Cybersecurity threats and attacks have in recent years been on a consistent, upward trajectory. What’s even more disconcerting is the fact that they are getting harder and harder to prevent and fight against.
As a consequence, the world is looking everywhere for viable solutions so as to stay ahead of the bad guys. Similarly, cybersecurity professionals are trying hard to reinvent their strategies since current systems are clearly not working.
Among the top areas that have been garnering interest in recent days is the idea of establishing a cyber-ontology.
What is cyber-ontology?
Considering the definition of ontology, the concept of cyber-ontology might sound like Greek. It is mostly defined as a metaphysics branch dealing with the “nature of being.” But for clarity’s sake, cyber professionals have created their own definition.
Within this field, it is said to refer to “a set of concepts and categories in a subject area or domain that shows their properties and relations between them. Essentially, it means the science of defining relationships between elements.
Tracing the origins of the concept
Few cybersecurity experts are familiar with the idea of cyber-ontology. But in fact, the concept dates back several years more. There have been a number of organizations such as the CERT program in Carnegie Mellon University who have advocated for it.
As early as 2012, the organization’s staff members attended the First International Workshop on Ontologies and Taxonomies for Security (SecOnt). At the time, there was a proposition that the cybersecurity sector should construct a common language and set basic frameworks.
Using this language and frameworks, the community would be in a position to develop a common understanding – that is, an ontology.
The potential value of cyber-ontology
What are the potential benefits of adopting the cyber-ontology concept to fight threats and enhance security? Let us consider some of the most outstanding ones:
Holistic approach leading to new product capabilities
There are already security vendors who have adopted the emerging concept and are reportedly enjoying unique benefits. One such organization, Wandera, is using an ontological approach to describe vulnerabilities and risks.
As a result, the VP of Product at the company, Michael Covington, says that the firm has developed new capabilities. While in the past they looked at threats in isolation, now they are taking a more holistic approach.
They have consequently gained a better understanding of mobile risk and are building models capable of tracking threats, right from the vulnerability to the exploit and eventually to data compromise.
An alternative perspective
Another benefit of embracing the concept is the fact that it offers an alternative approach to cybersecurity. Clearly, traditional models are no longer effective and insisting on them is folly. But with this novel approach, there is a shift of focus and a likelihood of success.
Cyber-ontology focuses on data, following it through the entire cycle. It thus allows security professionals to analyze how various heterogeneous IT components interact with security ecosystems and how they impact each other.
It is thus a great choice for cyber risk management programs because it takes into account organizational tech infrastructure, the existing cybersecurity systems and their interdependence.
An upgrade to the Security Operation Center (SOC)
In the current SOC model, you will find a wide barrage of complex tools each of which has a common goal – keeping the enemy out and the data in. Unfortunately, each one of these tools often creates its own disparate incidents and data points.
The job of a cybersecurity expert is to analyze these disparate pieces of information and figure out what is risky and what is not. It is not exactly easy to figure out which alert or incident stems from a real event or which one is new or an old problem.
And the most unfortunate bit is that a single misinterpretation or the slightest oversight could easily translate into a disaster.
Instead of having each of these data points in its own silo, the ontological approach seeks to unify the separate data points. Having them in context makes it easier to get an overview of the full story, understand relationships and inevitably enhance security. Its capability of integrating and fusing security data could hold the key to transforming cybersecurity.
The time factor
Real-time application of cyber-ontology to incidents makes it possible for security pros to understand the true source and significance of an event in mere moments. On the other hand, using legacy systems could take hours or days, during which the damage can keep increasing.
Given the amount of data and the isolation of data points, it is easy to see why existing systems have loopholes and why they need plugging. Ontology takes advantage of the same data to improve agility and response times so as to allow for rapid handling of threats.
Does cyber-ontology have potential limitations?
Notably though, in spite of discussions taking place on the matter, not everyone is in agreement about its future potential. Some security professionals have expressed concern about the static nature of ontologies and their resulting inadequacies in cyber warfare.
Such concerns mostly have to do with the use of ontology for end-point security. In such cases, being able to deal with malware in real-time is the most critical thing. Admittedly, early definitions of cybersecurity based on ontology were to a great extent static.
A marriage of technologies
Even though the above concerns are valid, they fail to take into consideration crucial facts. Ontology has not remained static and has, in fact, come a long way since inception. In recent years, science has undergone an evolutionary process to make it better suited to current problems.
At present, ontology-based cybersecurity approaches incorporate artificial intelligence and machine learning among other technologies. This makes them capable of adapting to different environments and changes therein. It also means that ontological models can keep evolving using the data at their disposal to become better at detecting and mitigating threats.
With that in mind, they could be the magic bullet needed to augment behavioral analysis. They might have what it takes to stop cyber threats in their tracks long before they turn into widespread infections.