What is Behavior Computation and how is it different from Vulnerability scanning?
WHAT IS BEHAVIORAL COMPUTATION?
Behavioral Computation is a cybersecurity category for application security based on the ability to compute the behavior of software. It analyzes code to discover malware behavior in executables, and evasion techniques that signatures and sandboxes cannot find. The approach is scalable, proactive and adaptive approach to timely mitigating risks.
Behavioral Computation has advantages over static testing and dynamic analysis. As an automated process for rapid detection and response, it requires a smaller workforce and significantly reduces the costs in software development in testing. The throughput, quality of results, and span-of-control are improved with no additional expense to users.
Behavioral Computation can identify malicious behavior within software and can rapidly detect sophisticated cyber-threats. This is done by mathematically computing the behavior of software providing greater visibility into malware and advanced cyber threats. Behavioral Computation applies the mathematical foundations of denotation semantics to compute the behavior of software. It reveals the deep meaning of software, and then expresses it as individual cases of behavior that the software can produce. As a result, the effects of both legitimate functionality and malicious operations are computed and revealed in a human understandable format to identify vulnerabilities.
According to Ian Horswill, Professor of Computer Science at Northwestern University, the underlying definition of Behavioral Computation involves the manipulation of representations by following some specified procedure. “Since all computers store data as bit strings, there’s no reason we can’t store a procedure written for one computer in the memory of another. Given that, we ought to be able to write a meta‐program for one computer that reads and executes programs written for another. The meta‐program would make the new computer behaviorally equivalent to the old one: it could interpret/execute the programs of the original computer.” What is computation (northwestern.edu)
The social media platform LinkedIn is using a form of behavior analytic computation that utilizes simple arithmetic and logarithmic operations on one or a few existing raw features to capture the key anomalous patterns from bot-driven attacks. The have determined that using Behavioral Computation has brought significant improvement in their cybersecurity response time and defense coverage on sudden attacks.
“The idea of behavior analytic computation is to capture the key bot/automation signatures hidden among the existing feature values or numbers—these signatures can be preserved even if the features are constantly changed. It intelligently utilizes simple arithmetic and logarithmic operations to transform existing features into more robust ones in constant time.” Leveraging behavior analytic computation for anti-abuse defenses | LinkedIn Engineering
The Behavioral Computing innovative approach to security assessments is at an early stage moving from syntax to semantics where problems are recast in a form that enables effective solutions that were previously unavailable. This recast is enabling as the scope and fidelity of Behavioral Computing are continually being augmented by newer algorithms and machine learning technologies to pinpoint vulnerabilities and mitigate cyber incidents.
WHAT IS VULNERABILITY SCANNING?
Vulnerability Scanning is a testing process to help find and identify weaknesses and threats in the network and devices. The result of a vulnerability scan is a report that can be used by the IT and/or those responsible for cybersecurity. Vulnerability Scanning involves running software from a database to detect points of entry and compares known flaws, configurations, anomalies, missing patches, and often matches threats found in malware libraries. Vulnerabilities can be created by software errors, buffer overflow, or by SQL injection attacks and OS command injections. Vulnerabilities can provide attackers with the opportunity to exfiltrate data and infiltrate networks and systems.
Although there are several approaches and methods for scanning, there are three basic scanning category types:
External vulnerability scans target the areas of an IT ecosystem that are exposed to the internet, or not restricted for internal use. These areas can include applications, ports, websites, services, networks, and systems that are accessed by external customers or users.
Internal vulnerability scans, where the primary target of the software is the internal enterprise network. Once a threat agent makes it through a security hole, the threat agent can leave enterprise systems prone to damage. These scans search for and identify the vulnerabilities inside the network to avoid damage, as well as to allow organizations to protect and tighten systems and application security that are not exposed by external scans.
Environmental vulnerability scans are based on the specific environment of an enterprise’s technology operations. These vulnerability scans are specialized and are available to deploy for multiple technologies, such as IoT devices, websites, cloud-based services, and mobile devices. Description Source: What is vulnerability scanning, and how does it work? (redlegg.com)
The weakness of a vulnerability scan is that is only searching for known vulnerabilities so if is not in the database or library, the gap or threat may go undetected. The scans are targeted to those vulnerabilities that in exist mostly in isolation which misses many other potential threats that may have linkage. Also, if you have an organization that has a multitude of IT infrastructure, servers and devices, and data sources, it can be challenging for the cybersecurity workforce to analyze and understand the context of vulnerabilities discovered in a scan, often creating false positives. Finally, vulnerability scans must be run often to be effective as new software and hardware are introduced to the network. That can be time consuming and costly.
As the cyber threat landscape becomes increasingly complex, it is important to understand what options are in a toolchest to detect and rapidly respond to threats and understand the applications for Behavioral Computation and Vulnerability Scanning.