Ransomware, encryption and machine learning – Three key takeaways from Infosecurity 2016
Last week was a long one. Vectra participated for the first time at Infosecurity Europe in London. Now that my feet have recovered from our very busy booth I thought I shared a few of the recurring themes I noticed at the show.
Ransomware. Definitely the threat de rigueur with vendors coming at the problem from various angles, including DNS management and client based solutions. Vectra was part of the buzz too, offering a network-centric approach with our newly announced ransomware file activity detection.When combined with command-and-control (C&C) and reconnaissance behaviour detections, we’re now able to alert on both precursor and file encryption network behaviours. Whilst ransomware attackers have started targeting the enterprise, it’s also easy for employees to bring in opportunistic, consumer-targeted threats like ransomware into the enterprise with them.
Our new ransomware detection capabilities came into play for one of our large healthcare customers the other week, when Vectra identified ransomware key encryption behaviour (C&C), network scans for file shares (reconnaissance) and the beginning of file encryption 52 minutes after the initial detection.
We’ve built our ransomware resource page to help you understand more about how to identify and rapidly respond to a ransomware outbreak.
Encryption. The growth of encrypted traffic, especially within the enterprise network, is going to have a large impact on security technologies that rely on deep packet inspection (DPI), whose efficacy will be severely degraded.
In his Information Security Exchange presentation, Vectra CSO Günter Ollmann explained how traditional security responses to handling encrypted traffic, such as man-in-the-middle decryption and inspection, will become impossible as we see an increase in certificate and public key pinning. Data leakage prevention (DLP) solutions, which rely on DPI, could be degraded by up to 95% whilst traditional signature-based IDS and IPS suffer a loss in functionality of up to 80%.
However, encrypted traffic does have some observable cadences. In combination with clear text headers, a network-based behavioural approach to threat detection like Vectra’s can be extremely effective. If you want to know more, read DPI goes blind as encryption adoption increases.
Machine learning, everywhere. A lot of vendors at Infosecurity touted machine learning as part of their latest and greatest offerings in for endpoints clients, cloud analytics and networks. Data science and machine learning are at the very heart of how Vectra detects threats but I saw some vendors espousing machine learning like it was some kind of theological choice.
At Vectra we’re less concerned about the technique, name or type of algorithms used in our detections. Instead, Vectra focuses on the efficiency in which it works. The Vectra approach to threat detection blends human intelligence with a broad set of data science and machine learning techniques.
This model, known as automated threat management, delivers a continuous cycle of threat intelligence based on cutting-edge research, global learning models, and local learning models. Read the white paper The data science behind Vectra threat detections to gain more insight about the diversity of machine learning in cybersecurity and how Vectra applies it.
But like any cybersecurity event, Infosecurity is ultimately about the opportunity to become educated, keeping abreast of emerging threats, new technologies and vendors, and of course good old human networking.
The Vectra team was pretty much flat out doing live demos, talking with security professionals about their challenges, and discussing how automated threat management could add value.
Finally, I was delighted that Vectra was recognised in SC Award 2016 Europe as highly commended in the new “Best Behaviour Analytics/Enterprise Threat Detection” category.
If you came to visit us at Infosecurity, thank you. We had a great show and hope you did too. We’ve already signed up for Infosecurity 2017 – see you at Olympia next June! Do you want to get in touch with us? Please sign up here.