Kevin Cox is Jon Snow in the war against cyber threats–for the cyber night is here and full of terrors. And, winter isn’t coming–it’s already here. As Continuous Diagnostics and Mitigation (CDM) rounds out phases I and II, our government needs automation, artificial intelligence (AI) and machine learning (ML) to hold back the ugly cyber hoards. AI, ML, and cloud are the dragons, dragon glass, and Valyrian steel that the Department of Homeland Security (DHS) needs to combat the hacking white walkers. Okay, so how to separate fact from fairytale?
AI is Changing the Cyber Game
The web emits 10 million new malware files every month. Do the math. Yesterday’s signature-based approach to combating malware–deriving signatures one file at a time–is a losing proposition.
For most security scenarios, AI enables capabilities that go far beyond identifying known threats. AI models can determine a file’s maliciousness with no previous knowledge of the file, relying instead on analysis of the file’s innate properties.
As if this dated approach to malware detection isn’t bad enough, 60 percent of current intrusions are malware-free in nature. Hackers leverage memory-only threats and living-off-the-land techniques like the use of legitimate Windows tools, such as PowerShell and WMI. It’s significant to note that the most sophisticated and dangerous attacks fall heavily into this fileless category. To defend against them, you need an AI-based cyber strategy.
Machine Learning and Cloud
A domain within AI, machine learning, analyzes security-related data, including file “features” and behavioral indicators across massive data sets. Billions of events are utilized to “train” the system to detect unknown and never-before-seen attacks based on past behaviors. By training machine learning algorithms with data-rich sources and augmenting them with behavioral analytics, you can deliver next-generation defenses. Realistically, most companies don’t have the threat telemetry to train machine learning and that limits the effectiveness of the algorithms. But CDM, Einstein, and the Federal government certainly do.
Let’s examine that point further. The value that machine learning brings to the table largely depends on the data available to feed into it. Machine learning can’t create knowledge, it can only extract it. The scope and size of data are the critical elements impacting machine learning effectiveness. CDM can draw on data from across the federal government and also take a leadership role by establishing much needed public-private partnerships for data sharing and analytics.
Importantly, this is where cloud or elastic computing changes the game. Modern threats blend into the environment and only subtly differ from legitimate usage patterns. Detecting them requires looking at a larger amount of data and establishing contextual awareness. So it’s not so much securing the cloud as it is security through the cloud. You need both massive volumes of data and lightning speed analysis to stay one step ahead of today’s determined adversaries. That’s something only the cloud can deliver.
We’re all waiting on tenterhooks for CDM phases III and IV. The undead better bring their A game–Kevin “Jon Snow” Cox has some new weapons in his arsenal. It’s AI and cloud to the rescue.
Join MeriTalk and CrowdStrike on Jan. 18, 2018, from 4:30 to 7:30 p.m. at the W Hotel to network and dialog further on this proactive approach to more effective cybersecurity for public sector organizations. Click here for more information and to register.