CARTA: A New Way of Managing Risk

IT security, as we know it, works a lot like physical security in that the goal is to do two things: let good people in and keep bad people out. If you show your badge to the guards and you have permission to access the room ahead, they will open the door to let you through. If you’ve been expected, the guards may whitelist you (or blacklist you).

The big problem, of course, is figuring out who are the good people and who are the bad people. This problem gets worse when there’s a huge volume of incoming traffic, such as an IIoT network, with millions of devices feeding back to a central server. The virtual security guards can only check so many badges at a time without slowing down the network or, even worse, allowing a malicious party to slip through. Whitelists and blacklists become exponentially more time consuming to update and verify.

Clearly, network security is going to require a new paradigm to keep up with contemporary demands. One possible solution is Continuous Adaptive Risk and Trust Assessment (CARTA) the proposed new solution from consultancy firm Gartner.

The fundamental concept of CARTA is that it’s time to move away from taking a set-it-and-forget-it approach to granting permissions to users and processes on the network. For example, imagine a user has been granted access to a folder containing sensitive documents. Most users need remote access these days, so they may access from a laptop that somehow becomes compromised, either through a virus or by being stolen.

Normally, at this point, there is nothing that the system administrator can do to prevent a breach. In fact, no one might realize that a breach has even taken place. Estimates suggest that the average breach goes undetected for 146 days globally.

The CARTA approach is to assess each individual access request as it comes in. In the example above, the security system would consider all details of the access request, including where it came from, how the user activated the request and whether the request fits into a typical usage pattern. The system then assesses the probability that the request is legitimate, and blocks it if the risk seems high.

Doing this requires a combination of analytics and artificial intelligence (AI), both of which are increasingly important elements of cybersecurity. Big Data does make it possible to identify patterns with such a degree of granularity that we can reliably spot irregular activity — already analytics is used to detect breaches that have gone unnoticed by conventional security means. The process of validating security requires robust AI, which must perform analytics and update security profiles in real time.

AI and analytics are both important parts of an IIoT network, where data from millions of devices must be swiftly collated and acted upon. So, it’s in this kind of network that we see how valuable CARTA can be. Each device is potentially vulnerable to hackers, but incorrectly blacklisting a device could have disastrous consequences.

The only plausible security solution is to have a dynamic, responsive system that uses analytics to let the good guys in and keep the bad guys out. Whether that’s CARTA or not remains to be seen, but Gartner certainly seem to be headed in the right direction.