Crowdstrike: Machine Learning Can Stop Security Teams From ‘Drowning in Data’

Endpoint security firm Crowdstrike believes it’s time for businesses to focus on the new and more sophisticated types of cyber attacks being used by hackers, rather than the more traditional forms of malware.

Speaking to Silicon, Crowdstrike’s CISO Jerry Dixon warned about the growth of “fileless malware” which is much harder to track through a corporate network and significantly limits the effectiveness of traditional antivirus software.

“We’re seeing [fileless malware] being a trend and we think it’s certainly going to continue throughout 2017,” he said.

“Not your business as usual malicious software that you might find on a malicious website, but things like Powershell and administrative tools being used to maintain persistence on systems to allow remote access by adversaries. It resides in memory, it doesn’t ever land on the hard drive.”

Detect and respond

Stopping these types of attacks comes down to using ‘next-generation’ technologies – such as artificial intelligence (AI) and machine learning – to power big data analytics in order to detect unusual activity.

“Machine learning is very instrumental in looking at system behaviour analytics as well as user behaviour analytics and saying ‘this is normal, this is not normal,” Dixon explained. “An example of what’s not normal might be Internet Explorer opening command.exe on a Windows machine, that’s not normal behaviour.”

Identifying these subtle actions gives businesses an added layer of visibility that simply isn’t possible with traditional security tools, as well as making security teams significantly more productive.

And, machine learning brings the added benefit of being able to sift through the huge amount of threat data that organisations are now collecting, the prevalence of which has skyrocketed in recent times.

“A large company is seeing maybe a billion security events a month,” Dixon said. “It’s humanely impossible to analyse all that data, it’s humanely impossible to, without automation or machine learning, take advantage of all these threat indicators. That’s where machine learning plays a key role, not only in preventing bad things from happening, but also increasing the visibility based on the amount of data you’re collecting.

“Security teams are drowning in data. We’re getting hammered with it and in order to be operationally efficient with the resources you have, you have to have machine learning and artificial intelligence to help out otherwise you’re going to miss something.”

The issue of ‘too much data’ is a common theme among CISOs, but advanced technologies enable them to make use of threat data in new ways and stop attacks as they are happening rather than responding after the fact.

The human effect

Dixon also touched on another issue that is now well established within the cyber security community, namely the notion of employees being the weakest link within an organisation’s defenses.

Investing in next-generation technologies may stop the more sophisticated attacks, but this is all in vain if an employee makes a mistake and gets caught by something like a phishing email.

“Unfortunately, it’s the easy stuff that gets companies, Whether it’s a cyber criminal or a nation state, phishing emails, social engineering, that’s where they always start,” said Dixon.

“You don’t need to use expensive, government developed exploits when you can do simple social engineering and use tools that you can download from the internet. If we didn’t have humans we wouldn’t have a problem.”

Of course, this is a tricky problem to solve. Short of destroying the internet and developing it again with security baked in from the outset so it is less open and more secure, there isn’t really a simple answer.

Increasing awareness and investing in training are both essential components of any security strategy, but its that added layer of visibility that machine learning brings which will really help to keep the bad guys at bay.

Security pro or security no? Try our quiz!