Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Network Security

Predictive Analytics: Using the Past to Create a More Secure Future

Palm reading, tarot cards, crystal balls, tea leaves. For thousands of years humans have tried to predict the future with various methods and little success. Today, the desire to predict the future remains strong but increasingly difficult to satisfy; the pace of change has accelerated exponentially and the notion of predicting the future is even more tenuous the further out in time we go.

Palm reading, tarot cards, crystal balls, tea leaves. For thousands of years humans have tried to predict the future with various methods and little success. Today, the desire to predict the future remains strong but increasingly difficult to satisfy; the pace of change has accelerated exponentially and the notion of predicting the future is even more tenuous the further out in time we go. But thanks to significant technological advances what we can do is use knowledge of the past and the present to drive a desired future outcome. That capability is extremely important for better security given today’s threat landscape and the vicious cycle defenders face.

It’s a scenario we’ve lived with since the first PCs were introduced: the security industry builds a specific response to a specific cybersecurity threat, and the attackers find a new way to avoid detection. Adversaries are proactively working to understand what type of security solutions are being deployed and shifting to less visible, less content-detectable patterns of behavior so their threats are well concealed. Now, there is less “low-hanging fruit” for security solutions and professionals to detect; instead, there is more cipher traffic, more scrambling, and more randomization by malicious actors to make command-and-control behaviors indistinguishable from real traffic.

Predictive AnalyticsThe lack of visibility organizations have into today’s “noisy” networks means pervasive threats have plenty of hiding places. However, predictive analytics is an emerging detection capability to cut through the noise. Predictive analytics doesn’t necessarily mean seeing an attack before it happens but, rather, helping security professionals find unknown malware wherever it may be hiding. Because predictive technologies are in their early days, gaining a baseline understanding of the foundations upon which they are being developed is a good first step when exploring this new area. The following key questions can help:

1. How is the knowledge derived? An approach that is grounded in knowing what “normal” business activity looks like can spot unusual behavior on a network—the symptoms of an infection—through behavioral analysis and anomaly detection. Through the use of predictive analytics, organizations can assess the behavior of entities (host servers and users) in their network. A model, derived from many smaller models and a concise representation of past behavior, is created and used to predict how entities should behave in the future. Ideally, data is correlated in the cloud to enhance the speed, agility, and depth of threat detection. If there is a discrepancy in expected behavior that is significant or sustained, it is flagged for investigation. Modeling and predicting legitimate activity, as opposed to trying to anticipate how malware will behave in the future, is more effective in the long term for protecting against new threats.

2. How is the knowledge presented? One challenge with predictive analytics is that the algorithms are complex and provide raw data that require a trained eye to interpret. For predictive analytics to be practical and usable, security professionals should look for solutions that automatically present and explain findings and recommend next steps in an easy-to-understand format. With these insights existing security teams, without the need for highly trained experts, can have the confidence they need to act upon the analysis and improve controls, protection, and remediation. In this era when the security industry is plagued by a dearth of skilled security professionals, tools that are automated and accessible are essential.

3. How is the knowledge used? Predictive analytics, when integrated with existing security techniques, can help to make defenses more accurate as well as more capable of detecting unknown or unusual behavior on the network. It involves advanced decision-making algorithms that analyze multiple parameters and take in live traffic data; machine learning capabilities allow the system to learn and adapt based on what it sees. Machine learning systems look for where dangers might be and for evidence of an incident that has taken place, is under way, or might be imminent. And although they do not necessarily handle security or policy enforcement, they can provide continuous intelligence to other systems, like content-based security solutions, perimeter management solutions, and policy management solutions, to find unexpected threats leading to the prioritization of controls, protection, and remediation. Policies and controls change in anticipation of a potential threat, reducing effort and improving efficiency.

To break the threat cycle we need technologies that have the visibility and intelligence to keep up with dynamically changing environments. Security professionals should begin to prepare for the emerging area of predictive analytics. By understanding the underpinnings of predictive technologies, we can make more informed decisions that will result in tools that can truly help increase resilience of our security solutions, scale controls over time, and create a more secure future.

Written By

Marc Solomon is Chief Marketing Officer at ThreatQuotient. He has a strong track record driving growth and building teams for fast growing security companies, resulting in several successful liquidity events. Prior to ThreatQuotient he served as VP of Security Marketing for Cisco following its $2.7 billion acquisition of Sourcefire. While at Sourcefire, Marc served as CMO and SVP of Products. He has also held leadership positions at Fiberlink MaaS360 (acquired by IBM), McAfee (acquired by Intel), Everdream (acquired by Dell), Deloitte Consulting and HP. Marc also serves as an Advisor to a number of technology companies, including Valtix.

Click to comment

Expert Insights

Related Content

Network Security

NSA publishes guidance to help system administrators identify and mitigate cyber risks associated with transitioning to IPv6.

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Cybersecurity Funding

Forward Networks, a company that provides network security and reliability solutions, has raised $50 million from several investors.

Network Security

Cisco patched a high-severity SQL injection vulnerability in Unified Communications Manager (CM) and Unified Communications Manager Session Management Edition (CM SME).

Cyberwarfare

Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...

Network Security

Vulnerabilities identified in TP-Link and NetComm router models could be exploited to achieve remote code execution (RCE).