As I have described before in previous blogs, trying to keep up with the Cyber attacker is much like a cat and mouse game. They are like the cat chasing us, the mouse (in reality, these are the individuals and businesses that are being attacked).
The Cyber attacker is always coming up with new ways to make their attacks stealthier, more cover, and of course much devastating. We are now seeing this with computers and servers being used for Cryptojacking, Internet of Things (IoT) attacks, and more lethal Distributed Denial of Service (DDoS) attacks.
But let us pause for one moment and just think how is it that the Cyber attacker can stay ahead of the knowledge base of an established Cyber security company? In other words, what makes them so different than the highly trained security professional?
I mean both parties have access to the same tools, technologies, etc. So how come we, the mouse, cannot avoid the cat? After all, we are much smaller and difficult to find! The answer to this question still dumbfounds all of us, and unfortunately we may never find it per se.
The only thing left that we could possible do is to actually get inside the mind of the Cyber attacker. It is with this in mind that Cisco Systems (of whom I have blogged about before), in their latest security report highly advised both Corporate America and US Government agencies to look into the use of what is known as “Behavioral Analytics” to help achieve this task.
It can be technically defined as: “Behavioral analytics . . . focus on finding out how and why people behave the way they do when using eCommerce platforms, social media sites, online games, and any other web application.
Behavioral analytics take business analytics’ broad focus and narrows it down, which allows one to take what seem to be unrelated data points and then extrapolate, determine errors, and predict future trends.” (SOURCE: https://www.techopedia.com/definition/30308/behavioral-analytics).
This is a branch of science that is actually heavily used in the market research industry in order to gauge and ascertain how customers will react to new products and services before they are launched to the mass market. The data that is gleaned from this is then used to determine the appropriate advertising and marketing strategies in order to get the best Return On Investment (ROI) on these launches.
The same thought process is also being used to help model the mind of the Cyber attacker. Maybe not their mind directly, but at least modelling the threats that have been launched and from there, trying to determine potential attack vectors. From here, this information and data is then relayed to the IT Security team of an organization to alert them what to look out for in the future.
This is where the role of Neural Networks, Artificial Intelligence, and Machine Learning come into play. These technologies are much more sophisticated than Behavioral Analytics, because in these instances, they are actually trying to actually mimic the thought process of the Cyber attacker.
This is all in an effort to create a wide ranging landscape of all of the potential Cyber threat vectors. But, these tools can also look for unusual nuances in the attack vectors that would be very difficult for the naked eye to actually capture and discern.
The use of these kinds of tools are especially useful when it comes to analyzing Web and Internet traffic patterns, and finding the most granular of unusual activities as possible. In their report, Cisco Systems highly advocated that all of the entities, especially at the government level, should adopt these tools ASAP.
According to an informal survey that was conducted, about 88% of government officials feel that they have a good grasp of these kinds of technologies, as well as the value proposition that they bring to the table.
The report also made mention of the fact that Corporate America needs to do much more to adopt the security policy frameworks that have been set forth by NIST and CJIS. According to the same survey, 59% of public utility companies that using such frameworks is quite effective, and 38% found them to be extremely useful.
My view on this is that while all these aforementioned tools have a very strong potential in combatting Cyber attacks, their main weakness is that they only make use of information and data captured at one certain point in time, namely when the Cyber attack has actually occurred. In other words, it is very difficult to use these tools to try to predict the mind set of the Cyber attacker as they plan future attacks.
Also, trying to make effective use of these tools to predict the future takes time, and money. Many small to medium sized businesses cannot afford them, but via the Cloud, they will become eventually hosted offerings, thus making it that much more affordable.
But hey, in the end, something is better than nothing. As mentioned before as well, it takes a combination of both technology and the quickness of the human mind to overcome Cyber based threats and attacks.
Or perhaps we should examine, how we the mouse of our small, quick and nimble can be used instead to our advantage before the Cyber attacker “takes down government networks . . . damage critical infrastructure and services, [and] crippling entire regions in the process”? Just some cheese for thought.
NOTE: Quote taken from https://www.scmagazine.com/advances-in-malware-the-increasing-use-of-encrypted-web-traffic-email-threats-and-sandbox-evasion-tactics-are-all-adding-to-the-threat-landscape/article/757931/.