User:Narus cto/sandbox

= Cyber 3.0 =

= Genesis =

In recent years the Web has transitioned from its original paradigm (Web 1.0) where servers offered pages with static content, to Web 2.0 where users are able to provide content for dynamically created web pages, to Web 3.0 (a.k.a. the semantic web). Although there are several definitions of Web 3.0, several of them involve semantic to information to be attached to web content so that it can be used not only by humans, but also by machines. In other words, according to a possible interpretation of Web 3.0 computers are able to "understand" web content, correlate data found on different documents and servers and possibly generate new content to be provided to users and other computers.

An analogous evolution can be observed in the cyber world.
 * In a first period (Cyber 1.0), each application was developed as a stand alone system crunching information that was explicitly entered or generated for such application. Very few network protocols were available and used mostly within one application. In this context traffic analysis is concerned with parsing the protocols and present the users with a humanly readable view of the data they carry.
 * Cyber 2.0 begins as different applications use a growing number of protocols to exchange data and people use such applications to communicate. Cyber traffic analysis 2.0 shifts focus from protocols and data visualization, to verifying human defined relations and rules on network data to check policy compliance.
 * In Cyber 3.0 information is exchanged between people and machines that support them in their physical life and among machines that rely on the outcome of each others processing to produce more refined information. Cyber traffic analysis 3.0 is about leveraging machine-learning techniques to understand data traveling on the network to infer user activity, automatically identify threats and anomalies. Web 3.0 is a key enabler of Cyber 3.0 as it provides information already tagged with its semantic.

It is in the context of Cyber 3.0 that the Pentagon defined its Cyberstrategy 3.0 as presented by Deputy Defense Secretary William Lynn during a keynote speech at the RSA 2011 conference. In his Cyber 3.0 strategy, Lynn stresses a five-part plan as a comprehensive approach to protect critical assets. The plan involves equipping military networks with active defenses, ensuring civilian networks are adequately protected. Cyber 3.0 technologies will be the key to enable such protection, and is achieved when the semantic Web’s automated, continuous machine learning is applied to cybersecurity and surveillance. Cyber 3.0 will be the foundation for a future in which machines drive decision-making. But Cyber 3.0’s ability to deliver greater visibility, control and context has far-reaching implications in our current, hyper-connected environment, where massive amounts of information move easily and quickly across people, locations, time, devices and networks. It is a world where human intervention and intelligence alone simply can’t sift through and analyze information fast enough. Indeed, arming cybersecurity organizations with the incisive intelligence afforded by this machine learning means cybersecurity incidents are identified and security policies are enforced before critical assets are compromised.

= Enabling factors =

The Internet is in constant evolution and growth: access, content, and application creation and consumption are growing exponentially. As the web has been evolving form Web 1.0 to Web 3.0, the Internet has seen gone form narrowband to broadband, from kilobits to gigabits, from talking people to talking things, from office/home users to mobile users who are always on and always on the move. As people use a growing collection of devices to stay connected (i.e., laptops, tablets, smartphones, televisions), they change the way they work and collaborate, the way they socialize, the way they communicate, and the way they conduct business. All of those device represent a new opportunity to access information and to offer information about users and about their interests. This translates into an enormity of digital information and devices. Cisco estimates that by 2015, the amount of data crossing the Internet every five minutes will be equivalent to the total size of all movies ever made, and that annual Internet traffic will reach a zettabyte — roughly 200 times the total size of all words ever spoken by humans. Similarly, the number of connected devices will explode in the next few years, reaching an astonishing 50 billion by 2020, especially as the Internet will complete its next evolution into the Internet of Things.

While this interconnectedness indeed enables extremely useful services that can support people in their everyday life and endless opportunities, it also lends itself to all sorts of threats The variety and number of endpoints — so difficult to manage and secure — invite cyber breaches, and their hyper-connectivity guarantees the spread of cyber incidents as well as a safe hiding place for malicious machines and individuals engaged in illegal, dangerous or otherwise unsavory activities.

