Welcome to Part 2 of Cryptyk’s Threat Analysis Series where we evaluate each of the 5 major threats to the cloud for enterprises. In this article we will analyze internal threats, and how Cryptyk’s hybrid blockchain technology acts to counter the diverse vulnerabilities they present. Where our last article on combating external threats highlighted Cryptyk Vault as the key platform, this article switches focus to our second decentralized platform, Cryptyk Sentry.
The Nature of Internal Security Threats Internal security threats represent the unauthorized disclosure or theft of confidential data by disgruntled or disloyal employees, contractors, analysts, consultants, and even business partners who have worked with an organization. These “bad actors” take advantage of their internal authorized access to an enterprises data to give or sell that data to competitive interests for numerous personal reasons. However, the most common form of internal threat is in fact due to accidental disclosure which makes up a whopping 18% of all data security breaches. When added to the 8% of breaches due to bad actors, internal security breaches account for over one in four of all enterprise security breaches (see right).
Malicious intent coupled with direct internal access to an enterprises data can express itself in a wide array of potential attacks, from copying valuable files and information, to direct sabotage of operating systems.Due to disclosure laws and public lawsuits, internal security breaches are only usually publicized when there is theft of intellectual property or valuable commercial information. However, kept quiet from the public are cases of internally executed fraud, compromised customer data, and direct system sabotage that are growing every year. Enterprises generally do their best to keep secret these severe internal hacks because they can severely affect the public perception of trust in their products or services.
Why are they so hard to protect against? For presenting such a high risk, these threats also prove significantly harder to defend against than external threats. Insiders can access critical systems without having to work through a firewall or software that monitors external access, and most have legitimate reasons to use the files and systems they wish to compromise. Predicting the timing of these attacks is also difficult, as bad actors can execute these breaches months before they leave the company, or months after by creating fake employee profiles in the system. Truly skilled individuals can compromise a company real-time, without any plan to leave their ever leave their employment. Such breaches can continue for years.
Furthermore, not all who get inside access are employees that can be easily monitored. Third party firms, analysts, vendors and contractors often work with an enterprises sensitive information. In the worst case, most IT employees have high level security clearance, or are systems experts that can cover their tracks and lock other people out. How do you prevent damage when your top security people go rogue? The internal security problem is a complex one to solve, with a myriad of possible scenarios and attach surfaces to protect. The ultimate solution requires the constant monitoring, recording, auditing and predicting of all potential insider activities and user behavior. It also requires very granular control of access to all confidential files.
Sentry Blockchain Engine
Cryptyk's Sentry Solution In Part 1 of this series we detailed how Cryptyk Vault stores user files in encrypted, distributed pieces that are only reassembled and unlocked when an authorized user accesses them. Each file has six encryption keys and the user shares files by sharing these keys. Every single file has a highly granular set of user access permissions that can be set. The creator, owner or administrator of an individual file or folder can set varying levels of authorized permission for other users. This includes MFA requirements and time sensitive access for viewing, storing or sharing individual files. Moreover, every time a file is shared to someone outside an enterprise, this requires that person to register for a free, entry level Cryptyk account. In this way both internal employees and external contractors can be monitored and tracked. This ability to track files once they leave an enterprise, combined with granular file access control is essential for effectively tracking confidential enterprise data and predicting user behavior. However, it is only the first part of providing comprehensive internal security protection. How information is stored, processed and analyzed is the remaining part of the solution.
Cryptyk’s Sentry is a decentralized blockchain ledger that acts as a permanent, immutable database and network security engine. All user access activities and file sharing events are first approved and then recorded on the blockchain network. The Sentry design uses 20+ blockchain nodes to process security-related algorithms that act as a “Proof-of-Security” consensus platform. Only once the integrity and security of a user access or file sharing event has been approved by the majority of nodes can it proceed. And every event is recorded on the blockchain for a permanent record of all enterprise data activities. This architecture can be applied to public blockchain, private permissioned blockchain or a mix of both designs. Hence the Sentry platform can accommodate both enterprise users and individual consumers with varying degrees of privacy and authorized permission levels. This is truly a “one-size-fits-all” solution for enterprise and consumer security and storage.
To maximize the power of the Sentry platform it must also be integrated with Artificial Intelligence (AI) tools. Use of AI tools to analyze the blockchain database enables network administrators to not only monitor and track user behavior, but also to predict attempts at future security breaches in real-time. Predictive user analysis can be utilized to restrict access and quarantine files, at the first sign of potentially disloyal or careless behavior by employees. Moreover, AI is also the only solution that can monitor an enterprises most senior IT and cyber-security experts. When you can’t trust any employee 100%, your only solution in monitoring your most senior insiders is to use a computer as your final guard or sentry. Note that Cryptyk is an official IBM embedded partner and has full access to IBM’s suite of powerful AI tools to use for product development.
There is one final internal threat that we are also working to protect against with Sentry. That is the threat of an employee using the “Print Screen” button on his computer or taking a photo of his screen. Cryptyk is develping a unique solution for this potential problem by creating a new “eyes-only” browser technology for viewing encrypted decentralized files stored on Vault. Note that any files stored on Vault do not exist as a whole anywhere on the cloud. They can only be viewed while in the temporary memory of the Sentry security engine via Cryptyk’s unique browser interface. While the browser does not appear in print-screen data and only allows randomized portions to be captured by camera, it is still easily viewable by the human eye. This eyes-only feature will be added as a later upgrade approximately 6 months after the release of the complete Vault + Sentry hybrid platform in Q1 2019.
To combat the myriad of internal security threats, Cryptyk Sentry combines constant monitoring of all user access and file sharing, storing an immutable record of activity to audit, utilizing powerful AI analysis for predictive tracking, and a new form of browser display technology. When integrated with the granular file management offered by Vault, the result is a dramatic improvement in internal security and enterprise data integrity.