Corporate computer security tends to be reactive: When threats are detected, system managers work to limit the damage by strengthening firewalls and patching vulnerable sections of code. It’s hacker Whac-A-Mole.
“The typical response is to build higher walls and dig deeper moats,” said Ivan Shefrin, vice president of security solutions for TaaSera, a top provider of preemptive computer breach detection systems. “That approach doesn’t work. There is no way to control the boundary anymore.”
Ninety percent of all established networks already are infected with some sort of malware, Shefrin said. “The bad guys are already in.”
TaaSera, which recently opened a research lab at Penn State Behrend, uses pattern recognition and contextual analytics to mitigate the risk. Students in the new TaaSera Labs facility in Knowledge Park isolate and analyze malicious code and work with experts in the company’s Silicon Valley and Washington, D.C., offices to preempt future hacks.
“It’s similar to medical diagnostics,” Shefrin said. “We’re looking for early-stage symptoms and responding before the system gets sick.”
The lab is TaaSera’s first research partnership with a university. Two Penn State Behrend students and a recent graduate are working there.
“When you’re in here and looking at the code, seeing how it works, it humanizes what you see in the news, with these big attacks on Target, Home Depot and T.J. Maxx,” said Andrew Hankewycz, a software engineering major from North Huntingdon. “You can understand how it happens.”
Individual computers also are at risk, he said, even when users routinely screen them for viruses.
“You run an antivirus program on your computer, right? You trust it. You figure it will keep you safe,” Hankewycz said. “But the truth is, there is so much of this stuff out there. It’s everywhere, and you’re exposed to it from the second you turn your computer on.”
The Penn State Behrend students working with TaaSera will have an opportunity to publish their studies of emerging threats and improved network architecture. They also are contributing to the company’s open-grammar threat-detection systems.
“We aren’t just being taught,” Hankewycz said. “We are part of the learning process. We’re building something as we go along.”
That’s a key goal of the college’s computer science program, said Zhifeng Xiao, assistant professor of computer science and software engineering and supervisor of the TaaSera lab.
Xiao has developed new courses in computer security. He also introduced a certificate program in cyber-protection. The TaaSera partnership provides something more for students: hands-on experience in a real-time network security environment.
The demand for those skills will increase as hackers become even more sophisticated, Xiao said.
“You cannot underestimate the risk,” he said. “We see data breaches every few weeks, and the consequences are staggering.”
Few cases have been as damaging as the 2009 hack at Heartland Payment Systems, a Fortune 1000 company that processes credit- and debit-card payments for restaurants and retailers. The attack compromised approximately 100 million card accounts, costing the company $2.8 billion.
Since then, the threat has moved to new platforms, including smartphones and even Internet-connected appliances.
“As our lives become more digitized, this is going to be an even larger problem,” Xiao said. “When more of the items in our lives are connected to the Internet, more of what we do will be at risk.”