Go past the perimeter, inside the network to find where cyber trouble lurks
Network traffic analysis, AI, changes in behavior work together to head off breaches
By Byron Acohido, ThirdCertainty
Traditional perimeter defenses—firewalls, antivirus software and malware scanners—are no longer sufficient. And it doesn’t matter if you are a large, multinational organization or a start-up. If perimeter defenses were adequate, attacks wouldn’t get through. But attacks are, and they’re increasing.
Take ransomware attacks for instance. We’ve seen a tremendous uptick in ransomware within the industry. In 2016, it brought in over a $1 billion in ransom. It’s on track to bring in several billion dollars in 2017. The recent ransomware attack, WannaCry, was built to go global so as to generate as much revenue as possible. The ransom message was available in 28 different languages, and the malware itself spread across 150 countries and infected over 200,000 devices.
Related article: IoT hack of German routers foreshadows global-scale threats
While organizations can’t reduce the number of attacks they face, they can change the way they look at security so as to minimize the success of those attacks. How? Instead of looking to the future, toward artificial intelligence, they should look within their network. By implementing network traffic analysis and focusing on the interior, not just the perimeter of your network, organizations could stop attacks in their tracks.
During my time at Black Hat 2017 in Las Vegas, I was joined by Jesse Rothstein, the co-founder and chief technology officer of ExtraHop, a network monitoring and cybersecurity company. Jesse and I discussed the important but often neglected interior network and how network traffic analysis can reduce the damage caused by attacks. We also discussed the role that AI and machine learning will play in the industry and how changes in mind-set mean that security is now everybody’s responsibility. You can find the key takeaways of our talk below.
The interior is your best chance to know if you’ve been breached. Most companies now realize that it’s when, not if, they will be hacked. Because network communications is a source of truth, it’s the last and best way to determine a breach. With a network traffic analysis service, like ExtraHop, companies can observe all communications and detect potential anomalies and quarantine potentially infected devices in real time.
AI is a tool to help with analysis. When you’re analyzing a company’s entire east to west network traffic, there’s an enormous amount of data to collect, process and analyze. Machine learning can automatically detect the kind of anomalies and outliers that are symptomatic of a breach. Quarantine can take place automatically, too, and, thanks to machine learning, the more data provided to the AI algorithms, the better and more effective they become at identifying signs of breaches.
But AI will not replace human experts. Humans can never be replaced; AI can only augment them. Machine learning, when applied to cybersecurity, tends to be overhyped in two ways. First, every vendor talks about it and, in some cases, they aren’t even using it. Second, organizations expect too much of it. They expect machine learning to replace humans, but that’s just not where state-of-the-art is at.
Cybersecurity is for everyone. Rather than humans being replaced by AI, more employees than ever are getting involved with cybersecurity. There has been a mind shift over the past couple of years where security has become everyone’s job. Previously, everything was farmed out to an organization’s security team. Now it’s everyone’s responsibility, and cybersecurity features and capabilities are being introduced into virtually all IT products.
More stories related to network protection and cybersecurity:
Holes in the armor: How secure is your cybersecurity?
Better cybersecurity audits would mean better network protection
SMBs need to fortify their ‘human firewall’ with cybersecurity training