Seventy five years ago networks were primarily based on mechanical circuit switches, and the very few computers that existed were mostly isolated—that is not connected to communications systems. Most functions in society were controlled manually or mechanically. Telecommunications companies (hereinafter referred to as “telcos”) were the only entities that operated large complex networks. Information security was primarily a matter of physical security. Today, there are more computers on the planet than people. The difference between telecommunications equipment and computers is disappearing. Most large businesses, governments, etc. operate networks at least as large and complex as telcos'. Information security has become critical.
Over time, technology has developed to address the new security problems associated with telecommunications equipment and computers. For example, physical external barriers providing physical security have been replaced with new external software barriers to provide information security. Examples of these external barriers include: access control systems, virus checkers, firewalls, etc. Out of recognition that this new kind of security involved both computing and communications, this new kind of security has been called cyber security (cyber from cybernetics—the science of communications and control).
Because of the rapid development of information technology, many generations of cyber security technology have been developed and deployed. The result is that most organizations have a profusion of security tools, each focused on a specific problem and tied together (with each other and the underlying system) and being protected by security staff. At the same time, the attackers became more and more sophisticated. Criminal organizations have been joined by state sponsored organizations operating in a fashion similar to that of the privateers of old. The attackers are using sophisticated attack tools and pervasive automation to improve their effectiveness. So, the frequency of attacks and their number keeps growing dramatically while the cycle times (i.e., the time it takes attackers to sense that a new type of attack is being defended against and therefore change the attack) keep shrinking.
In this threat environment, the outer skin defenses of a system stop ˜95% of the attacks, but because of the number of attacks, the ˜5% that get through cause severe damage. As a result, people have begun to search for techniques of identifying attacks that have penetrated the outer defenses.