Page 20 - Cyber Warnings
P. 20
DIGITAL RESILIENCE IN AN UNCERTAIN ERA: Millennial insights
by Corey Wilburn, Security Practice Manager, DataEndure
Building digital resilience so that your critical information assets are protected and available to
the right people, at the right time, is imperative. In tackling this challenge, it is important to take
a holistic approach to architecting and developing a data management and protection strategy
designed to simplify your enterprise environments and support your business strategy.
This year has given me some unique perspectives about where security is, where it is headed
and how we can get to where we need to be:
I. Signature and hash based comparative analysis used for attack detection will decline.
Machine learning and AI-assisted systems will surpass the effectiveness of these legacy
methods.
Signature based detection systems, specifically those focused on endpoint protection,
come with some flaws. They operate on the core idea that we must know what a bad
thing is before we can detect and block the bad thing. This concept worked well when
there were few bad things we had to worry about, but times have changed, and this
model no longer suits our needs.
Maintaining an ever expanding list of known bad things resulted in an ever increasing
storage footprint on endpoints which is a poor use of often limited resources on these
machines. Endpoint systems that rely on signature-based detection also need to receive
daily updates to their signature lists which soak up crucial network bandwidth.
While the update may seem small when looking at a single host, multiply that by tens of
thousands of hosts in a global deployment scenario and the numbers get large quickly.
I can list a few more brow furrowing flaws with this protection method, but I think you get
the gist. The long-term scalability of this model has been a concern of mine for some
time, but we are moving beyond it.
Machine learning and AI-assisted detection methods are spring-boarding to the forefront
of the conversation. The surge in all these different bad things on the wire is a result of it
being incredibly easy for an attacker to take an already discovered bad thing and change
it ever so slightly such that it is now a “new” bad thing, therefore slipping by signature-
based detection.
When we look at how these variants behave, we find common patterns in tactics and
procedures once they explode on an endpoint. They will write registry entries, attempt to
delete shadow volume snapshots, or take other actions that would otherwise signify that
an attack is underway.
20 Cyber Warnings E-Magazine February 2017 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
