• September 29, 2015

Going Predictive in Enterprise Security

Attack, defensive response, attacker adaptation. Rinse, repeat. Up until now, cyber warfare drama has generally followed the same script. The result: Defenders face a cycle of mounting destructiveness.

As threats grow in sophistication and scale, potential damage grows along with them. While organizations deploy more sophisticated solutions, adversaries move rapidly to understand those solutions. They transition to less visible activity patterns using stealthier malicious content, striving to appear indistinguishable from normal traffic. What’s an enterprise to do?

Weaponizing Predictive Analytics

Two years ago, Visa deployed an advanced analytics engine with the capability to analyze as many as 500 aspects of a transaction simultaneously. Visa estimates the technology has identified $2 billion in potential incremental fraud annually. For example, the engine flags transactions of $200 or more that include prepaid cards. Such purchases were included in 85 percent of fraudulent transactions, the company discovered.

Predictive analytics tools such as the Visa engine are an emerging element of successful security strategies. They empower the enterprise to accurately detect, analyze, and respond to the rapidly evolving threat landscape. Yet most organizations don’t utilize predictive analytics tools in their security strategies. Just 8 percent of global firms had adopted these tools to safeguard networks and data by 2014, according to Gartner. The research firm projects that proportion will jump to 25 percent by 2016.

Over the last few years, attackers have adopted the “advanced persistent threat” strategy to strike networks. They invest time and resources researching targets, accumulating intelligence, and pursuing an arsenal of techniques to obtain trusted access. For example, when hackers breached Target Corporation networks in 2013, they gained entry with stolen credentials from a heating and ventilation contractor enlisted by the retailer. The threat is growing in effectiveness and relentlessness.

Anatomy of Predictive Security Strategies

Predictive security strategies are grounded in the development of an accurate picture of normal enterprise network activity. With this visualization, security teams can assess the standard behaviors of network components such as host servers and users. They can then create models to use as a basis to predict future activity. Modeling and predicting legitimate activity—as opposed to adversarial activity—is a more effective long-term strategy in countering emerging threats.

Why? When integrated with existing security measures, predictive analytics leverages greater accuracy and a heightened capability to discern unusual network activity. Advanced algorithms take in live traffic data from machines, applications, and individual digital footprints, and analyze multiple parameters. Machine learning systems digest and adapt based on what is observed, scanning for emerging dangers and evidence of actual or impending breaches. Anomalies such as unusually large data requests from a single source are flagged and reported. Security teams can then analyze the data and execute measures to improve controls, safeguards, and corrective measures.

As analytics tools evolve, they will include advanced predictive capabilities and automated controls that function in real time. But even the most advanced tools are ineffective unless security is embedded at the heart of enterprise culture and the business.

Like this story? Hear what Enterprise Security Services chief Art Wong has to say about thinking like a bad guy.