Leonardo invests in machine learning to increase IT security

Leonardo invests in machine learning to increase IT security

Italian institutions and companies have an IT security problem. Only in the course of the last week two different types of malware have paralyzed first some Milanese hospitals and then a series of institutional sites including that of the Senate and of the Defense.

According to the director general of the cybersecurity agency national Roberto Baldoni there is a need for a technical intervention on skills but above all cultural to make the population understand that digital risks can have a great impact even on offline life.

According to a recent Censis report, in fact 40% of Italians do not even know what the word cybersecurity means, and about a third of executives say they know little or nothing about it.

In this context, Leonardo, an Italian company listed on the stock exchange and active in the defense, aerospace and security sectors, has launched a software renamed Cyber ​​Information Superiority, which aims to bring together and a single place different axes of intervention for the IT security of organizations and companies. Above all, the software is designed to create a vast and constantly updated database of threats that can be used at any time to prevent attacks or minimize their effects.

sportsgaming.win talked about it in more detail with Massimo Tedeschi, Innovation manager of Leonardo's Cyber ​​& Security Solutions Division, who explained how the software works and what is the basic philosophy from which it moves.

Massimo Tedeschi by Leonardo Leonardo What does Information Superiority consist of and how can it be applied?

It is an ecosystem made up of a series of platforms aimed above all at having a single point where you can manage information related to cybersecurity. In this way we have created a place where you can get to know the hostile actor, his modus operandi and also his target audience, so as to understand the type of attack that may occur or has already occurred. For example, if we discover that there is a person moving for economic reasons, then we might expect ransomware, while in the presence of a state actor it is preferable to steal strategic information.

One of the pillars of Cyber ​​Information Superiority is Threat Intelligence, which in practice is a huge database of threats that is always updated and enriched by data from many internal sources (i.e. the malware analysis activity of our analysts ), external sources (such as other companies in the sector) and open sources of the Osint type, which give us information on new trends in cyber threats.

What can you do with the information you collect in this way?

In practice, we are able to quantify the extent of the problem created by the attack and very effectively implement the second pillar of intervention, that is, what is technically called threat hunting, or the "threat hunting". In practice, we chase the traces left by the attacker to predict his moves and stop him very quickly.

Let's take an example: let's say that due to smartworking our company has greatly atomized access to its servers and that this vulnerability is used to send ransomware. With Cyber ​​Information Superiority, I will be able to see that there is something strange in the employee's PC, such as an item that is writing very quickly to the disk or a word file that is trying to connect to the internet. It is an anomaly that is immediately reported to us and allows us to intervene immediately.

And with this system is it possible to prevent threats as well as limit their damage?

Yes, it is the third pillar of intervention that is added to the creation of the database (Threat Intelligence) and the immediate tracking of a successful malware (Threat Hunting). One of the Information Superiority platforms allows you to analyze the files that arrive on the server, such as attachments that arrive via email, and immediately notify the user that an anomaly has been found.

It is a similar operation to that of antivirus, but more effective both because in the case of malware it manages to detonate the attack before it hits and because that information obtained is immediately shared with Threat Intelligence as well to update the system database immediately and close the information circle.

So I guess everything is based on AI and machine learning.

Yes, because in this way the system is able to learn from the threats it thwarts itself and tends to autonomously become more and more updated.

What kind of customer is a similar product designed for?

For now we are using it both for the Leonardo group itself and for some particularly large companies, first of all within the institutional world and large companies. However, with the complete suite just launched we will also be able to relate to smaller companies that work together with the big ones.

There is a strategically important element here: we are talking about an Italian proprietary software, which is very important from a perspective of digital sovereignty. The server on which sensitive customer data is stored is also in Italy and is subject to Italian laws. Let's imagine a system such as that of the Defense, as it is important that the most confidential and secret information is kept in Italy by an Italian company that respects Italian laws.

Powered by Blogger.