Malware sophistication is increasing as adversaries begin to weaponize cloud services and evade detection through encryption, used as a tool to conceal command-and-control activity. To reduce adversaries’ time to operate, security professionals said they will increasingly leverage and spend more on tools that use AI and machine learning, reported in the 11th Cisco 2018 Annual Cybersecurity Report (ACR).
While encryption is meant to enhance security, the expanded volume of encrypted global web traffic (50 percent as of October 2017) — both legitimate and malicious — has created more challenges for defenders trying to identify and monitor potential threats. Cisco threat researchers observed more than a threefold increase in encrypted network communication used by inspected malware samples over a 12-month period globally.
Applying machine learning can help enhance network security defenses and, over time, “learn” how to automatically detect unusual patterns in encrypted web traffic, cloud, and IoT environments. Some of the 3,600 chief information security officers (CISOs) interviewed globally for the Cisco 2018 Security Capabilities Benchmark Study report, stated they were reliant and eager to add tools like machine learning and AI, but were frustrated by the number of false positives such systems generate. While still in its infancy, machine learning and AI technologies over time will mature and learn what is “normal” activity in the network environments they are monitoring.
“In today’s zero perimeter world, where data is everywhere, defenders need to relook at cybersecurity from strategic point of view. It is important that security adopts new tools like Artificial Intelligence, Machine learning and incorporate best strategies to mitigate risks,” said Vishak Raman, Director, Security Sales, Cisco India & SAARC.
“Last year’s evolution of malware shows adversaries are becoming wiser at exploiting undefended gaps in security,” said John N. Stewart, Senior Vice President and Chief Security and Trust Officer, Cisco. “Like never before, defenders need to make strategic security improvements, technology investments, and incorporate best practices to reduce exposure to emerging risks.”