= Challenges =

In the above context, there is a cyber component to our everyday lives: anything we do in the cyber world can be effortlessly shifted across people, locations, devices and time. While on one hand, Cyber 3.0 can facilitate the process of knowledge discovery and sharing among people and machines (increasing performance and productivity and enabling faster interaction), on the other, companies of all sizes and even individuals must now be concerned with securing their information, which might amount terabytes and petabytes of data. That data enters and leaves enterprises and personal devices at unprecedented rates, and is often stored and accessed from a range of locations, such as from smartphones and tablets, virtual servers, or the cloud. On top of all this, all the aforementioned endpoints have their own security needs, and the cybersecurity challenge today lies in how to control, manage and secure large volumes of data in increasingly vulnerable and open environments. Specifically, cybersecurity organizations and solutions need to offer ways to:
 * Ensure visibility by keeping pace with the unprecedented and unpredictable progression of new applications running in their networks
 * Retain control by staying ahead of the bad guys (for a change), who breach cybersecurity perimeters to steal invaluable corporate information or harm critical assets
 * Position themselves to better define and enforce security policies across every aspect of their network (elements, content and users) to ensure they are aligned with their mission and gain situational awareness
 * Understand context and slash the investigation time and time-to-resolution of a security problem or cyber incident.

Unfortunately, current cybersecurity organizations and solutions fall short in realizing the above mostly because they require human intervention to manually correlate growing, disparate data and identify and manage all cyber threats. And human beings just don’t scale as fast as the Internet has been growing. There is where Cyber 3.0, with its focus on machine learning and computers being able to independently gather, make sense and correlate information becomes key.

= Enters Cyber 3.0 =

Indeed, given the great velocity, volume and variety of data generated now, cyber technologies that rely on manual processes and human intervention — which worked well in the past — no longer suffice to address cybersecurity current and future pain points. Rather, next-generation cyber technology that can deliver visibility, control and context despite this confluence is the only answer. This technology, called Cyber 3.0, is achieved by applying machine learning to every cyber-related aspect, from security, to surveillance, to assisting users in their cyber and real world actions.

In Cyber 3.0 human intervention is largely removed from the operational lifecycle, and processes, including decision-making, are tackled by automation: data is automatically captured, contextualized and fused at an atomic granularity by smart machines, which then automatically connect devices to information (extracted from data) and information to people, and then execute end-to-end operational workflows. Filtered, pre-processed, and summarized facts are presented to analysts and end users, possibly proactively (i.e., even before they know they need them). Hence, people only make a final decision, rather than having to sift through massive piles of data in search of hidden or counter-intuitive answers. In cybersecurity, for example, analysts are relieved from taking part in very lengthy investigation processes to understand the after-the-fact root cause.

In the Cyber 3.0 era, semantic analysis and sentiment analysis will be implanted into high-powered machines to enable computers to implicitly receive input from people. Specifically:


 * Dissect and analyze data across disparate networks
 * Extract information across distinct dimensions within those networks
 * Fuse knowledge and provide contextualized and definite answers
 * Continuously learn the dynamics of the data to ensure that analytics and data models are promptly refined in an automated fashion
 * Compound previously captured information with new information to dynamically enrich models with discovered knowledge

= The case of Cybersecurity 3.0 =

Security will certainly be aybersecurity organizations and solutions to better control networks via situational awareness gained through a complete understanding of network activity and user behavior. This level of understanding is achieved by integrating data from three different planes: the network plane, the semantic plane and the user plane. The network plane mines traditional network elements like applications and protocols; the semantic plane extracts the content and relationships; and the user plane establishes information about the users. By applying machine learning and analytics to the dimensions extracted across these three planes, cyberse major concern in the Cyber 3.0 era; but also Cyber 3.0 technologies will provide valuable tools in support of cybersecurity that companies of the likes of Narus, Inc. are including in their arsenal. These will enable ccurity organizations have the visibility, context and control required to fulfill their missions and business objectives. Clearly, these three attributes are essential to keeping critical assets safe from cybersecurity incidents or breaches in security policy. However, achieving them in the face of constantly changing data that is spread across countless sources, networks and applications is no small task — and definitely out of reach for any principles or practices that rely even partly on human interference. Moreover, without visibility, control and context, one can never be sure what type of action to take. By virtue of machine learning capabilities, Cyber 3.0 is the only approach that can rise to these challenges and deliver the incisive intelligence required to protect our critical assets and communities now and into the future.
 * Visibility: Full situational awareness across hosts, services, applications, protocols and ports, traffic, content, relationships, and users to determine baselines and detect anomalies
 * Control: Alignment of networks, content and users with enterprise goals, ensuring information security and intellectual property protection
 * Context: Identification of relationships and connectivity among network elements, content and end users

= References =