The power of analytics could mean that we are stronger together once again.
The threat posed by insecure internet of things (IoT) devices casts a worrying shadow over the current threat landscape, with this network of devices only set to get ever larger and provide yet more weak points into organisations worldwide.
Darren Thomson, CTO of Symantec, EMEA, however, believes that there is a way to turn the tide of this threat with what he calls the cyber defence of the future – analytics.
While any talk of a silver bullet technology is folly, Mr Thomson believes that this approach can change the cyber security game for good.
“Often I use the analogy of neighbourhood watch. In a neighbourhood watch network, the more people you have in it, the safer you are. That is the exact opposite to security at the moment – the more people we add to our business, the less safe we are because they add risk; the more devices we add to the internet of things, the more risk there is. What if we could change that around?” Mr Thomson told CBR.
The Symantec CTO raises a resonating point, at ground level the primitive human instinct leans toward safety in numbers, but the current threat landscape promotes scepticism and isolationism – certainly keywords that seldom feature in the running of a successful business.
Mr Thomson used the recent Mirai Botnet attack as an example of a situation that could be averted using the power of analytics.
The Mirai Botnet was found in 2016 and it worked by infecting devices running out of date versions of Linux. Connected fridges were iconic of this attack, as they were targeted to form the basis for a botnet.
Mr Thomson made a suggestion, he said: “So what if every single one of those fridges carried something that is similar to the ingredients bar on the side of a packet of cereal? This is how many calories, this is how much fibre, this is how much fat.”
Compiling this data provides a standard to monitor a very large number of devices by, so that a major anomaly can be easily spotted, giving plenty of time to action an appropriate security response.
Describing the individual device information, Mr Thomson said: “That’s a fingerprint, very lightweight, it can still be a dumb device, it just has this little fingerprint, so imagine if all of the fridges had that, and now I am looking at a million fridges, they are all telling me I am behaving normally, as a baseline of behaviour for a fridge.”
Behind the harvesting of this massive amount of important information is machine learning, a technology that many security vendors have pinned as the weapon of choice for the next era of the cyber threat landscape.
“Analytics is the answer to many of our security issues, we need to take analytics much more seriously, much of the analytics will come from machine learning, the data that machine learning produces as a result of its decisions will produce data that gives us analytics” said Mr Thomson.
Mr Thomson explained why an extensive set of analytics would be so formidable in locating major cyber attack incidents such as a botnet attack on IoT devices:
“There are little blips here and there because people are leaving their fridges open too long, but they are little blips. All of a sudden I see half a million fridges acting weirdly, there is a spike, an anomaly, and those fridges should not be acting that was. They are producing three times more data as we would expect a fridge to produce, that is an indicator of compromise, something is going on. Now we can be proactive, let’s get over and have a look at that, what’s going on? It looks like someone is creating a botnet – ‘block’. We have been pro-active about security, and we have done it because we had that analytic.”
Analytics could provide capabilities right across the spectrum of cybersecurity, not limited to just visibility within the network, Mr Thomson expressed his belief that the same methods can be applied to humans to effectively guard against unauthorised users gaining access.
“I think the same principal can apply to people, we are working right now on user behaviour analytics, we have software that can baseline human behaviour. We don’t even need to tell the system what jobs those people are doing, it doesn’t really care, what it learns over time is what those jobs look like, the sorts of things people do during those jobs.”
The capabilities of machine learning have been questioned by some experienced professionals in the industry, but Mr Thomson makes a stand by elaborating on one of these use cases in which the analytics leveraged by machine learning has been extremely successful:
“One of those cases was a board level director who was sending himself information he shouldn’t have been on the last day of his employment. HR knew nothing about that, his manager knew nothing about that, nobody knew anything about that. Our system knew that because it had baselined the behaviour of all of those individuals. If that isn’t artificial intelligence then I don’t know what is!”
The question we are left with is how hard is it to amass a vast set of analytics that can be used to change the cyber security game within the current threat landscape? It turns out that there is only one precious requirement in the process, as Mr Thomson told CBR:
“It just takes time, you have the decision tree algorithms, machine learning algorithms, you set up the software and then you just need the time to baseline the behaviour.
“Whether it be IoT, or human behaviour, analytics is key. Our best kept secret is our data. We scan 3 billion emails a day, we are protecting 175 million endpoints, and 82 million web users with proxy.”