The Fight to Attain Cyber Supremacy in Corporate Networks
In 2003, a self-replicating sentient programme was causing mass mayhem. It successfully overwrote core programmes within a global network and almost achieved complete control. This incident describes proceedings during the film ‘The Matrix Reloaded’. And while we are not yet seeing a post-apocalyptic future where machines rule humans, bots taking over networks are not a figment of reel-world imagination.
Last December ‘BlackEnergy’ malware targeted power companies in western Ukraine, causing a blackout that affected more than 225,000 civilians . Before that, ‘BlackEnergy’ had overwritten file extensions within Ukrainian media companies, rendering their operating systems unbootable.
These attacks characterise today’s danger. It is no longer just the classic scenario of information being stolen or websites being defaced, but the quiet and unseen attacks. These attackers use previously unseen and customised codes, cross boundary defences only once and do not send out information, becoming ‘insider threats’.
Despite the high stakes, we’ve so far failed to match the guile and agility of today’s adversaries.
The harsh realities of being human
The first reality is that we are outnumbered. We’re struck by a global cyber security talent shortage that is only going to get worse. By 2020, there will be an estimated 1.5 million shortfall in information security workers worldwide2.
Some firms have started cross-training IT workers and converting them into security specialists. However, they lead us to the second reality – we can be easily outmanoeuvred and it’s not just about throwing more bodies at the problem.
Organisations have and will continue to embrace digital transformation. The number of connected devices will hit 6.4 billion in 2016 and increase to 20.8 billion by 2020 , with each connection representing a potential point of entry.
As attackers increasingly obtain credentials from employees, customers, suppliers or contractors, and use these cloaks of legitimacy to exploit points of entry in ways that are difficult to predict, it’s unsurprising that humans are often blindsided or bypassed.
New breeds of machines doing the heavy lifting on behalf of humans
‘BlackEnergy’ found its way into networks despite the presence of firewalls, anti-viruses and sandboxes. These traditional tools failed because they attempted to pre-define the threat by writing rules or producing signatures based on previously known attacks. Once hackers are inside networks, they use machine intelligence that learn how to behave as authentically as real devices, servers and users.
In the same way, using complex algorithms and a mathematical framework, unsupervised machine learning technology can process and make sense of today’s deluge of data, before making logical, probability-based decisions against external and insider threats on behalf of humans4.
Unsupervised machine learning at the forefront of next-generation cyber defence
The technology, when applied, automatically studies a network’s so-called ‘pattern of life’ – everything from the devices that usually ‘talk’ to one another, to what sort of data they normally transmit, to whom and when. Once a baseline has been established, the programme acts as an ‘immune system’ of sorts, alerting systems administrators to behavioural irregularities. This means that previously unidentified threats can be detected, even when their manifestations fail to trigger any set rules or signatures.
“Never send a human to do a machine’s job” were the provocative words of Agent Smith in The Matrix Reloaded – which explains why three in four organisations are dissatisfied with their current ability to detect and investigate cyber threats5.
Unsupervised machine learning could be the one thing that gives us a chance against advanced and automated cyber threats. Humans, for their part, should migrate from the losing battle of manual threat detection, to implementing training in complementary skillsets like high-level threat analysis and mitigation.
1ICS-CERT. Cyber-Attack Against Ukrainian Critical Infrastructure. 25 February 2016.
2Frost & Sullivan. The 2015 (ISC)2 Global Information Security Workforce Study. 16 April 2015.
3Gartner. 6.4 Billion Connected “Things” Will Be in Use in 2016, Up 30 Percent From 2015. 10 November 2015.
4Darktrace. Machine Learning: A Higher Level of Automation White Paper. March 2016.
5RSA. Threat Detection Effectiveness Survey. February 2016.
Dave Palmer is a cyber security technical expert with more than ten years' experience at the forefront of government intelligence operations. He has worked across UK intelligence agencies GCHQ and MI5, where he delivered mission-critical infrastructure services, including the replacement and security of entire global networks, the development of operational internet capabilities and the management of critical disaster recovery incidents. At Darktrace, Dave oversees the mathematics and engineering teams and product strategy. He holds a first class degree in Computer Science and Software Engineering from the University of Birmingham.