Cybersecurity companies estimate that new malware variants are introduced at a daily rate of up to 390,000.
With each hour that passes, at least 13,000 new files emerge. If you find these numbers staggering, that’s because they are. Humans simply cannot keep up with them, which is why cybersecurity analysts are turning to artificial intelligence (AI) for help.
Fighting the constantly evolving and morphing threat landscape requires a combination of detection and a single view of threat data, in addition to the traditional methods of signature-based malware detection and blocking. AI helps spot trends, patterns, and anomalies in data that the naked eye cannot discern to help identify and mitigate new types of malware. A single view of threat data places all the relevant information in one place to empower the people on the front lines of the battle against cybercriminals—especially as attacks continue to rise.
THE ASYMMETRIC BATTLE FOR SECURITY
As new malware files constantly burst into the cyber scene, an increase in cyber attacks is all but inevitable. In 2016, 638 million ransomware attacks were recorded—more than 167 times the number of incidents in the previous year.
Threats are getting more frequent, varied, and severe. But it takes only one successful try for hackers to break into a network, while defenders must successfully fend off attacks every time. That’s no easy feat, considering that big data, social media, and the digitization of business processes create enormous volumes of data that have to be processed to find malware indicators. Security platforms can handle thousands of events per second, but that still isn’t enough to manage the threat landscape.
On top of that, there aren’t enough experienced cybersecurity professionals to keep up with it all. Colleges have only recently started to weave cybersecurity courses into their computer science curricula. It will take some time before the cybersecurity skills gap is filled—if that ever happens, considering how fast the threat landscape changes.
In any case, cybercriminals aren’t waiting for new people to enter the cybersecurity profession to give them a fair shake. The answer, therefore, is to train AI models to do the job of security analysts by automating manual tasks that are traditionally performed by security operations centers (SOCs). Security teams are using behavioral analytics and machine learning capabilities to process millions of events per second and detect the subtlest hints of malware.
MAKING USE OF MACHINE LEARNING
The herculean task of spotting patterns and anomalies to identify new types of malware requires sifting through eye-popping volumes of data from multiple sources, including threat intelligence reports, IP addresses, white- and blacklists, and millions of endpoints.
Machine learning is helping to spot previously unknown threats, including some ransomware strains—threats traditional security tools miss because they rely on signatures, or static rules, from known malware to stop potential infections.
Most machine learning technology is supervised, meaning humans are required to continually introduce new data to train the algorithms in use. This helps refine results to keep them relevant. Going forward, the goal is to utilize unsupervised machine learning, whereby the dynamic models perform most of the work on their own.
BRINGING A SINGLE VIEW TO SECURITY
As AI security models evolve, chief information security officers (CISOs) and their staffs need a straightforward way to review data so they can act on it. Just as organizations benefit from a single view of all their data—from internal processes, customers, partners, and supply chains—so do security teams when preparing cyber defenses.
A single view lets security teams access all threat data in one place, including the results produced by machine learning models. Using one dashboard, cybersecurity professionals can review, at a granular level, all data samples flagged as potential malware. This will help them discern good from bad. If something is bad, security teams will be able to determine what makes it so, and build behavioral profiles and tailored responses to protect against the threats.
An aggregate view of threat data allows cybersecurity professionals to focus on risks in addition to responding to threats. They can figure out what causes and constitutes risk, and how to make realistic predictions of incremental risk going forward. As such, security professionals are better able to make a case to the C-suite for the necessary security investments.
Without a single view, it’s tougher to make sense of an organization’s ever-increasing volumes of threat data and spot some of the subtlest threats. With that in mind, organizations should consider integrating their AI security initiatives with a single view to better protect themselves against an increasingly dangerous threat landscape.
Find out how you can leverage machine learning to enhance your cybersecurity.
SOURCE: Hortonworks