Security leaders are increasingly relying on tools that use AI and machine learning to defend against cybersecurity threats. This is according to the Cisco 2018 Annual Cybersecurity Report (ACR) released last week.
The report came a time when malware sophistication is increasing as adversaries begin to weaponize cloud services and evade detection through encryption, used as a tool to conceal command-and-control activity. The Cisco 2018 Annual Cybersecurity Report shows that 39 percent of organizations are reliant on automation, 32 percent on machine learning while 32 percent are rely on AI.
While encryption is meant to enhance security, the expanded volume of encrypted web traffic (50 percent as of October 2017) — both legitimate and malicious — has created more challenges for defenders trying to identify and monitor potential threats. The Cisco 2018 Annual Cybersecurity Report Cisco report observed that more than a threefold increase in encrypted network communication used by inspected malware samples over a 12-month period.
Malware variants are constantly evolving and their creators are always updating them to better penetrate security softwares and evade detection. Applying machine learning, according to Cisco can help enhance network security defenses and, over time, “learn” how to automatically detect unusual patterns in encrypted web traffic, cloud, and IoT environments.
Some of the worst malware of 2017 follows this pattern with surprisingly rapid evolution over the course of just a few months. The year saw major advances in ransomware influence with three headline-grabbing threats being demonstrated. They included, Wannacry which emerged in May 2017 and infected over 400,000 machines. There was also NotPetya which emerged in the summer of 2017 and Bad Rabbit which emerged in October 2017 in Russia and Ukraine.
- Read >> 3 differences between Petya and WannaCry Ransomware
- Read >> Infographic: Understanding the WannaCry Ransomware
- Read >> Global Wannacry Ransomware Attack – Infographic
- Read >> Government computers and networks were not affected during global WannaCry Ransom attack, Mucheru
“Last year’s evolution of malware demonstrates that our adversaries continue to learn,” said John N. Stewart, Senior Vice President and Chief Security and Trust Officer, Cisco. “We have to raise the bar now – top-down leadership, business led, technology investments, and practice effective security – there is too much risk, and it is up to us to reduce it.”
Cisco says Some of the 3,600 chief information security officers (CISOs) interviewed for the Cisco 2018 Security Capabilities Benchmark Study report, stated they were reliant and eager to add tools like machine learning and AI, but were frustrated by the number of false positives such systems generate.
Cisco believes while still in its infancy, machine learning and AI technologies over time will mature and learn what is “normal” activity in the network environments they are monitoring.