Imagine knowing when attackers will come for your network.
To combat today’s complex cyberthreats, several agencies have launched initiatives, fueled by predictive analytics, that may soon be able to provide significant warning before an attack occurs.
“We haven’t gotten to the point where cognitive machines can take over security, but predictive analytics makes your security smarter,” says Alan Webber, research director at IDC. “This will likely reduce the number of false positives to give a better chance of detecting attacks.”
Agency security systems traditionally rely on signature-based monitoring to identify breach threats, but attackers’ methods are evolving.
Bad guys have figured out how to create new signatures for each attack, making it difficult to detect incidences as a new threat. Then, once inside the network, attackers linger. More than half of breaches go undetected for months, the 2016 Verizon Data Breach Investigations report states.
Predictive Analytics Gives Defenders an Edge
By taking advantage of historical data, modeling, and machine learning to forecast the probability of an incident, predictive analytics may hold particular promise for cyberattack protection.
Researchers in the Cyber-attack Automated Unconventional Sensor Environment (CAUSE) program, run by the Intelligence Advanced Research Projects Activity (IARPA), are spending more than three years developing new methods to help forecast attacks, including those in the planning stage.
One day the program may explore using sentiment analysis to see if social media trends correlate to attacks — or determine how world events encourage an adversary to act, says Robert Rahmer, CAUSE's program manager.
CAUSE aims to develop technology that will "automatically generate forecasts for future cyberattack events,” Rahmer says. “We’re moving toward looking at more predictive analytics — a pattern to understand what events may be happening or may be on the horizon.”
Similarly, the Department of Homeland Security’s EINSTEIN program analyzes netflow records, detects attacks using custom signatures, and allows internet providers to block suspected threats.
This information is then distributed via the agency's cyberthreat exchange.
The department also plans to produce dashboards with an in-depth view of an agency's environment to help leaders address their most critical risks, says Mark Kneidinger, director of federal network resilience at DHS.
“We’ve seen a culture shift within agencies to quickly mitigate risks,” he says. “Putting predictive analytics in place through dashboards provides an awareness of what’s going on — and of the criticality of their vulnerabilities.”