Predictive Analytics: Fad or the Future of Cyber Security?
According to The Washington Post, the superforecaster term was coined by University of Pennsylvania professor Philip Tetlock. His 20-year study — explained in detail in “Expert Political Judgment: How Good Is It? How Can We Know?” — found that the average person couldn’t predict the future. But the superforecasters could.
Were they geniuses? Clairvoyant? Not at all. While all were intelligent and educated, the superforecasters were only separated by a thirst for knowledge and the willingness to work hard to understand and analyze. Call it a blend of patience, probability and persistence.
So, what does this have to do about cyber security? Sought by meteorologists, market analysts, political leaders and military strategists, the ability to accurately predict actions or behaviors directly correlates to not only more successful outcomes, but also more efficient analysis of past events.
Predicting cyberattacks, data breaches
As global warfare and cybercrime move to the digital battlefield, it’s only natural for cyber security vendors to research and invest in predictive technology.
If you attended RSA or Black Hat this year, you certainly noticed nearly every vendor and speaker talked about machine-learning, artificial intelligence (AI) or predictive analytics. In fact, they were the buzzworthy terms at every convention this year.
They’re also the theme of a recent TechCrunch article, “How predictive analytics discovers a data breach before it happens,” which explains how AI and machine-learning are paving the way for a new generation of threat intelligence and security solutions.
This innovation, however, comes with cautions. And some reality checks. While most experts cited agree that AI-based solutions can cut down response times and help us learn from attack data, new challenges arise around data volume, raw processing power and threat actor parries, as well as the challenge of actually using the correct algorithm for the specific problem set.
AI in real-world applications
Predictive cyber security isn’t theory or science fiction. In fact, A10 Networks is collaborating with partner Cylance to better analyze encrypted traffic to address a variety of cyber threat vectors. Announced in an August 2016 release, A10 Networks will integrate CylancePROTECT with the SSL Insight decryption technology available with the A10 Thunder CFW and Thunder SSLi platforms.
By taking a mathematical approach to malware identification utilizing patent-pending, machine-learning techniques instead of reactive signatures and sandboxes, CylancePROTECT helps neutralize the threat of new malware, viruses, bots and unknown future variants.
Future A10 Networks systems will incorporate telemetry data from customer machines. The data streaming from these machines will be leveraged in conjunction with data from Cylance to more accurately and intelligently identify and predict incoming attacks. This unique approach — using event data and tying it to real-world attacks — will be a first in the industry.
“In order to keep up with modern attackers, security technologies need to evolve alongside them — without relying on human intervention,” says Cylance in a recent white paper. “That’s where math and machine learning have the advantage. If we can objectively classify ‘good’ files from ‘bad’ based on mathematical risk factors, then we can teach a machine to make the appropriate decisions on these files in real time.”
It should come as no surprise that humans are the weakest link to even the best-planned cyber security defenses. While software and hardware can absolutely be manipulated, they have no pride, empathy or apathy to exploit. And it’s for this reason AI and other machine-learning innovations are critical in defending the most vulnerable security gap.
Threat actors will evolve, respond
Proven throughout history, attackers will evolve their skills and strategies to defeat new technology. This time will be no different.
Over the last two years, companies such as CrowdStrike, FlashPoint, Verizon and even the NSA have noted that attackers are using a combination of attack vectors to gain access to hardened systems.
Techniques such as combining a DDoS attack with a simultaneous spear-phishing campaign, with embedded malware using encrypted tunneling, are now commonplace. Attacker tactics are more sophisticated. Thus, those in defensive positions must be, too.
Olivier Tavakoli, the CTO of cyber security vendor Vectra Networks — which is also an A10 Networks partner — explains to TechCrunch that nation-states, hackers and organized cybercrime groups will develop new vectors to defeat predictive capabilities.
“After several years spent trying to perfect predictive analytics, attackers will counter with feints and pattern randomization,” Tavakoli says.
This is only natural. But it doesn’t mean that AI and predictive technology can’t help sway the momentum in the near term. He says that there is a place for advanced predictive solutions. We just need to be able to accurately recognize them for what they are and govern expectations accordingly.
“We need to use machine-learning where it makes sense — when we need to analyze the most advanced of attacks, correlate behavior and conduct data reduction exercises,” Tavakoli told SC Magazine UK. “When we call it artificial intelligence we're constructing a certain narrative, and is often found to be a term used by marketing teams who use it to build buzz. The term is one of popular culture, rather than an actual scientific term.”