Cisco: security leaders investing in machine learning, AI to defend against threats

Applying machine learning can help enhance network security defenses and, over time, “learn” how to automatically detect unusual patterns in encrypted web traffic, cloud and IoT envionments, says the ACR.

While encryption is meant to enhance security, the report says, the expanded volume of encrypted web traffic (50 per cent as of October 2017) — both legitimate and malicious — has created more challenges for defenders trying to identify and monitor potential threats.

According to Canadian respondents, the highest obstacles to adopting advanced security processes and technology are: compatibility issues with legal systems (30 per cent); budget constraints (29 per cent); competing priorities (29 per cent); and certification requirements (29 per cent).

Additionally, only 22 per cent of Canadian organizations perceive they follow a standardized infosec framework very well, and 55 per cent of security alerts in Canada go uninvestigated.

“Last year’s evolution of malware demonstrates that our adversaries continue to learn,” said John N. Stewart, senior vice president and chief security and trust officer, Cisco. “We have to raise the bar now — top down leadership, business led, technology investments, and practice effective security — there is too much risk, and it is up to us to reduce it.”

Additionally, according to study respondents, more than half of all attacks resulted in financial damages of over $500,000 USD, including, but not limited to, lost revenue, customers, opportunities and out-of-pocket costs.

Furthermore, supply chain attacks are increasing in velocity and complexity. Two such attacks in 2017, Nyetya and Ccleaner, infected users by attacking trusted software. The report suggests defenders review third-party efficacy testing of security technologies to help reduce the risk of these attacks.   

The ACR also says security is becoming more complex as the scope of breaches expands. Defenders are implementing a mix of products from a cross-section of vendors to protect against breaches.

In 2017, 25 per cent of security professionals said they used products from 11 to 20 vendors, compared with 18 per cent in 2016. Security professionals also said 32 per cent of breaches affected over half of their systems, compared with 15 per cent in 2016.

However, 92 per cent of security professionals said behaviour analytics tools work well. Two-thirds of the health-care sector, followed by financial services, found it to work extremely well to identify malicious actors.

This year’s study also found that the use of the cloud is growing, but attackers are taking advantage of the lack of advanced security.

Compared to 20 per cent in 2016, 27 per cent of security professionals said they are using off-premises private clouds. Among them, 57 per cent said they host networks in the cloud because of better data security; 48 per cent because of scalability; and 46 per cent because of ease of use.

Finally, trends in malware volume have an impact on defenders’ time to detection (TTD). The Cisco median TTD of about 4.6 hours for the period from November 2016 to October 2017 is below the 39-hour median TTD reported in November 2016 and the 14-hour median reported in the 2017 ACR.