In the fight against cyber-threats, it’s often said that the attackers are faster and more innovative than the defenders. As new critical vulnerabilities are detected, it’s often a race for organisations to update their software before the vulnerabilities can be exploited. The issue is however that there is usually a time lag between the release of an update and when an organisation can apply it, creating a window of vulnerability. To help streamline this process and ensure that new software updates are legitimate, most organisations rely on an application whitelist or digital certificates, yet these methods, although useful, are both imperfect (more on that later).
Now though there’s a new approach that applies machine learning to application whitelisting in a way that’s more accurate than ever before. This development of this new technique has been led by Dr Jonathan Oliver, Senior Data Scientist at Trend Micro. To learn more, I got in contact with Dr Oliver, to discuss the advantages of this new technique, the future of machine learning and its implications for cybersecurity.
Richard Pain: Whitelisting applications is a very common technique in cybersecurity, so what’s wrong with it? Could you explain some of its shortcomings?
Dr Oliver: You can approach whitelisting in two sorts of ways. Firstly, you can use a definitive list - you only let programs on that whitelist run and deny everything else. This is called a lockdown mode, and it’s suitable for industrial control systems or the kind that requires an element of rigour, such as ATMs. Yet there's always a competing need to add other elements, such as ad pop-ups or customers information. Ideally, you would like to lock things down, but it's really difficult. With the rapid change of software, security can be compromised very fast.
This is especially true for enterprise IT. You're constantly getting security updates; there's a lot of software that won't work if you are still on the old versions. So we've got a conflicting set of requirements that IT departments struggle to keep up, needing security updates and feature updates to ensure things work in a compatible way.
Sign up for CIO Asia eNewsletters.