Cybersecurity has tapped into the power of machines for the extra edge against cybercriminals today.

Designated as machine learning, this technology gives systems the capability to identify new cyberattack patterns and adapt to new circumstances.

Brain

Machine learning gives cybersecurity systems the capability to identify new cyberattack patterns.

For cybersecurity professionals, this is an immense relief. With the amount of data created by organisations and flowing through networks today, machine learning allows cybersecurity staff to keep up and spot potential threats which might otherwise slip through unnoticed.

At this juncture, it is important to distinguish machine learning from artificial intelligence (AI).

Several cybersecurity solutions in the market have stated that they harness the power of AI to fight threats. However, they do not fully satisfy the criteria of the Turing Test, which states that a system needs to process natural language, have automated reasoning and perform machine learning to qualify as AI.

Currently, many available solutions only use pre-execution machine learning, which means that they only analyse a file before it is run.

This limits their effectiveness, as many files only reveal their malicious code when they are executed.

Raising the bar for threat intelligence

Hence, the standard of machine learning must be raised to match the growing sophistication of cyber attacks.

Threats today have a greater impact than in the past. Earlier this year, Singapore saw close to 550 ransomware-related attacks per day.

In March 2016, two hacker groups infiltrated the network of the Philippine Commission on Elections and extracted the personal information of 55 million voters.

These developments increase the burden laid on IT and cybersecurity teams.

Many conventional security measures are also not adequately designed to cope with the evolution of cyber attacks.

Hence, many threats are evading traditional detection and infecting IT infrastructures. Organisations also face a lack of visibility and control across endpoint security.

They fail to spot existing vulnerabilities in their networks and thereby open up themselves to threats.  

In response, we have taken machine learning up a notch to create a new cybersecurity weapon: high-fidelity machine learning.

High-fidelity machine learning uses finely tuned algorithms to analyse file characteristics both before execution and during runtime. This allows systems to study malicious files in greater detail to better anticipate future threats.

To reduce false positives, high-fidelity machine learning utilises noise cancellation techniques like census and whitelist checking.

These capabilities identify known data and applications so that detection technologies can divert precious IT resources into scanning for unknown threats.  

More than one technique

High-fidelity machine learning is only one important part of a bigger picture.

It has to work in conjunction with other security technologies for maximum security impact. High-fidelity machine learning can train up detection capabilities to empower endpoint security, email and collaboration security, web protection, and mobile security.

In addition to all-round security, this blended strategy takes a more intelligent, efficient approach by ensuring that only the right security techniques are used at the right time to respond to the appropriate threat.

Dhanya'

Mr Dhanya Thakkar: High-fidelity machine learning has to work in conjunction with other security technologies for maximum security impact.

This means that organisations will be able to build effective security into their infrastructure, without slowing down their IT services.

The blended approach also future-proofs security measures for the cybersecurity arms race.

At the moment, cybercriminals have not put their focus on evading high-fidelity machine learning.

However, the reality is that as it becomes more widely adopted, they will invest time and resources to come up with more innovative cyber attacks to avoid detection and deliver malicious payloads.

Possible future tactics include concealing malware with legitimate packing tools like UPX, using self-extracting archives and inserting malicious code into existing whitelisted applications.

That is why it is crucial to go beyond using a single protection technique.

By using a range of approaches, organisations stand a better chance of withstanding the next stage of evolution in cyber attacks.

High-fidelity machine learning can also complement threat intelligence capabilities.

Apart from sharing new threat insights with various security layers, it can operate together with threat experts and real-time updates from a global intelligence network, tapping into their wealth of cybersecurity experience and knowledge.

The collective insights of cybersecurity personnel and networks can be used to help filter out known data that has previously been identified, freeing up time and resources for high-fidelity machine learning to focus on unknown data.

Fighting high-powered threats with high-fidelity machine learning

New information gleaned from high-fidelity machine learning will improve the quality and speed of insights to enhance the information base of the threat intelligence network.

This creates a virtuous cycle of threat intelligence sharing that will improve detection capabilities and enhance the effectiveness of protection.

High-fidelity machine learning can up the ante for cybersecurity, bringing the fight back to cybercriminals in this uncertain economic and threat landscape.

With the capacity to understand threats proactively and intuitively, the technology will put organisations on better footing to counter the attacks of today and tomorrow.

Threats stop and wait for no one.

Which is why we been driving machine learning for over 10 years and will continue to refine this technology further to combat future threats.

 


This commentary was contributed by Mr Dhanya Thakkar, Managing Director & Vice President, Asia Pacific, Trend Micro. The views expressed are solely the contributor's own, and do not reflect any official position of GovTech.