Those indicators make it much more difficult for an adversary to hide during the early stages – “reconnaissance, expansion and data-staging – of an attack", Munroe said.
In the past, attackers could hide their activities in the data logs of applications, directories, endpoint, net-flow and repositories, he said. But, “machine learning and behavioral analytic will find these activities hidden in billions of event logs, connect them and surface them to security investigators.”
That doesn’t mean everybody is using it, or knows how to use it. It also sounds expensive – possibly much too expensive for SMBs, but Alperovitch said it is becoming both more accessible and more affordable.
“The industry is gradually moving towards making entry-level options available,” he said, “whether it’s access to intelligence or technology solutions.
“Also, leveraging technologies like the cloud allows vendors to offer more cost-effective means to deploy security tools in a scalable way with minimum pre-existing infrastructure requirements. The cloud is a real game-changer.”
Munroe has a similar message. “Before the age of Hadoop and big data, most organizations did not have the data to feed a machine learning-based system,” he said. “But that has changed because even if you do not have this infrastructure you can use a cloud-based system.
That combination of machine learning and behavioral analytics tools, he said, is good enough to catch even nation state-sponsored hackers.
William Munroe, vice president of marketing, Interset, said: “Arrests, convictions and jail sentences create a justifiable defense that the Chinese are following the agreement while covering up their illicit activities.”
Andrew Gardner, senior technical director, machine learning, Symantec said: “We’re able to identify oddities sooner by connecting the dots between behavioral and contextual signals that could signal an attack is likely.”
Sign up for CIO Asia eNewsletters.