Location based threat detection

The way the long eared owl hears is quite incredible. Using asymmetrical placed ears is pretty clever on its own but the way the brain processes this information and converts it is something else entirely.

Long eared owl
Long eared owl

Placing the ears equidistant horizontally and vertically would be best if you wanted synchronised stereo sound. However by design this is not the case for the long eared owl. In this piece from asknature.org owls can hear in 3 dimensions.

The ears are set up so that even changes as small as 3 degrees horizontally can be detected. This detection is tracked by scientists using pupil dilation and then measured in the brain.

Fascinating then that the neurons firing to this detection are locationally mapped in the auditory response area of the brain corresponding to where the sound came from. Activity patterns higher up in the auditory centre of brain corresponding to an object higher up in real space.

In the security space we often look to ensure the clocks of all devices generating audit logs are synchronised. This allows a timeline of events to be generated in an incident on the hunt for attribution. In placing log event collectors the strategy is often aligned with the volume and type of events being collected. The logical placement in the kill chain is therefore often only coincidental and not used expressly as a measurement itself.

What if organising collectors positionally we could assist realtime threat detection. By placing collectors at kill chain boundaries (not just network zone boundaries) and collecting small indicators at scale from these boundary collectors themselves we could build a model of behaviour using collector meta data.

By placing a visual cue aligned to the behavioural changes in this meta data we could assist triage and hunter teams, indicating areas that may require further investigation or tuning. A map set up to blink and then expiry gracefully like the fabulous Isle of Wight sferics information, using blue light initially (see a future post on this phenomenon), could show the ryhthm of normal activity and anomalous behaviour traits.

Introducing Biomimicry

Nature has evolved over millions of years to produce design answers to complex problems. As the evolution of the security threat landscape continues we can seek answers to the most vexing information security challenges using the same design approaches. This is Biomimicry.

To get a great introduction to Biomimicry I cannot top this fantastic video from Janine Benyus.

Biomimicry

We need to look more closely at the amazing feats of biology, chemistry and nature in the wildest sense to examine :

How does nature automate using the most efficient methods and with scarce local resources to achieve brilliance?
How do non-sentient organisms defend themselves against unknowable threats?
How do you process more information than you can focus on to take instinctive action?
How do we build a secure digital future faster than others can tear it apart?

In a series of blog articles I will walk through an intricate design feat, explain in my own words why this design evolved and offer it up to a current security problem such as collecting security information to a central source by studying coral formation.

coral structure
Coral complex structures

Let us build a community of like minded individuals who are similarly inspired to generate a future generation of information security solutions.