New approach needed to counter malicious software.

• Author: Johnston, Robert

(*) For the better part of a decade, network security has been overly focused on perimeter defenses. This has triggered a change in nation-level techniques for launching cyber-attacks.

The traditional concept of a "secure network strategy" hinges on the sophistication and monetary investment in technical countermeasures placed at network boundaries. Similar to physical, outward- facing protections at military installationssuch as sentry posts, these defensive technologies reside at the external boundaries of networks.

Shoring up external walls and "digging the moat" are believed to keep occupants safe and attackers out. But this mediodol- ogy typically leaves internal networks "soft" and vulnerable to attack as an unintended consequence of a perimeter security Strategy-

Modern cyber-attacks capitalize on a focused enemy, attacking where least expected. Millions of dollars in government research-and-development funding and startup technology companies have focused their business models on developing next-generation perimeter defenses. Companies market their next-generation firewalls that enforce network security policies that are based on applications, users and content.

Individual computer systems, however, are usually left to defend themselves with nothing more than common anti-virus solutions. Anti-virus software has repeatedly proven itself inadequate in defending against a moderately skilled attacker, let alone a nation-state. This sort of topology is commonly called the "M&M" architecture, which is a play on words describing the external hard candy shell (the network perimeter) protecting the soft gooey center (the vulnerable internal network).

The question is what are attackers really doing.

Autonomous logic is software that is capable of independently achieving a specific function without needing to receive further guidance or direction via instructions from an operator. This intelligent software relies on its ability to learn from the environment on its own, thereby overcoming obstacles independently. In this scenario, an adversary needs to bypass the perimeter defenses only once, at which point the software's autonomous logic takes control, fortifying and expanding throughout the internal network.

Cisco Systems defines a computer worm as "similar to viruses in that they replicate functional copies of themselves and can cause the same type of damage." In contrast to viruses, which require the spreading of an infected host file...