Customers Voice Concerns Over Rule-Based Systems in APAC

We just completed the 7th Cyber Defense Initiative Conference 2007 in Bangkok.   There were more than 700 attendees in the main conference hall and nearly 300 people in the exhibition areas, bringing the total of attendees to approximately 1000 people, according to the conference organizers.

I had many opportunities to discuss event processing and security with a number of Thai business executives, most of whom have technology-related doctorate degrees from the US and Europe, including directors from the National Science and Technology Development Agency (NSTDA), the National National Electronics and Computer Technology Center (NECTEC) and some of the largest telecommuncations and financial services providers in Thailand.

Most of the business leaders expressed an interest in Bayesian and Neural networks for event processing applications related to security and cyber defense initiatives.     These business and technology leaders also mentioned that rule-based event processing systems are not feasible for most enterprise classes of cyber defense applications.   This seems to confirm what I have been posting on this blog, expressed by customers and scientists who are hands-on experts – rules-based systems are useful for some cyber security and cyber defense applications, but most advanced detection techniques require a self-learning, statistical approach.

I also heard from experts that you can find just about every cyberfraud imaginable in the Asia Pacific region, where criminals are aggressively seeking to exploit and profit from any vulnerability they can find.   A CTO of a major telecommunications provider mentioned very positive results with an implementation of neural networks in cyber defense applications.    

This week I am speaking at another conference.  I’ll try to report a bit more on the 7th Cyber Defense Initiative Conference 2007 in Bangkok when things slow down a bit! 

In closing today, Dr. Prinya Hom-Anek, CISSP, CISA, CISM, SANS GIAC, GCFW, CompTIA Security +, founder and acting president of TISA and his ACIS Professional Center team did a fantastic job organizing and hosting the conference.    The conference was one of the best conferences I have attended, to date, in 2007.

Timer and Time-Based Events

Opher asks in his blog, Is there a non-event event ? on absence as a pattern.

All “non-event” examples that the event processing community has offered, to date, have been based on the premise that an event is created when something does not happen based on time, schedule or a timer – and many seem to want to refer to this as a “non event.”

Opher is now calling this situation an “absent event.”

In my opinion, the correct term should be a “time-based event” because the event is triggered by a timer or similar time-based object; the term “non-event” should be dropped from the event processing glossary.

CEP and SOA: An Event-Driven Architecture for Operational Risk Management

Here are the details for my December 12, 2007 presentation at The Asia Business Forum: Information Security Risk Assessment & Management, Royal Orchid Sheration, Bangkok, Thailand:

11:15 – 12:15

CEP and SOA: An Event-Driven Architecture for Operational Risk Management

—  Review the business and market drivers for event-driven Operational Risk Management (ORM)
—  Learn about Complex Event Processing (CEP)
—  Dive into the details of the CEP reference architecture
—  Understand how to integrate SOA, CEP and BPM for event-driven ORM