Businesses today continue to be bombarded by an increasing number of cyberthreats, as hackers become adept at identifying and exploiting vulnerabilities in security systems. A survey by the World Economic Forum ranked data theft and large-scale cyberattacks 4th and 5th in a list of the biggest risks facing our world. With cybercrime regularly hitting the headlines, regulators are implementing new security guidelines and costly fines for violations. Adding to the pressure are consumers who are increasingly prepared to abandon business with a company if they’ve been hit by a data breach. Businesses can’t afford to turn a blind eye to cybersecurity, which has now become a top priority for enterprises.
Attack vs defence: where things stand
The growth of IoT over the last decade has meant that thousands, if not millions, of devices are now contributing to network traffic, and all are potential entry points for attackers. With Gartner predicting that there will be 20.4 billion connected devices by 2020, the potential for unprecedented exposure is only going to continue. Furthermore, the more devices on a network, the more data security analysts have to wade through, making identifying potential threats harder than ever – especially when reports suggest that UK businesses faced a cyberattack every 50 seconds in the second quarter of 2019. While we’re seeing increased awareness around the threat IoT devices can pose, worryingly, cyberattacks on IoT devices have already increased by 300 per cent in 2019.
Compounding the vulnerabilities IoT devices can bring to networks is the nature of cybercriminals, who are constantly evolving their attacks which are becoming increasingly targeted and sophisticated. Furthermore, they’re also collaborating in marketplace environments, sharing tips and advice on how to launch attacks that will cause the most damage.
Most enterprises still rely on traditional approaches to network security to defend against threats. This approach relies on feeding historical data – i.e anomalous activity that was suspicious or malicious - into a learning algorithm so the system knows what to look out for in the future. This enables the system to flag suspicious activity that corresponds to historical data to security teams, and prevent such attacks slipping through the net.
However, this approach is no longer adequate in today’s evolving threat landscape, because it hinders an organisation’s ability to investigate activity that hasn’t been seen before, causing them to miss new attacks. Furthermore, behaviour that is deemed “normal” or “good” within an organisation is constantly evolving, and businesses have to be able to adapt in real time. This legacy approach to network monitoring also places additional stress and burden on security analysts, who don’t have the capacity to sift through the vast amounts of data collected by businesses and identify threats. It’s no surprise that 56 per cent of senior executives think their cybersecurity analysts are overwhelmed by the sheer volume of data points they need to analyse to detect and prevent threats.
The result? Businesses that can’t identify new and sophisticated attacks, and attackers who are spending an average of 6 months within a network. Clearly, when it comes to enterprise anomaly detection, a change is needed.
Advanced detection: Deep learning & network monitoring
Deep learning powered network monitoring represents a solution to the problem. Increasingly seen as the next generation technology in network monitoring, deep learning is driven by unsupervised algorithms that continuously analyse an organisation’s regular behaviour in order to identify abnormalities. The algorithm is instructed to survey its own infrastructure and proactively search out and unearth the unknown, rather than the known “bad”. This allows businesses to detect unseen threats and take a proactive approach to cybersecurity.
Another advantage of deep learning algorithms is that they have the capability to sift through millions of pieces of data simultaneously in near real-time. The ability to identify anomalous patterns in vast data sets means deep learning network monitoring can perform a level of analysis that’s impossible for humans alone to replicate.
Empowered by deep learning tools, analysts are able to focus on the most rewarding part of their job: the investigation and detection of complex malicious activities. By accelerating access to the information, teams can collaborate and focus on understanding the root cause and the total extent of campaigns against organisations. As a result, security teams’ efficiency is boosted, stress is reduced, cybersecurity analysts’ work is highly valued and the overall organisation security is strengthened.
Businesses can no longer rely on traditional network monitoring methods that provide an inherently binary view of cybersecurity that focuses on good vs. bad behaviour. The volume of data collected by businesses is growing exponentially, and at the same time, cyberthreats are becoming increasingly sophisticated. Add in the fact that cybersecurity teams are under increasing pressure to do more with less and it’s easy to see why enterprises have historically been on the back foot.
Ultimately, deep learning transforms network security from a passive system that is fed seen behaviour, to an active solution that can detect threats in real-time and uncover things not seen before.
Ivan Blesa, Head of Product, Noble