Some Cyber attacks are fairly obvious - for example Denial of Service of Attacks. The effect of these whether coming from a single source or multiple (Distributed Denial of Service - DDoS) is the same, availability on the effected systems is reduced or curtailed altogether. While these types of attacks are problematic and expensive, they are ultimately survivable. There are many types of attacks that may pass completely unnoticed however - these attacks may be part of larger Cyber campaigns or represent preparation for future activities. These less obvious Cyber incursions are more worrisome.
One of the key problems facing Cyber Security today is simply the ability to determine whether an attack has occurred at all and furthermore determining its proper context.
The CCS Difference
Today's approach to determining whether or not an attack has taken place is based upon whether incident types that have been previously identified are loaded into perimeter security solutions (such as intrusion detection systems). The problem with this of course is that these solutions cannot anticipate new attacks except those which share characteristics similar to those already experienced. This approach is reactive and by its very nature can never become predictive.
The CCS practice on the other hand, recognizes that Cyber attacks can and do follow patterns, and that those patterns can be identified or extrapolated from activity. That's why we've built our solutions entirely around a semantic foundation.
