20 December 2014

From Weapon Systems to Managed Information Security Services

24/7/2014

The technological developments in the field of cyber have compelled the defense industries to change – and fast. "We are competing in an arms race where the bad guys are winning", says Esti Peshin, Director of Cyber Programs at the ELTA division of IAI

"We are competing in an arms race where the bad guys are winning,” explains Esti Peshin, Director of Cyber Programs at the ELTA division of IAI. “You are always one step behind the hackers’ technology. Organizations are beginning to realize that.” 

Peshin explains that one of the main problems faced by the information security world today is the long time constant required for the assimilation of new solutions. In effect, says Peshin, it is a time-consuming process that can take between 18 months and three years. “Information security is like a balloon – a pin is all you need in order to burst it, but in order to protect it you must see to it that the pin cannot be driven into any point in its surface area. The same with cyber. The bad guys have the advantage because all they need is a pin. This is why they are ahead. Organizations are vulnerable and are normally positioned three years behind the hackers.” 

The Transition to Managed Services 

In order to cope with the challenge, organizations implement working methods that would enable them to shorten the assimilation of protective products. One of the solutions is to change from boxes to managed services (MSSP, Managed Security Service Providers). In this way, assimilating a new technology or a new capability can be accomplished quickly. In this configuration, the organization does not install products. Instead, it is remotely monitored by the systems of the service provider. It should be noted, however, managed services are not suitable for every scenario. 

When do you choose managed services and when do you opt for boxes? Well, the main difference stems from the extent of integration of the system you want to protect. Some systems, like CRM, ERP or the billing system are installed at the very core of the organization. These systems are linked to all of the organizational systems and protecting them through managed services will compel the client to expose to the service provider the most sensitive information of the business, a fact that normally does not take place in real life. In such cases, the client will prefer to purchase products, install them on the premises and manage the task of information security on his own. 

Conversely, in the case of such “peripheral” services as IPS, FW or IDS, managed services can provide an adequate solution. In most cases, these services monitor the organization’s incoming or outgoing communication channel, so in the context of this scenario a service provider will be able to protect the organization without the organization having to expose sensitive information to that service provider. 

The working model of the service provider consists of a main operations center that provides services to various subscribers. The service provider ensures the survivability of the services (normally by dispersing the service to several server farms around the world), he ensures that his infrastructure is protected, and most importantly – he keeps the service current with all of the updates and patches, so that the subscriber always benefits from the most current protective service. 

“According to this outlook, the service provider establishes the infrastructure at his expense and the subscriber pays for the service. A similar model is used in the cellular world. We at IAI have opted for this model, and in order to find subscribers, we associate with local service providers in the various countries,” explains Peshin. “In most cases we aim for countries where regulation is in effect, so the managed services make it possible for the organization to comply with that regulation without having to invest millions in a new infrastructure.” 

Another advantage of the service provider model stems from the ability of IAI to serve as a sort of “mediator” of new technologies between start-up companies on the one hand and government clients and big business operations on the other hand. This model is similar to the one used in the application stores run by Google, Apple, Amazon and others. At one end stand the young companies that have state-of-the-art products and are looking for clients. At the other end stand the major clients (who are normally very conservative) who seek a party that would assume responsibility for the services. 

“A defense, government or financial organization does not want to use a technology behind which stand three youngsters working out of a warehouse,” explains Peshin. “On the other hand, when the technology is offered under the hat of IAI, the objections of those clients disappear and they are more willing to hear about it. It is a win-win situation for us as well as for the start-up company.” 

Beyond the business consideration, such an ecosystem of a “serious” service provider alongside “young” start-up companies eventually produces a safer cyberspace for the end users, whether they are the companies themselves or their final clients. Why? Because the technological gap between the start-up companies and the hackers is smaller than the gap that exists between the hackers and those “veteran” companies. In other words, such an ecosystem narrows the gap between attack and defense. 

“In Israel there is an amazing scene of start-up companies. New technologies are being developed here all the time. At the same time, the clients we aim for seek an established service provider. There is a gap here that we bridge,” says Peshin. 

The connection between IAI and the world of start-up companies also benefits the regulators in the countries where IAI operates. “Regulators may be divided into two categories – regulators with teeth and regulators without teeth; enforcing regulators or ‘recommending’ regulators. Some of them actively pursue innovation while others are more conservative. We come in under a double ticket – innovation in the field of cyber as well as a ‘responsible’ defense industry,” explains Peshin. 

“The reality in the world is this: it is widely understood that cyber warfare is an unresolved problem. The regulator is constantly apprehensive about the attacker sabotaging his systems. Today it is easier to attack than to defend, so regulators are more open to listening to the industry. We preach innovation from every podium we can stand on. The only way to win and subdue the bad guys is through innovation and international regulation. I must admit that we are not alone. Other defense industries around the world speak the same language.” 

The Information Sharing Gap
Trends like innovation in protective solutions and the transition of such companies as IAI to managed services have, admittedly, improved security in cyberspace, but one of the primary challenges still involves the sharing of information among government, defense and business organizations; not just among organizations within the same sector or country, but between countries and between different sectors as well. In reality, nobody likes to reveal the fact that they had been attacked by hackers, regardless of the hackers’ original objective; most definitely not when it concerns the defense and government sectors. 

“There is a gap between the need for sharing information among organizations and what actually happens,” explains Peshin. “On the commercial level – organizations tend to avoid sharing for business reasons. On the political level – a state will not share information with a neighboring state owing to defense interests. At the same time, you currently see an increasing trend of information sharing on the levels where it is possible. One of the reasons for it is the ‘proxy problem’ – hackers who attack through countries other than their home countries. This problem may be overcome using technological measures, but for this – information must be shared, and the information in question is not necessarily confidential. In civil aviation, for example, they managed to do it.” 

One of the sectors leading this information sharing trend is the financial sector. In this case, it involves the sharing of intelligence information among banks. This situation exists within states, and international cooperation is starting to emerge. “Information sharing leads to a higher level of security. Our job is to provide the platform,” explains Peshin. 

Cloud & the Cross Markets

IAI’s tapping of the managed security services market has positioned it, in fact, as a competitor of such international IT corporations as IBM, HP and others. How does a defense industry “cross” the traditional line between defense and technology? Well, the answer is to be found in two elements: cloud and cyber. 

As long as organizations were purchasing traditional defense or traditional IT products – the differentiation was very clear. The problem arose when information security became both. Is protecting the blueprints of a future aircraft a defense task or a technological task? What about protecting the electronic mail of the defense industry? Alternately, is the Tzayad (Digital Ground Army) platform of the IDF a defense product or an IT product? What about securing the information in the UAV ground control trailer at Palmachim AFB? 

In fact, the more the military technologies and those from the field of IT are based on a cloud model (Network Centric Warfare in the defense jargon), so the line between the defense industry and the IT industry will become increasingly more blurred. 

“Everyone is trying to tap the cyber market. A diversified range of commercial and defense players are already operating in that market. All of them offer MSSP services. Each and every one of them has advantages and shortcomings and each one has its own niche markets. IAI can spread out beyond its traditional markets, and it does just that. So can IT companies trying to make their way into the defense world. Hence, there are places where IAI can compete with IBM or with other corporations. At the same time, the market is not overcrowded at the moment and there is room for everyone,” concludes Peshin.

No comments: