The legacy security model is based on the concept of a well-defined perimeter and the use of tools such as signatures, rules and statistical analysis. While that model has provided significant value for a very long time, the limitations of that model are highlighted by that fact that large-scale security breaches which are designed to evade traditional defenses have recently become commonplace. One measure of the frequency and breadth of security breaches comes from an IBM report which stated that by 2019 cybercrime will become a 2.1 trillion-dollar problem. A measure of the expanding effect of security breaches is that because of the impact that a cyberattack can have on a company’s profitability, competitiveness, brand and stock price, in many instances cybersecurity has become both a CEO and a board level issue.
Over the last few years, the task of securing the enterprise has become more complicated in part based on the emergence of new classes of devices and users, each of which presents new attack surfaces and each of which contradicts the concept of a well-defined perimeter. Mobile workers are one example of this phenomena. According to an analyst report, the global mobile workforce is expected to have 1.75 billion members by 2020, accounting for 42.0% of the global workforce. According to a recent article, 20 percent of companies reported that their mobile devices have been breached. That article also stated that nearly all companies (94 percent) reported that they expect that the frequency of mobile attacks will increase, and 79 percent acknowledged that it’s becoming more difficult to secure mobile devices.
Another example of an emerging type of edge point that presents new attack surfaces is the IoT. IoT impacts every industry with business-critical use cases being developed in many verticals including retail, healthcare, agriculture and transportation. According to an article in Forbes, between 2015 and 2020 spending on all layers of the IoT technology stack will attain at least a 20% Compound Annual Growth Rate (CAGR). That article also stated that B2B spending on IoT technologies, applications and solutions will reach $267 Billion by 2020. Unfortunately, according to a March 2018 Network World article, the lack of effective security is the top barrier to successful IoT initiatives. The article concluded that the adoption of IoT means that “Organizations will need a far greater degree of visibility into their networks that might previously have been strictly necessary”.
Artificial intelligence (AI) is a branch of computer science that focuses on the theory and development of computer systems that are capable of performing tasks that normally require human intelligence, such as visual perception and decision-making. Machine Learning is a subset of AI that focuses on the practice of using algorithms to parse data, learn from it, and then make a prediction about something. In contrast to a static algorithm, a critical aspect of machine learning is that the machine is “trained” using large amounts of data and algorithms that give the machine the ability to continually learn how to perform a given task.
Tools based on machine learning are necessary to supplement the existing set of security tools. These new tools help organizations identify and mitigate the emerging generation of security breaches that are designed to leverage both the legacy and evolving attack surfaces to evade the enterprise’s traditional defenses. When evaluating security tools based on machine learning, there are three key concepts that IT organizations should keep in mind. They are:
- Not all tools that claim to be based on machine learning indeed are. Some are just a re-packaged statistical analysis tool or are a combination of rules that rely on prior knowledge of what specific action an attack will take.
- To maximize the value of machine learning, the tool must have access to the broadest possible set of data including packets, flows, logs and alerts. In virtually all instances, the network is the best source of data.
- The results produced by security tools that are based on machine learning are not binary; e.g., the results would not be used to turn an indicator light from green to red. The results are probabilistic and are intended to help the security team identify the types of small incremental changes that typically can’t be detected by traditional tools and which might indicate that the enterprise has been breached.
Security attacks continue to increase in both frequency and sophistication. While the legacy security model continues to add value, it can’t thwart the growing set of attacks that are specifically designed to circumvent the defenses this model provides. To respond to this emerging set of attacks, IT organizations must supplement their current approach with a new generation of security tools. This new generation of tools must be built using machine learning and it must be able to fully leverage the ability of the network to provide the broadest set of data.