[BreachExchange] Intelligent cyber-threats need to be countered by intelligent security

Audrey McNeil audrey at riskbasedsecurity.com
Thu Aug 31 19:52:26 EDT 2017


http://www.itp.net/614450-intelligent-cyber-threats-need-to-be-countered-by-
intelligent-security

Whenever a major cyber-attack creates a media storm, the technology
community inevitably engages in a lot of hand-wringing and soul-searching,
wondering just how safe the digital assets are. Now, following the recent
WannaCrypt ransomware campaign, organisations find themselves back in the
scare zone, asking: ‘are we doing enough to keep our corporate data safe?’
And we second-guess all kinds of ICT policies, such as internal training,
perimeter protection, credentials theft mitigations, hardening, incident
response and recovery, and cloud migration.

This kind of introspection is not only inevitable, but understandable.
However, the best-practice approach to getting our houses in order remains
the same – tailor security policy to the current threat landscape.
Considering that some 91% of advanced persistent threats begin with an
old-fashioned phishing con, the training of staff on basic cyber-sanitation
is, of course, an indispensable arrow in your security-quiver. Avoiding
untrusted websites; not clicking on a link within an email from even a
trusted source; not allowing external storage media to cross corporate
boundaries – these are all sensible policies and should be encouraged.

But human slip-ups will occur and some of these may lead to breaches. And
given that some of these threats can remain undetected for up to 146 days,
according to a recent study, I would like to discuss how technology
solutions can help your team and processes to reduce that residence
drastically.

The role of artificial intelligence in cyber security

The answer partially lies in the technique of user and entity behaviour
analysis (UEBA), a machine-learning method that automates monitoring of
your information system at the network and host layers, using advances in
pattern-matching and cognitive reasoning. Cutting-edge algorithms are used
to baseline an organisation’s network activity so that future anomalies can
be detected. Some of these anomalies will be dealt with automatically;
others will be quarantined so that human analysts can triage activities for
further action.

Of course, most organisations cannot afford the level of R&D required to
facilitate full UEBA-based cyber security, despite often facing stringent
compliance obligations that cry out for such solutions. This is where
migration to the cloud can help, rather than hinder, adequate protection
measures. Cloud service providers know that their very business models hang
on their ability to protect hosted client environments. Microsoft alone
invests round $1 billion annually into cyber security, as we are acutely
aware of the risks Indeed, on an average day we fend off about 1.5 million
attempts to compromise our systems, so machine-learning plays a huge part
in our current cyber-security strategy. In addition, we sink significant
R&D funds into developing other tools using various branches of artificial
intelligence (AI).

Strength in scale

But the very scale of large technology companies has become their strength,
as has their attractiveness to cyber-miscreants. They learn from each and
every attack, accumulating data from them, combining it with customer
reports, and funnelling all of it into intelligent security graphs. The
more they are attacked, the more they learn. And the more they services
they provide, the more relevant they get by understanding the wider
context. Because the information store is so extensive, future real-time
analysis can allow, for example, an email phishing scam out of Nigeria to
be linked with a denial-of-service attack originating in Eastern Europe.
Machine-learning-fed, forensic dot-joining like this allows instant
mitigation of a malicious campaign while allowing the service provider to
share the knowledge gain across its other platforms and services.

Between state-actor, hacktivist and money-minded attacks, today’s CISOs
face a seemingly impossible challenge. In 2015, a particularly vicious
incursion compromised the systems of more than 100 banks across 30
countries, with estimated losses in excess of $1 billion.  Meanwhile,
politically motivated cyber-cabals such as STRONTIUM and Red October target
government bodies, diplomatic missions, journalists and military
institutions.

The shift in concerns

But the very fact that CISO has become such a common role in the industry
is indicative of a fundamental shift in board-room attitudes. Where five
years ago, decision-makers were avoiding cloud migration because of
security concerns, they are now increasingly embracing it because of those
same concerns. They are now – because of commonplace, alarming headlines –
reaching the obvious conclusion that cyber-crime does not take holidays.
Consumer choice in Internet-connected devices (phones, tablets, TVs and
others) and their preference of living in smart cities that are more
connected, means more and more people are living their lives online. And
that means an expanding attack surface, which is fertile ground for
attackers.

It is worth noting that the analyst firm Gartner projects the public cloud
services market to reach around $385 billion in 2020, as more organisations
recognise the cloud as a security haven. The vast information pool
accumulated by cloud providers is fed on by a host of algorithms, modelled
on frameworks such as neural networks, heuristics, data science and
machine-learning. These algorithms identify attacks, spot and remove
malware, and come up with detections and possibly bug fixes faster than
human could. While more complex scenarios require that the system raise a
red flag to a human analyst, R&D teams still pursue an end game where
software takes care of every remedial step and delivers a worry-free
environment.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20170831/c3d485dc/attachment.html>


More information about the BreachExchange mailing list