Imagine an age where all cyber attacks could be predicted and terminated...in real time. In the near future, machine learning could very well make this possible. The film industry gives machine learning, and by extension Artificial intelligence, a bad name with a set of self-obsessed AIs running amok. Machine learning appears to be misunderstood to the point where banks are missing the advantage it can bring to cyber security.
We are looking at an ever changing playing field. In the old days, it was easier to have the latest security software on the market and be better than the other guy in managing your online security. In simple terms, the best way to survive an animal attack is to run faster than the next guy. This relied entirely on a reactive approach to tackling cyber security.
If one organisation was attacked or a new threat was identified, then security software companies were notified and a new signature-based solution was developed. Cyber criminals used to target easy to breach companies and make away with prizes that didn’t even scratch the bottom line.
Cyber attacks on government systems have increased by an estimated 35% in the last 3 years. We are looking at a new class of criminals: sophisticated, innovative and with access to resources that puts some small governments to shame. Their approach has changed as well, from sending malware to a multitude of organisations and hoping to get lucky to specifically targeting organisations through sophisticated attacks.
The Sony hack last year is an example where a sophisticated malware was used that would have probably slipped through 90% of internet defences out there. This required intricate knowledge of the security architecture of the targets and what defences they employ. Sometimes you don't even need that, as Kaspersky has highlighted in the "Great Bank Robbery" report which talks about the Carbanak malware which was systematically used to hack up to 100 financial institutions over a period of a few years.
In this instance, the malware was delivered through an email attachment to a number of employees in multiple banks, which, when opened, would create a backdoor. Once the attackers gained access, they performed manual reconnaissance over a period of time, identifying points of interest and planning an attack vector. Finally, the attackers used multiple cash out methods; the most innovative being able to control certain ATMs to automatically dispense cash to be collected by cash mules. Kaspersky believes that the total financial losses could be as high as $1bn.
So how can we use intelligent monitoring and proactive identification of threats through analysis to help improve cyber security? Enter machine learning. Machine learning involves teaching intelligent applications to perform human intensive tasks and then evolve based on rule sets and continuous monitoring. In the cyber world, this means creating technology that can monitor real time, identify anomalous behaviour and predict potential threats.
There are a number of companies that can do this, each focusing on a different angle of using machine learning to improve cyber security, such as DarkTrace, Cybereason, CyActive, CyberCanary, etc.
UK-headquartered Darktrace’s Enterprise Immune System technology, developed at the University of Cambridge, is one such system. Their ambition is to address the challenge of insider threat and advanced cyber attacks through detecting previously unidentified threats in real time using machine learning, as manifested in the emerging behaviour of the network, devices and individuals.
Another company of note is Israel-based Cybereason, which enables organisations to reveal real time complex hacking operations and automatically get the whole attack story. Using a real time machine learning and behavioural analytics tool, they can discover hints to hacker intentions and automatically tie together seemly unrelated activities into a coherent story of the attacker’s movement in the network.
Previously, such technologies lacked funding and industry backing to develop beyond concept. According to Gartner, global IT security spending will reach $76.9bn in 2015, which shows funding is no longer the issue but the industry’s mindset to cyber security is.
The Machine Learning Industry is building software that can be intelligent enough to learn and develop logic by analysing data behaviour and identifying previously undetected patterns. Such a task would require constant monitoring and analysis by large dedicated staff. Advantage of machine learning software is that it can analyse large volumes of data and at great velocity, which would not be possible for even skilled cyber analysts.
A cyber attack can be akin to an earthquake. It’s generally not the earthquake that kills people, but fragile infrastructure that does. Imagine an infrastructure which changes and adapts to the severity of the quake. Similarly, machine learning could create an ever changing landscape for cyber attacks, while a cyber attack may cause damage, the severity of it can be limited.