Amid the clamor over continued evidence that security tools are failing to protect systems and data, there is a growing belief that #machine learning and new techniques in automation may actually improve defenses against #attacks. The problem is that criminal hackers are using automation too and, so far, the results have been ominously effective.

High profile attacks are on the rise

This point was reinforced further with the news this week of two major distributed denial of service (DDoS) attacks that wiped out the website of security researcher Brian Krebs and overwhelmed the network of hosting service OVH. The OVH attack, which has been reported as the largest in the history of the Internet, was apparently driven by a sophisticated botnet (a network of malicious computers) which leveraged more than 150,000 connected IoT (Internet of Things) devices like security cameras and DVRs.

Advertisements
Advertisements

“It’s a mess out there,” said Art Coviello, former head of RSA, who spoke at the two-day Structure Security conference in San Francisco this week. “And it’s only going to get worse with the Internet of Things.”

It’s estimated that bots currently control nearly half of all Internet traffic today and not all of this is bad. Amazon, for example, uses bots to constantly scrape website data so they can adjust prices for online merchandise and stay competitive. But a recent report by Distil Networks, an automated attack detection firm, shows that malicious networks now account for almost 20% of bot traffic and they are becoming more adept at mimicking human behavior, making them harder to detect and remove.

Some of this is solvable by tools like captchas, which require human action (such as identifying pictures of trees) before receiving access to a website.

Advertisements

In a presentation at Structure, a Distil executive described how one of their customers got hit with a huge traffic spike which resulted in the serving of 17 million captchas. Only 78 of them were answered correctly and the threat was quickly dismissed.

Economics are forcing move to automation

Security is increasingly becoming a question of economics for many companies. Coviello described one firm that employs 1600 people in their computer security group. “How many people can afford that kind of investment?” he asked.

The answer is “not many” so companies are beginning to look more closely at automation to combat threats. Cylance, a security startup, is developing protection tools that rely on machine learning so that computers will automatically know not to open a certain kind of email.

Cylance’s CEO Stuart McClure outlined how the three core problems of #cyber security related to malware execution, password theft, and DDoS attacks can all be handled by computers once enough intelligence is programmed into the systems.

Advertisements

“Machine learning has the ability to solve all three insanely well,” said McClure.

Another company looking to embrace security automation is the investment firm Blackstone. Speaking at Structure, Blackstone’s Jay Leek described how he developed an automated system that assumed many mundane tasks previously run by his staff. “With automation, I have the ability to take a security analyst and make them three times more productive,” said Leek.

The turn towards machine learning can’t happen fast enough. The Yahoo breach of over 500 million user accounts is expected to result in even more attacks once those files are released and hackers exploit the valuable information.

As high-profile attacks continue to dominate headlines on a near-weekly basis, security professionals are trying to keep up. “Security is the defining problem of our digital age,” said Coviello. Now it will remain to be seen if automation can provide the solution.