Go past the perimeter, inside the network to find where cyber trouble lurks

Network traffic analysis, AI, changes in behavior work together to head off breaches

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someonePrint this page

Tra­di­tion­al perime­ter defenses—firewalls, antivirus soft­ware and mal­ware scanners—are no longer suf­fi­cient. And it doesn’t mat­ter if you are a large, multi­na­tion­al orga­ni­za­tion or a start-up. If perime­ter defens­es were ade­quate, attacks wouldn’t get through. But attacks are, and they’re increasing.

Take ran­somware attacks for instance. We’ve seen a tremen­dous uptick in ran­somware with­in the indus­try. In 2016, it brought in over a $1 bil­lion in ran­som. It’s on track to bring in sev­er­al bil­lion dol­lars in 2017. The recent ran­somware attack, Wan­naCry, was built to go glob­al so as to gen­er­ate as much rev­enue as pos­si­ble. The ran­som mes­sage was avail­able in 28 dif­fer­ent lan­guages, and the mal­ware itself spread across 150 coun­tries and infect­ed over 200,000 devices.

Relat­ed arti­cle: IoT hack of Ger­man routers fore­shad­ows glob­al-scale threats

While orga­ni­za­tions can’t reduce the num­ber of attacks they face, they can change the way they look at secu­ri­ty so as to min­i­mize the suc­cess of those attacks. How? Instead of look­ing to the future, toward arti­fi­cial intel­li­gence, they should look with­in their net­work. By imple­ment­ing net­work traf­fic analy­sis and focus­ing on the inte­ri­or, not just the perime­ter of your net­work, orga­ni­za­tions could stop attacks in their tracks.

Jesse Roth­stein at Black Hat 2017 in Las Vegas.

Dur­ing my time at Black Hat 2017 in Las Vegas, I was joined by Jesse Roth­stein, the co-founder and chief tech­nol­o­gy offi­cer of Extra­Hop, a net­work mon­i­tor­ing and cyber­se­cu­ri­ty com­pa­ny. Jesse and I dis­cussed the impor­tant but often neglect­ed inte­ri­or net­work and how net­work traf­fic analy­sis can reduce the dam­age caused by attacks. We also dis­cussed the role that AI and machine learn­ing will play in the indus­try and how changes in mind-set mean that secu­ri­ty is now everybody’s respon­si­bil­i­ty. You can find the key take­aways of our talk below.

The inte­ri­or is your best chance to know if you’ve been breached. Most com­pa­nies now real­ize that it’s when, not if, they will be hacked. Because net­work com­mu­ni­ca­tions is a source of truth, it’s the last and best way to deter­mine a breach. With a net­work traf­fic analy­sis ser­vice, like Extra­Hop, com­pa­nies can observe all com­mu­ni­ca­tions and detect poten­tial anom­alies and quar­an­tine poten­tial­ly infect­ed devices in real time.

AI is a tool to help with analy­sis. When you’re ana­lyz­ing a company’s entire east to west net­work traf­fic, there’s an enor­mous amount of data to col­lect, process and ana­lyze. Machine learn­ing can auto­mat­i­cal­ly detect the kind of anom­alies and out­liers that are symp­to­matic of a breach. Quar­an­tine can take place auto­mat­i­cal­ly, too, and, thanks to machine learn­ing, the more data pro­vid­ed to the AI algo­rithms, the bet­ter and more effec­tive they become at iden­ti­fy­ing signs of breaches.

But AI will not replace human experts. Humans can nev­er be replaced; AI can only aug­ment them. Machine learn­ing, when applied to cyber­se­cu­ri­ty, tends to be over­hyped in two ways. First, every ven­dor talks about it and, in some cas­es, they aren’t even using it. Sec­ond, orga­ni­za­tions expect too much of it. They expect machine learn­ing to replace humans, but that’s just not where state-of-the-art is at.

Cyber­se­cu­ri­ty is for every­one. Rather than humans being replaced by AI, more employ­ees than ever are get­ting involved with cyber­se­cu­ri­ty. There has been a mind shift over the past cou­ple of years where secu­ri­ty has become everyone’s job. Pre­vi­ous­ly, every­thing was farmed out to an organization’s secu­ri­ty team. Now it’s everyone’s respon­si­bil­i­ty, and cyber­se­cu­ri­ty fea­tures and capa­bil­i­ties are being intro­duced into vir­tu­al­ly all IT products.

More sto­ries relat­ed to net­work pro­tec­tion and cybersecurity:
Holes in the armor: How secure is your cybersecurity?
Bet­ter cyber­se­cu­ri­ty audits would mean bet­ter net­work protection
SMBs need to for­ti­fy their ‘human fire­wall’ with cyber­se­cu­ri­ty training