The self-healing software that fights back against hackers
The “self-healing” software is being deployed by the ABN-AMRO bank, and researchers say that they are the first major institution to utilize such a method in the fight against cybercriminals.
Patching software is a vital part of the cybersecurity process. Indeed, data released a few years ago by the Ponemon Institute suggests that 60% of all cyber breaches in 2019 were as a result of unpatched software in some way. The report reveals that attackers aim to exploit a window between flaws being identified and them being patched by the vendor.
They suggest that poor organizational coordination, data being stuck in silos, and insufficient spending on detection and remediation mean that the window between detecting an issue and patching the flaw is around 12 days. Worryingly, the window for fixing the most critical vulnerabilities is 16 days.
The report went on to highlight the growing costs associated with patching vulnerabilities, with the researchers suggesting a 34% increase between 2018 and 2019. What's more, there was also a 30% increase in downtime as a result of delays in fixing vulnerabilities, with the overwhelming majority of organizations planning to hire additional staff to work specifically on patching, which obviously carries its own costs.
It's perhaps no surprise, therefore, that automated patching is a service that is increasingly in demand, especially as so many critical applications simply can't be taken offline while holes are repaired.
One of the pioneers of this approach is the Netherlands Organisation for Applied Scientific Research (TNO), which recently outlined an approach that is modeled on the way the human immune system fights off viruses. The “self-healing” approach is being deployed by the ABN-AMRO bank, and the TNO says that they are the first major institution to utilize such a method in the fight against cybercriminals. They don’t believe they’ll be the first for long, however, with others, including Rabobank, ING, and de Volksbank keen to test the waters too.
“Self-healing security software looks very promising. We are continuously exploring and experimenting with new technologies to see how much security they will be able to offer in the future. It’s a good way to learn from bioscience and to apply this knowledge to our IT systems,” says ABN Amro CISO Martijn Dekker.
Inspiration for the project came from the way the human body fights viruses and is able to renew itself. This core concept was translated into the cybersecurity realm as cybercriminals are just as ingenious at coming up with new ways to attack organizations as viruses are the human body.
The decentralized system is not only able to repair itself but is also able to understand the optimal time to do so.
The system is based on Kubernetes, which obviously comes with the capability of renewing and rebooting built-in. The new platform builds on this and allows containers to renew themselves at frequent intervals. The developers believe this creates more opportunities for thwarting cyberattacks.
There is, however, a fundamental difference between computer systems and our own immune system, which revolves around the principle of disposability. The human body does replenish its own cells, but it tends to do so periodically. This ensures that while cells can become infected without being noticed, they only make us ill temporarily. Our immune system also regularly uses this replacement process to eradicate cells that are suspected of being infected, with these infected cells then replaced by healthy ones.
If our IT systems were able to replicate this disposability principle it would provide them with a number of benefits in terms of the cybersecurity they can provide. For instance, the human immune system is able to protect even against attacks that haven’t been identified, which would be hugely beneficial for IT systems as organizations are far from able to detect cyber attacks quickly enough at the moment.
Disposability would also enable cybersecurity teams to automatically intensify the protection they provide to systems in the event of an attack.
This has traditionally been an area that has challenged IT experts, and the TNO set out not only to overcome it, but do so in a way that is decentralized and can respond precisely when required.
“Large organizations such as banks have problems with cyber attackers who keep coming up with something new. This software offers them protection by limiting the options of attackers,” says Bart Gijsen, the project leader of the Self-Healing Security project at TNO.
The software has been made available to the public via GitHub and the team hopes that doing this will not only help to ensure it's widely used but also adapted and improved.