Machine Learning is rapidly being deployed into many areas of IT where success has been seen in the cyber security space.
As a direct result of machine learning techniques, we have moved beyond solutions that rely on databases of virus signature files. A virus signature is a set of unique data, or bits of code, that can identify a computer virus, similar to a fingerprint for humans. Next-generation cyber security solutions learn how threats, like malware, present themselves and can identify previously unencountered Malware threats without waiting for the latest signature file update.
Statistics show that machine learning techniques in cyber security are particularly effective in dealing with Malware threats. Analysis conducted by Crowdstrike (a next generation end point security specialist software company) suggests that machine learning solutions detect 99% of Malware attacks and are even effective enough to discover 98% of zero-day attacks showing how ML has removed the reliance on the need for signature files.
99% is impressive. But does it mean your business is protected simply by a low risk of getting hit? The answer is a resounding “No”. Dig deeper into the statistic - It is not telling you that 99% of companies avoid successful Malware attacks. It is only saying that 1 in 100 Malware variants will get through ML-based defence. To put this into perspective, it is not a big challenge for organised cyber criminals to flood your ML-based system with 400 to 500 malware variants in short order. Statistically 4 or 5 Malware strains will penetrate your defence, and it only takes one successful malware breach for cybercriminals to establish a “beachhead” in your network.
Combine this with the fact that Malware only makes up around 40% of all types of cyber-attack. It will become clear that machine learning in isolation cannot provide the total end point protection that companies need.
To be clear, ML is a vital component in the fight against the modern cyber threat. It needs to be deployed in conjunction with some other strategies that can more adequately deal with the 60% of non-malware based techniques.
Crowdstrike is a strong example of a company that uses ML combined with a broad set of other capabilities and technologies to provide comprehensive protection for malware and exploitation techniques including stolen credentials and even state-sponsored actors. Crowdstrike uses a range of techniques to look for and identify what they term “indicators of attacks” regardless of the type of malware or exploit being faced. By understanding and analysing an attacker’s intent regardless of the methods they use to breach your system, you have a better chance to remediate quickly once a breach has occurred. Given that the average “dwell time” before breaches are discovered are now reported to be around six months, being able to understand indicators of attacks is critical.
Combining ML techniques with human expertise, especially for remediation enhanced endpoint detection and response, is an important part of a total strategy. For example, hunter teams, made up of security experts who can profile specific details personal to your company and understand the motivations behind actors specifically targeting your company are becoming a critical element of any total solution. Most companies do not have the ability or resource to employ their own team of cyber hunters, which is why companies like Crowdstrike offer Falcon OverwatchTM a managed service hunter team.
Machine Learning is an important and vital technology in the fight against cyber crime but not on its own. ML needs to be combined a host of next-generation security technologies along with a robust endpoint detection and response capability. Only then can you adequately be protected against all threats and successfully mitigate when breaches occur.