In a past life I use to be part of a team that developed Video Games. Besides the storyboarding and coding that was part of the process, we also had to accommodate the idea that any user might try to ‘break’ the game in one way or another. We built in fail safes of all sorts to make sure that the game would always run as expected with a predicted outcome. Part of this process was to try and anticipate what type of nefarious action the player would make. This was slightly different than the logic of the actual game. The code for the game would only need to ‘react’ based only on valid moves and actions. Knowing all the valid moves, and having all the appropriate responses was an easy. Trying to predict something that was not planned for was not so easy. Machine Learning would have been a good direction to take to help resolve this problem.
Machine Learning
In the wake of the WannaCry ransomware pandemic over the past week, the concept and awareness of ‘Machine Learning’ has become more prevalent. You may ask what is Machine Learning? Machine Learning is a subset of Artificial Intelligence that uses a type of algorithm or algorithms to look at data, learn from it, and then act on it if need be. Actions and reactions do not necessarily have to be hard coded as the software could learn for itself in order to complete the task. This learning process can be useful in various ways. For threat detection & prevention it would seem to be a necessity.
On the infrastructure side, most companies only worry about the network traffic that occurs between the company and the internet. What about the network traffic that goes on within the Company? This could be network traffic within one building or between buildings. What if you could monitor this traffic and take a baseline of your network. You could see how it behaves on a day to day basis. Then with this information you can apply Machine Learning so that when something out of the ‘norm’ happens, you can be alerted. Once alerted, action can be taken either by the local network team, or others responsible for securing your environment. Products from companies like Darktrace and Vectra can provide this detection by using Machine Learning. Remember, it could take only one rogue device to cause havoc.
Endpoint Protect
From the endpoint side, most Antivirus products rely on signatures to detect software that is malware, or even legitimate software that has been infected. With the addition of Machine Learning, the time involved in detection and remediation can be greatly reduced. Products from companies like Fortinet and Cylance can help by leveraging Machine Learning on the endpoint side. These companies have had a big impact on protecting companies from the spread of WannaCry.
There will most likely be variants of WannaCry and other versions of Ransomware that will appear over the next couple of weeks. Networks & Systems need to be resilient enough to protect against these. While there is no full proof way to protect your environment from these attacks, the best way is to make sure your Systems and Infrastructures are up to date by applying the latest Vendor patches. Employ some type of protection that includes some Machine Learning strategies, and of course make sure that you have a valid backup and disaster recovery plan. While it may not be a game changer, it will surely give some piece of mind.
Need further experience and knowledge with Threat Detection & Prevention? With more than 40 years of service, CCSI has provided clients a rock solid foundation on which to secure their organization’s future. CCSI leverages technology to inspire innovation, promote growth, drive efficiency, and accelerate our clients’ success. Contact us today
For additional information about machine learning, download this free whitepaper: Using Machine Learning and Behavioral Analysis to Assist with Threat Detection.
Contact CCSI today for more information about ThreatDetect.
Author Bio: Steven Rainess is a Solutions Architect for CCSI. He has 25 plus years experience in the IT industry. For most of these years he has been a consultant as a Subject Matter Expert in Systems, and Networking area, as well as, some Project Management and Development work. His work has covered many verticals including Financial, Education, Broadcasting, and Software Development.
