Story image

Cisco report finds AI & machine learning still hot topics in cybersecurity

26 Feb 2018

Artificial intelligence and machine learning in cybersecurity prove to be hot topics amongst security professionals and they’re looking to spend more on tools that can do those very tasks, according to the 11th Cisco 2018 Annual Cybersecurity Report.

According to the report, machine learning is able to help enhance network security and defences by learning how to detect unusual traffic patterns in cloud and IoT environments.

That technology is in hot demand, particularly as the volume of legitimate and malicious web traffic grows. According to Cisco statistics from October 2017, 50% of web traffic is encrypted. Over a 12-month period, Cisco researchers also spotted a threefold increase in malware samples that used encrypted network communication.

Network encryption is causing challengers for defenders who are trying to identify and monitor any potential threats – however security professionals are eager to adopt machine learning.

While machine learning comes with drawbacks such as false positives, security professionals realise that machine learning and AI technologies are still in their infancy.

The report also found that more than half of all cyber attacks result in financial damages of more than US$500,000 (AU$637,630) including lost revenue, customers, opportunities and out-of-pocket costs.

Security solutions are becoming numerous and complex as the scope of breaches expands. Defenders are now using a ‘complex’ mix of products from a cross-section of vendors.

In 2017, 25% of security professionals said they used products from 11-20 vendors. They also said that 32% of breaches affected more than half of their systems.

Cyber attackers are also quick to recognise the value of security holes and they are exploiting the lack of advanced security on cloud platforms.

While 57% of security professionals say they host data in the cloud because it has better data security, attackers are also taking advantage of the fact that security teams are having difficulty defending cloud environments that are evolving and expanding.

Cisco says that a combination of best practices, advanced security technologies such as machine learning and first-line-of-defence tools could help protect cloud environments.

"Last year's evolution of malware demonstrates that our adversaries continue to learn," comments Cisco’s senior VP and chief security and trust officer, John N. Stewart.

"We have to raise the bar now – top down leadership, business led, technology investments, and practice effective security – there is too much risk, and it is up to us to reduce it."

The survey polled 3,600 chief security officers (CSOs) and security operations (SecOps) managers from 26 countries.

Other findings from the report:

Supply chain attacks are increasing in velocity, complexity

  • These attacks can impact computers on a massive scale and can persist for months or even years. Defenders should be aware of the potential risk of using software or hardware from organisations that do not appear to have a responsible security posture.
  • Two such attacks in 2017, Nyetya and Ccleaner, infected users by attacking trusted software.
  • Defenders should review third-party efficacy testing of security technologies to help reduce the risk of supply chain attacks.
  • Security professionals see value in behavioural analytics tools in locating malicious actors in networks
  • 92% of security professionals said behaviour analytics tools work well. Two-thirds of the healthcare sector, followed by financial services, found behaviour analytics to work extremely well to identify malicious actors.

Use of cloud is growing; attackers taking advantage of the lack of advanced security

  • In this year's study, 27% of security professionals said they are using off-premises private clouds, compared with 20% in 2016
  • Among them, 57% said they host networks in the cloud because of better data security; 48%, because of scalability; and 46%, because of ease of use.

Trends in malware volume have an impact on defenders' time to detection (TTD)

  • The Cisco median TTD of about 4.6 hours for the period from November 2016 to October 2017 — well below the 39-hour median TTD reported in November 2015, and the 14-hour median reported in the Cisco 2017 Annual Cybersecurity Report for the period from November 2015 to October 2016.
  • The use of cloud-based security technology has been a key factor in helping Cisco to drive and keep its median TTD to a low level. Faster TTD helps defenders move sooner to resolving breaches.

Additional Recommendations for Defenders:

  • Confirm that they adhere to corporate policies and practices for application, system, and appliance patching.
  • Access timely, accurate threat intelligence data and processes that allow for that data to be incorporated into security monitoring.
  • Perform deeper and more advanced analytics.
  • Back up data often and test restoration procedures, processes that are critical in a world of fast-moving, network-based ransomware worms and destructive cyber weapons.
  • Conduct security scanning of microservice, cloud service, and application administration systems.
SecOps: Clear opportunities for powerful collaboration
If there’s one thing security and IT ops professionals should do this year, the words ‘team up’ should be top priority.
Interview: Culture and cloud - the battle for cybersecurity
ESET CTO Juraj Malcho talks about the importance of culture in a cybersecurity strategy and the challenges and benefits of a world in the cloud.
Enterprise cloud deployments being exploited by cybercriminals
A new report has revealed a concerning number of enterprises still believe security is the responsibility of the cloud service provider.
Ping Identity Platform updated with new CX and IT automation
The new versions improve the user and administrative experience, while also aiming to meet enterprise needs to operate quickly and purposefully.
Venafi and nCipher Security partner on machine identity protection
Cryptographic keys serve as machine identities and are the foundation of enterprise information technology systems.
Machine learning is a tool and the bad guys are using it
KPMG NZ’s CIO and ESET’s CTO spoke at a recent cybersecurity conference about how machine learning and data analytics are not to be feared, but used.
Seagate: Data trends, opportunities, and challenges at the edge
The development of edge technology and the rise of big data have brought many opportunities for data infrastructure companies to the fore.
Popular Android apps track users and violate Google's policies
Google has reportedly taken action against some of the violators.