Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Machine behaviours that threaten enterprise security

Kacy Zurkus | Jan. 27, 2017
What to do when machine learning on the inside turns against the perimeter

The problem is that the hacker will try to manipulate a machine that has access to certain data, "Using the machine to exfiltrate data, and security practitioners can’t whitelist or blacklist or create a reel that doesn’t allow DNS access. It’s a unique file broken into millions of chunks," said Shteiman.

The problem with machine threats, said Citrix's CSO Stan Black, is that there is no clearly defined and consistently accepted understanding of them. The attacks that are underway have the ability to adapt and find new binaries very quickly.

"Machine threats from my point of view is when the machine learning that we do on the inside is being turned to the outside against our perimeter," Black said. "Machine threats are when a malicious actor attempts to use machine technology against us."

Automation has allowed hackers to gather even more intelligence than they had previously been able to obtain. Black said, "If you look at traffic on the internet, very few people are familiar with what is supposed to be happening. These guys are using connections, carriers, carrier calls, health checks, and parody analysis to gather additional intelligence."

Security practitioners are monitoring traffic, but Black said, "Previously we would see someone running active scanning on us. Now, they are able to utilize malicious code to gather more than they used to. This is going to be huge in the IoT space."

A return to basics, said Black, might be the best measure of defense. "Development is moving quickly, but we need to go back to basics. Applications are supposed to do certain types of transactions at each port. We need to clearly define what good traffic is and what it should look like. If it deviates from the published standard, that might be bad."

Relying on modeling and machine learning, said Shteiman, is another way to protect the gaps that aren't covered by blocking access to known Tor IPs. "I work on Tor, but I can model how I work on my computer. Access is only allowed when there is a keyboard interaction, or during working hours so that if I'm not on my computer, Tor can't be used."

As is most often the case, mitigating these threats requires education and training. Gorup said, "Regular code review and training developers will lower risk and vulnerabilities."

Black agreed noting that, "Coding is going to be a major step forward. The internet and the carriers of the world have allowed dirty data to come to our door. As consumers of that data we need to demand that they clean up our pipes."

Everybody is getting tired of the constant breaches and attacks. Creating more clarity on what carriers and companies' responsibilities are will work towards cleaning up those pipes.


Previous Page  1  2  3  Next Page 

Sign up for CIO Asia eNewsletters.