Iván Blesa, Head of Technology, Noble explores how businesses can use Deep Learning to prepare their security analysts for combat in an evolving threat landscape.
Cybersecurity is a booming industry and it’s estimated that between 2017 and 2021 more than US$1 trillion will be spent globally on cybersecurity products and services. However, given that cybercrime was worth approximately US$45 billion in 2018, and breaches regularly make headline news, it’s clear the cybercriminals are continuing to identify and exploit vulnerabilities in security systems, giving them the upper hand against businesses.
Security analysts working at some of the world’s biggest organisations are frequently finding themselves on the backfoot, drowning in threat data and unable to efficiently identify attacks before it’s too late. A total of 37% of C-level executives say they deal with at least 10,000 security alerts every month – and 52% of those alerts are false positives. It’s no surprise that in a recent report 65% of security analysts have considered quitting their role due to workplace stress.
If businesses want to stay safe in an evolving threat landscape, without burning out their analysts, they need to empower them with tools to help them effectively do their jobs. This is where Deep Learning takes centre stage.
The state of play
There are many reasons why security analysts are facing an overwhelming, challenging battle with cybercriminals.
Cybercriminals operate in the same way businesses do: always looking for the greatest return with the least investment. This is evidenced in the Department for Digital, Culture, Media and Sport’s (DCMS) 2019 Cybersecurity Breaches Survey which found that cybercriminals are no longer taking a scatter gun approach to attacking businesses. Instead, they’re becoming more targeted, attacking fewer organisations but with greater return. A total of 48% of businesses who were breached identified at least one attack every month.
Criminals are also frequently collaborating with each other, sharing tips, tricks and advice on how to launch effective attacks on enterprises. For security analysts there has to be constant vigilance as they try and second guess where the next attack will come from – even if it’s something not seen before.
Compounding the activity of cybercriminals is the overwhelming, growing amount of data security analysts have to deal with. The growth of the Internet of Things (IoT) means that thousands, if not more, endpoints and connected devices are now contributing to corporate networks. And it’s a worrying sign when it’s estimated that there’ll be 20.4 billion connected devices by 2020 and yet less than half of UK firms are able to detect IoT breaches.
Identifying previously seen threats
Enterprises have traditionally relied on legacy, rule-based Machine Learning methods to detect attacks. This approach relies on gathering as many examples of malicious or suspicious activity, which are passed into the Machine Learning algorithm so that the system can build up a picture of what’s ‘bad’ and knows what to look out for in the future.
The problem with this approach is that it hinders an organisation’s ability to investigate activity that hasn’t been seen before, resulting in missed attacks. You wouldn’t protect a child from danger by asking them to memorise the FBI’s most wanted list, because that would be ignoring the highly likely possibility that a threat could come from somewhere else.
For the security analyst, using legacy tools that rely on historical data means they’re taking a reactive approach to preventing new, sophisticated attacks, instead of a proactive approach, so by the time an intrusion has been detected, it’s often too late.
The next generation of network monitoring
In an evolving threat landscape, the inherent danger of the unknown means businesses can’t afford to remain ignorant to previously unseen behaviours that could hit the organisation any time and any place. Deep Learning represents a solution.
Increasingly seen as the next generation of network monitoring, Deep Learning is driven by unsupervised algorithms that do not focus on previously detected malicious activity. Instead, it is an intelligent system that continuously analyses an organisation’s normal behaviour at full scale, in order to identify abnormalities. The algorithm is instructed to survey its own infrastructure and proactively search out and unearth the unknown, rather than the known ‘bad’.
Furthermore, Deep Learning algorithms have the ability to analyse vast amounts of data in real time and identify anomalous patterns with great accuracy. Given the ever-increasing amount of data being generated by businesses and the growing complexity of their digital infrastructure, Deep Learning algorithms can remove an impossible task from the shoulders of security analysts, freeing them up to focus on genuine threats.
By employing Deep Learning powered tools in their cybersecurity infrastructure, businesses will achieve an all-encompassing view of the network, dramatically increasing the chances of identifying potentially malicious behaviours. This is crucial in a landscape where breaches can have serious financial and reputational damages for a business, and its customers.