Page 48 - Cyber Warnings
P. 48
efficiently, by determining early in the data analysis that certain traffic matches known malicious
code or patterns, creating a deeper chance for analysis of events that do not trigger an IDS
alert. Secondly, this type of integration has the added benefit of identifying for the Machine
Intelligence tools what particular viruses/malware/trojans, etc., look like. This means that the
predictive analysis tools have more, and more accurate data upon which to build their analysis.
This data is also available much more quickly than if the solution was completely self-educating,
or assisted only by the security team.
This also applies to adding performance monitoring capability. A more informed and more
efficient Machine Intelligence solution exists because traffic data is integrated to help it spot
things like too many communication partners, services which haven’t been used before,
exceptional network application delays, changed MAC addresses, or new devices or services in
the network.
Integration also benefits the security team, because integrated IDS data increases efficiency.
Not only does the team spend less time training the system (see above) but it also means more
accurate results, resulting in less risk of alert fatigue. Alerts that actually matter are less likely to
be missed as a result of the process.
In summary, Machine Intelligence technology, despite what its detractors suggest, is here to
stay. Though all providers may not be using its full capabilities, its potential is too great, and its
benefits in terms of detection of advanced threats too tangible for it to be given up. But, it can be
improved.
An integrated approach; featuring several different types of input and analysis helps to
streamline Machine Intelligence data analysis, making it more effective and improves the
functionality of the integrated tools. This means more effective and more efficient network
security, and more family time for security analysts.
About The Author
Martin Korec, is the Head of Quality Assurance at GREYCORTEX, s.r.o. He is
brings six years of academic experience in data processing and information
security at Masaryk University, as well as two years of experience in
engineering security solutions and network security audits, both with
GREYCORTEX, and Czech company Trustport.
He has published articles in the security journal DSM. Martin can be reached online at
([email protected]) and at our company website http://www.greycortex.com/
48 Cyber Warnings E-Magazine – April 2017 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide