Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Why machine learning may be the answer to future cybersecurity problems

Nurdianah Md Nur | June 22, 2016
"Combining machine learning with a human factor of ensuring security best practices would be a holistic approach for cybersecurity," says Sanjay Aurora, Managing Director, APAC, Darktrace.

Sanjay Aurora of Darktrace
Sanjay Aurora, Managing Director, APAC, Darktrace

Given the data deluge, constant evolution of malware and lack of security professionals, deploying traditional security solutions isno longer enough to secure an organisation. We spoke to Sanjay Aurora, Managing Director, APAC, Darktrace, to learn why and how machine learning might help organisations combat current and future threats.  

Aurora is responsible for leading the expansion of Darktrace and its award-winning Enterprise Immune System in the Asia Pacific region. He has over 25 years of experience in the enterprise software industry specialising in the Asia Pacific region, where he has held a number of senior roles at leading software companies including Interwoven, Oracle, Autonomy and OpenText. 

CIO Asia: How have cyber threats and attacks evolved over the years?
Aurora: Over the past year, we've observed an increasing number of threat actors with both the motivation and capability to compromise networks and devices. The challenge of securing the network is further aggravated by the industrialisation of the cyber-crime economy, the rise of state-sponsored attacks, and the increasing sophistication of perpetrators.

Advanced exploit tools are readily available on the Internet - customisable malware, laboratories for testing and previously unseen hacking techniques - and can now be exchanged and traded. On 23 December last year, Russian-sponsored hackers were suspected of being responsible for the massive power outage across 80,000 Western Ukrainian homes. A re-engineered variant of the popular "BlackEnergy" malware was responsible, and the incident marked the first ever instance a power failure was caused by a cyber attack.

Furthermore, insider threat is on the rise. External attackers today will typically look to act under a cloak of legitimacy. This makes it extremely difficult to distinguish authorised activity from threat actors. Earlier in February, cybercriminals posed as authorised bank officials and siphoned US$81 million from an account held by the Central Bank of Bangladesh. By masquerading and securing recognition as legitimate users, the criminals managed to slip past the bank's cyber defences into the network.

The battle has clearly moved beyond humans. We see machine-on-machine attacks where algorithms are fighting other algorithms. Malicious software with ever-changing code can now gain an advantage over the protective programmes designed to keep them out.

Why can't existing/traditional security solutions put a stop to today's cyber threats? Please elaborate on the factors that are making it humanly impossible to keep up with every component within an organisation's ever expanding network.
The volume of network traffic and complexity of data transmitted between machines is set to reach an astronomical level in the next few years. New forms of malware are also constantly emerging on a daily basis. Yet there is already insufficient human talent employed to patrol and secure the network.

Hence, the legacy approaches of analysing, updating and patching for yesterday's attacks are doomed for failure, because machine-based attacks evolve too dynamically for any IT department to contend with. Whether from within or without, threat actors using machine intelligence are becoming harder to detect because they always use new ways to successfully circumvent any perimeter or rule-based approach.

Organisations that think their system administrators alone can shore up their cyber-defences will be disappointed as the deluge and sophistication of machine-based attacks will invariably outwit humans.

 

1  2  Next Page 

Sign up for CIO Asia eNewsletters.