As the scope for cyber breaches continues to expand with the increase in encrypted web traffic volume and supply chain attacks, security professionals in India will spend more on tools that use Artificial Intelligence (AI) and Machine Learning (ML) to fight malware attacks, said a Cisco report on Wednesday.
Applying these tools can help enhance network security defences and, over time, “learn” how to automatically detect unusual patterns in encrypted web traffic, Cloud and Internet of Things (IoT) environments. The “Cisco 2018 Annual Cybersecurity Report” showed that more than half of the organisations surveyed in India are reliant on automation, ML and AI.
“Attackers are exploiting undefended gaps in security, many caused by the expanding Internet of Things (IoT) and use of Cloud services. Defenders often pay scant attention to the security of these systems. Unpatched and unmonitored IoT devices present attackers with opportunities to infiltrate networks,” Vishak Raman, Director, Security Business, Cisco India & Saarc, told IANS.
“AI, ML and automation are increasingly desired and expected by CISOs (Chief Information Security Officers) and other security leaders, and they are investing in these technologies to mitigate attacks,” Raman added. According to the report, 30 percent of security professionals said they used products from 25-50 vendors in 2017.
Raman said that the use of products from multiple vendors can make security complex in case of supply chain attacks, making AI-based tools that can quickly detect breaches a promising weapon in finding vulnerabilities and thwarting future threats.
The report showed that while encryption is meant to enhance security, the expanded volume of encrypted global web traffic (50 percent as of October 2017) — both legitimate and malicious — has created more challenges for defenders trying to identify and monitor potential threats. Threat researchers at Cisco observed more than a threefold increase in encrypted network communications used by inspected malware samples over a 12-month period globally.
“Adversaries are becoming more adept at evasion by weaponising Cloud services and other technology used for legitimate purposes. Threat actors are using tools like encryption and legitimate web services such as Google and GitHub to conceal their malicious activity,” Raman said, adding that malware is now reaching unprecedented levels of sophistication and impact.
While still in its infancy, ML and AI technologies over time will mature and learn what is “normal” activity in the network environments they are monitoring, the report said. “Last year’s evolution of malware shows adversaries are becoming wiser at exploiting undefended gaps in security,” said John N. Stewart, Senior Vice President and Chief Security and Trust Officer, Cisco.
“Like never before, defenders need to make strategic security improvements, technology investments and incorporate best practices to reduce exposure to emerging risks,” Stewart added. The Cisco report highlighted the findings and insights derived from threat intelligence and cybersecurity trends observed over the past 12-18 months from threat researches and six technology partners — Anomali, Lumeta, Qualys, Radware, SAINT and TrapX.
Also included in the report are the results of the 2018 Security Capabilities Benchmark Study which surveyed 3,600 CISOs and security operations (SecOps) managers from 26 countries including India about the state of cybersecurity in their organisations.