Intelligent cyber-threats need to be countered by intelligent security

Cyril Voisin, executive security advisor, France, Microsoft Middle East and Africa on the need to tailor security policy to prevailing threat landscape

Tags: Microsoft CorporationUnited Arab Emirates
  • E-Mail
Intelligent cyber-threats need to be countered by intelligent security Voisin: The very scale of large technology companies has become their strength, as has their attractiveness to cyber-miscreants.
By  Cyril Voisin Published  August 29, 2017

Whenever a major cyber-attack creates a media storm, the technology community inevitably engages in a lot of hand-wringing and soul-searching, wondering just how safe the digital assets are. Now, following the recent WannaCrypt ransomware campaign, organisations find themselves back in the scare zone, asking: ‘are we doing enough to keep our corporate data safe?’ And we second-guess all kinds of ICT policies, such as internal training, perimeter protection, credentials theft mitigations, hardening, incident response and recovery, and cloud migration.

This kind of introspection is not only inevitable, but understandable. However, the best-practice approach to getting our houses in order remains the same – tailor security policy to the current threat landscape. Considering that some 91% of advanced persistent threats begin with an old-fashioned phishing con, the training of staff on basic cyber-sanitation is, of course, an indispensable arrow in your security-quiver. Avoiding untrusted websites; not clicking on a link within an email from even a trusted source; not allowing external storage media to cross corporate boundaries – these are all sensible policies and should be encouraged.

But human slip-ups will occur and some of these may lead to breaches. And given that some of these threats can remain undetected for up to 146 days, according to a recent study, I would like to discuss how technology solutions can help your team and processes to reduce that residence drastically.

The role of artificial intelligence in cyber security

The answer partially lies in the technique of user and entity behaviour analysis (UEBA), a machine-learning method that automates monitoring of your information system at the network and host layers, using advances in pattern-matching and cognitive reasoning. Cutting-edge algorithms are used to baseline an organisation’s network activity so that future anomalies can be detected. Some of these anomalies will be dealt with automatically; others will be quarantined so that human analysts can triage activities for further action.

Of course, most organisations cannot afford the level of R&D required to facilitate full UEBA-based cyber security, despite often facing stringent compliance obligations that cry out for such solutions. This is where migration to the cloud can help, rather than hinder, adequate protection measures. Cloud service providers know that their very business models hang on their ability to protect hosted client environments. Microsoft alone invests round $1 billion annually into cyber security, as we are acutely aware of the risks Indeed, on an average day we fend off about 1.5 million attempts to compromise our systems, so machine-learning plays a huge part in our current cyber-security strategy. In addition, we sink significant R&D funds into developing other tools using various branches of artificial intelligence (AI).

Strength in scale

But the very scale of large technology companies has become their strength, as has their attractiveness to cyber-miscreants. They learn from each and every attack, accumulating data from them, combining it with customer reports, and funnelling all of it into intelligent security graphs. The more they are attacked, the more they learn. And the more they services they provide, the more relevant they get by understanding the wider context. Because the information store is so extensive, future real-time analysis can allow, for example, an email phishing scam out of Nigeria to be linked with a denial-of-service attack originating in Eastern Europe. Machine-learning-fed, forensic dot-joining like this allows instant mitigation of a malicious campaign while allowing the service provider to share the knowledge gain across its other platforms and services.

Between state-actor, hacktivist and money-minded attacks, today’s CISOs face a seemingly impossible challenge. In 2015, a particularly vicious incursion compromised the systems of more than 100 banks across 30 countries, with estimated losses in excess of $1 billion.  Meanwhile, politically motivated cyber-cabals such as STRONTIUM and Red October target government bodies, diplomatic missions, journalists and military institutions.

The shift in concerns

But the very fact that CISO has become such a common role in the industry is indicative of a fundamental shift in board-room attitudes. Where five years ago, decision-makers were avoiding cloud migration because of security concerns, they are now increasingly embracing it because of those same concerns. They are now – because of commonplace, alarming headlines – reaching the obvious conclusion that cyber-crime does not take holidays. Consumer choice in Internet-connected devices (phones, tablets, TVs and others) and their preference of living in smart cities that are more connected, means more and more people are living their lives online. And that means an expanding attack surface, which is fertile ground for attackers.

It is worth noting that the analyst firm Gartner projects the public cloud services market to reach around $385 billion in 2020, as more organisations recognise the cloud as a security haven. The vast information pool accumulated by cloud providers is fed on by a host of algorithms, modelled on frameworks such as neural networks, heuristics, data science and machine-learning. These algorithms identify attacks, spot and remove malware, and come up with detections and possibly bug fixes faster than human could. While more complex scenarios require that the system raise a red flag to a human analyst, R&D teams still pursue an end game where software takes care of every remedial step and delivers a worry-free environment.

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code