Cyber security breaches are a major threat to oil and gas companies, as they can lead to theft of intellectual property and consumer data, as well as orchestrated equipment and infrastructure failures. While network intrusion detection solutions have been on the market for quite some time, most have focused on a specific problem and are unable to work across heterogeneous data sources or large data volumes. In addition, while they may be able to detect known threats, they are generally unable to detect new and emerging threats.
To overcome these issues, companies are using the Maana Knowledge Platform to enhance their cyber security detection capabilities. For example, a Fortune 100 wanted to give their cyber security analysts the ability to test their hypotheses about “exploratory” phishing attempts. They suspected, for instance, that phishing attempts were typically sent from throw-away email addresses, targeted at small groups of employees and involved the use of different subject lines for each email to avoid spam detection. If they could confirm these types of hypotheses, cyber security analysts could configure their infrastructure to detect patterns, filter email traffic accordingly and funnel suspicious emails to investigative resources.
A proxy device was already logging basic metadata on every mail message passing through the corporate network. But this data was essentially unstructured, and with up to 40 events logged per email message and stored without order, it was impossible to analyze this data in its raw form. Using the Maana Knowledge Platform’s natural language processing capabilities, the company successfully identified hidden structural elements in this data; these elements included the unique ID number assigned to each mail message and aggregate unique log events for each email (such as date, time, domain address, sender and subject line).
Using this aggregated log data, subject-matter experts can now assemble the concept of a unique mail message and represent the data in a form that can be analyzed. Business analysts then use the platform to research, analyze, investigate and prove their hypotheses and ultimately define the conditions under which email should be considered a phishing attempt.
Going forward, cyber security analysts can quickly identify phishing attempts and dramatically accelerate the time it takes to investigate and contain potential threats. The company plans to integrate the platform with the company’s IT infrastructure so that new threat detection rules can be rolled out quickly across the enterprise.