In one of the largest breaches in 2018, Target Inc. was targeted by cyber-criminals who made away with critical information of 110 million customers. The information leak occurred through a vendor site where an unsuspecting employee decided to reply to a phishing mail. 2018 has seen enterprise level cyber-attacks and privacy breaches wherein global blue-chips like British Airways, Under Armour, and US Homeland Security were compromised.
The connected world is offering multiple windows of opportunities to cyber-criminals. IoT, smart cities, augmented reality, high smartphone penetration, and 5G are key enablers for the connected global village. By 2025, we would be interacting with a device every 6.5 seconds creating many touch points that can be a potential beachhead to launch a cyber-attack.
2018 has been an inflection year for cyber criminology. There have been more instances of AI-driven attacks. Attackers are leveraging the accuracy and data crunching capabilities of AI and machine learning to wage targeted cyber-war. AI driven attacks create convincing messages in large numbers thus bringing sophistication to phishing attacks. Hackers are using AI models to create malware that are capable to get past firewalls and security programs and effortlessly launch anonymous attacks. With time, these attacks are gaining sophistication as the machine learns more about the systems and fine-tunes its vulnerabilities.
With AI, protective security has also grown smarter. Practitioners are leveraging AI, machine learning models, and neural networks to proactively spot and prepare for such attacks.
Shift towards data driven security
Relentless sophisticated attacks are forcing security practitioners to re-think the security protocols. There has been a shift in IT-centric security to data driven security model which capitalizes on contextual detection, profiling, multi-factor authentication, data tagging, and adaptive authentication to prevent attacks. However, conventional methods are inadequate in responding to evolving attack strategies. Most of them run on business rules and are adept at functioning post-mortem analysis. This does not work in the new age where attackers take their time, lurking, grooming, and infiltrating systems.
This is where AI brings its own advantage to create smart, self-sustaining security systems. AI driven security supported by machine learning and big data can crunch an enormous amount of information to create pattern baselines. From these baselines, they can launch in to analyzing patterns and shifts that can be construed as threats. The blend of supervised and unsupervised learning helps in understanding historical patterns and emerging mutations of malware with a high degree of precision.
But with great power comes great responsibility. Every transaction cannot be construed to be of malicious intent. False positives and unwanted alerts can be a dampener for efficiency and customer engagement. Contextual intelligence plays a big role in creating an effective shield against attack lines with relevant findings.
Contextual intelligence is the king
Context brings clarity to any triggered security event. A contextually intelligent security platform can collect, parse, and reference data from diverse devices and applications. It is further integrated with a variety of data including compliance guidelines and blacklists to determine the threat perception. Earlier security information was limited to TP or DNS information, but with analytics it is possible to identify the origin of threats, detect the modus operandi, and extrapolate the future course of action and mutation possibilities. This security information architecture can be further scaled to gain deeper visibility into the threat ecosystem.
Creating a contextually intelligent security platform
End-to-end automation of security ensures that the diverse security technologies deployed across the networks work together to analyze the root cause of the attack along with relevant environmental information like commonality, reliability, associated attacks, and system vulnerability management. The sum of all information constitutes the contextual relevance of data.
First line of contextually aware defense is data parsing that extracts maximum information from the alert logs. All information including IP-addresses, hosts, ports along with data accesses, firewall details, proxies, mainframes, web gateways and extrinsic and intrinsic factoids are integrated together.
This is followed by enrichment and classification which will cut through the noise and add more meat to the security story line. For example, IP address classification and integration with geographical location will give more understanding about the attackers’ command and control server.
Big data analytics is further deployed to look for patterns in the log data. Cross correlation, complex event processing along with situational and behavioral analysis will build the holistic picture to understand anomalies, attack thresholds, and patterns in the alert data. Contextual intelligence builds through big analytics and AI will enable machines to create a response architecture that combats evolving threat perceptions with minimum false positives.
Contextual intelligence is an essential weapon in facing the cyber battleground. Self-learning machines driven by neural networks, big data analytics, and expert systems analyze the overwhelming information overload and build capabilities to combat future mutated threats.