In 2017, the world was shaken by Wannacry and NotPetya, two devastating ransomware attacks that spread globally and wreaked havoc everywhere. “In an increasingly connected world such cyberattacks will keep happening, so we need stronger measures to contain and reduce the exposure of companies and individuals to similar risks,” says Alberto Pelliccione, coordinator of the EU-funded ProBOS project. “ProBOS has tried to shed light on such dark corners, acquiring data within an organisation that’s necessary to understand and discover when activities with a potential impact on security have been initiated.”
Smart platform resists and identifies current and future attacks
The ProBOS team built an automated, customisable, user-friendly endpoint security platform that gathers security information from a variety of devices like workstations, servers and mobile phones. It then processes such data using artificial intelligence (AI) to identify anomalies within seconds. Once a known or unknown threat is identified, the attacker’s activity is tracked and assessed in real time. This enables security teams to accurately reconstruct what has been done, and how and what kind of resources have been accessed. It also allows them to “protect the infrastructure by eradicating the attacker and closing the holes left as a result of the breach,” explains Pelliccione. No additional staff or skills are required. Project partners developed NanoOS, a software component that works outside the operating system of the device it’s working on. This represents a unique layer of protection. Thanks to its positioning between the hardware and the operating system’s software, the security layer is incredibly difficult to disable. The NanoOS guarantees the delivery of security information to analysts, even in scenarios where an active attacker is purposely trying to disable the security system. It tracks a threat from the beginning, and as it develops over time. The NanoOS will continue to retrieve information even if the system is completely compromised. The partners implemented a set of AI engines to analyse and understand in real time the behaviours of applications running on a device.
AI-powered threat response
The project team developed another AI engine that understands an infrastructure’s behaviour and looks for more signs of possible attacks in progress. It collects all this information in a so-called threat hunting interface, a type of search engine that allows analysts to actively search for behaviours that might signal a malicious activity in progress, like ransomware attacks or misuse of system tools. Lastly, team members extended the engines to mobile phones. This tightens mobile device security, helping users understand without any external help when a new application might actually behave suspiciously. ProBOS finished in 2018, but the consortium has invested much time in understanding how customers use the platform. The solution now has a new look and feel, additional performance benefits, increased usability and more analysis capabilities. “Thanks to the ProBOS core technologies, users gain complete visibility over their assets, something that was unthinkable just a few years back,” concludes Pelliccione. “They can search for signs of attackers as easily as they would do a Google search, and they can analyse and respond to incidents in real time.”
ProBOS, security, threat, cyberattack, NanoOS, AI engine