BAE Systems Malaysia recently gave us a media tour of their newly launched NERVE Centre in the heart of Kuala Lumpur. Equipped with the latest and most sophisticated interactive technology that ranges from video presentation software that runs parallel with real time demonstrations; to interactive touch screens that allow immersive drag-and-drop and other selected functions.

The Threat Analytics Cycle

The Threat Analytics Cycle

During the media tour of the Nerve Centre, the company gave us a short run-down on how their Threat Analytics worked. Starting from the “Ingest Phase”, Security Analytics ingests data from the network and from threat intelligence sources, which then gets “Analysed”, pulling from their analytic models which have learned from extensive financial crime defense capabilities in the US and UK. The analysed data is then “Prioritised” to provide the security operations team with prioritised and actionable intelligence. Finally using their investigative software, they are capable of turning knowledge gained from threats into greater defensive power.

They shortly briefed us on their CyberReveal Investigator software, where their CyberReveal Analytics were categorised into Beaconing, Infiltration, Persistence, and Pivoting. Beaconing is an act where a threat tries to contact their home, allowing a hacker to know that their threat has infiltrated the network and is also reachable. If the software detects an irregularity it will instantly filter and prioritise the most suspicious cases. This is followed by Infiltration, as the threat has already infiltrated the system, where the software quickly investigates the network and security analysts are ready to stop the threat before it spreads even further.

The user-interface of BAE System's CyberReveal Investigator

The user-interface of BAE System’s CyberReveal Investigator

With graphs, an analyst can map out a situation, giving a clearer outlook on the task at hand. They are then capable of sending out tickets for immediate action or to to keep close attention in case it could be a false alarm. Next is Persistence, where threats are already in the network and files have been modified suspiciously. The investigator filters out the suspicious cases for analysts to watch to ensure integrity is maintained. Finally there is Pivoting, where a compromised system is used to attack other systems within a network, which can be detected by the software and given remedial actions.