Security pros turn to AI to fight encrypted malware

Cisco survey shows encrypted malware increases demand for machine learning supported security response

Tags: Artifical intelligenceCisco Systems IncorporatedMachine learningMalware
  • E-Mail
Security pros turn to AI to fight encrypted malware Hackers are increasingly using encryption to disguise malware.
By  Mark Sutton Published  February 25, 2018

Security professionals are increasingly looking to machine learning tools to help them react more quickly to malware threats, according to Cisco's cybersecurity report for 2018.

The annual report highlights the increasing sophistication of malware, which utilizes encryption to evade detection, and the adoption of weaponized cloud services. In response, security professionals said they will increasingly leverage and spend more on tools that use AI and machine learning, To reduce adversaries' time to operate.

While encryption is meant to enhance security, the expanded volume of encrypted web traffic (50% as of October 2017) - both legitimate and malicious - has created more challenges for defenders trying to identify and monitor potential threats. Cisco threat researchers observed more than a threefold increase in encrypted network communication used by inspected malware samples over a 12-month period.

Applying machine learning can help enhance network security defenses and, over time, ‘learn' how to automatically detect unusual patterns in encrypted web traffic, cloud, and IoT environments. Some of the 3,600 chief information security officers (CISOs) interviewed for the Cisco 2018 Security Capabilities Benchmark Study report, stated they were reliant and eager to add tools like machine learning and AI, but were frustrated by the number of false positives such systems generate. While still in its infancy, machine learning and AI technologies over time will mature and learn what is ‘normal' activity in the network environments they are monitoring.

"Last year's evolution of malware demonstrates that our adversaries continue to learn," said Scott Manson, Cybersecurity Lead, Middle East and Africa, Cisco. "We have to raise the bar now - top down leadership, business led, technology investments, and practice effective security - there is too much risk, and it is up to us to reduce it."

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code