Businesses need to rethink their approach to network monitoring in 2020, writes Ivan Blesa, Head of Product, at the forensic anomaly detection company Noble.
It’s no secret that businesses in all industries are constantly having to defend themselves against increasingly sophisticated and targeted cyber-attacks. According to one report, UK businesses faced a cyber-attack every 50 seconds in the second quarter of 2019, while another found that at least 7.2 billion malware and 151.9 million ransomware attacks were reported in the first half of 2019.
Just when businesses think they have their cyber-security under control, hackers introduce new techniques to exploit specific and potentially undiscovered vulnerabilities. And, as many high-profile businesses know all too well, the financial impact of these attacks is now higher than ever. For example, it is estimated that 60% of small businesses go out of business within six months of a breach, highlighting the devastating financial ramifications that can occur. Then there’s the reputational damage of suffering a cyber-attack, which can stick with a company for several years.
If all that wasn’t bad enough, the exponential growth of the Internet of Things (IoT) is making cyber-security seem like an impossible task. IoT connectivity has vastly increased the number of network entry points for hackers to exploit, with each device also adding to the overall network traffic and bombarding security teams with a huge amount of threat data to analyse.
The combination of these factors is forcing CIOs, CISOs and other security professionals to change their attitude towards cyber-security. Security analysts are simply unable to cope with the modern threat landscape, resulting in attacks slipping through the net. So, what can we do to modernise network monitoring for 2020 and beyond?
What’s wrong with traditional network security?
What has become abundantly clear is that traditional network security methods relying on legacy, rule-based machine learning methods to detect possible attacks are falling short. These outdated approaches involve feeding algorithms as many samples of malicious data as possible in order to build up a picture of what’s bad and flag future occurrences accordingly. But this is longer appropriate for two key reasons. First, these network monitoring systems are inherently biased. Because they detect malicious activity by being fed samples, they are unable to identify threats outside of what they’ve been taught, thereby impeding an organisation’s ability to detect activity that hasn’t been seen before. With new threats appearing at an alarming rate, dealing with the unknown is essential in today’s ever-changing cyber-security landscape. Rather than being proactive, relying on legacy systems forces businesses to take a reactive approach to cyber-security, where they only learn of an unknown threat after the damage has been done. The second problem is that traditional systems can also trigger a high proportion of false positives when attempting to identify behaviours they believe to be malicious. Certain behaviours can occur as part of normal business activity, with these false positives placing additional strain on security analysts who have to spend time investigating each suspicious incident to determine whether or not the threat is genuine.
Irrespective of the industry they operate in, enterprises have to re-think their approach to network security if they want to stay ahead of cyber-criminals in 2020. So, how can they move away from biased, legacy systems that aren’t fit for today’s threat landscape? One solution is to focus on searching for the abnormal, as opposed to the known bad. For example, deep learning-powered unsupervised algorithms are able to continuously analyse an organisation’s regular behaviour to build up an accurate picture of what’s normal. By having a baseline understanding of ‘normal’ activity, the algorithms can then accurately detect what’s abnormal, as well as hidden activities lying between what could otherwise be perceived as normal traffic.
By crafting the detection specifically for each individual company, the bias that’s associated with legacy systems is eliminated, false positives are reduced, and organisations are able to detect previously unseen threats before any damage is caused. That’s why such systems are increasingly being seen as the next generation of network monitoring. But that’s not all. Deep learning algorithms are able to sift through millions of pieces of data simultaneously, in real-time, performing a level of analysis that is simply impossible for traditional machine learning or humans alone. Not only does this boost an organisation’s overall efficiency and security, it also empowers analysts to focus on the most rewarding part of their job: the investigation and detection of genuine, complex malicious activities.
Ultimately, enterprises can’t afford to ignore the fact that focusing on searching for the known bad isn’t an appropriate modern cyber-security strategy. Instead they have to search for the abnormal, which will provide the protection they need against unknown threats. Cyber-criminals hiding within the network will be exposed, and security analysts will be freed up to focus on tackling genuine threats. As we move into 2020, businesses have no choice but to embrace a new approach to network monitoring if they want to gain the upper hand in the battle against cyber-criminals.
