic approach that hinges on commonality at the receiving sources, which may include different BI and analytical tools, databases, and other storage devices. The system can immediately implement policy changes as they arise.

Furthermore, the Talksum solution is a fraction of the cost of comparable systems and its simplicity reduces the need for manpower and server requirements – from thousands of servers to two.

In this age of severe budget cuts, the TDSR solution allows agencies to take full advantage of both Big Data opportunities and the management of cyber threats.

The new approach taken by Talksum, in summary, offers government agencies a different way to provide for real-time, actionable insights and at the same time perform cyber security functions while reducing costs and the need for expensive servers and manpower.