The cybersecurity industry is currently abuzz with talk of automation, principally the central role it will play in handling the mass of threats besieging organisations daily.
Automation might be a current trend, but this does not mean it is an entirely new phenomenon, as some organisations have been repelling attacks with machine learning for years.
One such company is internet security provider, SonicWall, and CBR spoke to the CEO of the company, Bill Conner, to gain insight on how it is taking on the threat landscape and keeping customers safe.
Mr Conner said: “We have focussed on how to use software to isolate segments in your network; our firewalls have been using machine learning for over ten years. A malware cocktail is the easiest way to think of it, these three different technical engines are looking at every file that is unknown, and it is going to block that file from going in until it can characterise it and give it a green light in real time, it is all automated.”
Machine learning is able to use this data to form an understanding of which components constitute which threats, creating a self-strengthening mechanism with which to comb out incoming attacks.
“Using machine learning, we are not looking at the whole file, we look at the ingredients that are called artefacts, and if you artefact things I am now breaking down a G&T into gin, tonic, whether there is a lime or not, and then over here is a Bloody Mary,” said the SonicWall CEO.
SonicWall operate with a colossal 18,000 partners, having gained 5,000 in the past year, truly embracing the safety in numbers and collaboration that is proving essential in this cybersecurity era. By taking the algorithmic cocktail approach, everything within the SonicWall network is protected.
“Think of it as this, if my arm hurts I’m going to look at it and touch it, that is one engine, and parallel I’m running an x-ray to see if there is a broken bone, and thirdly I am running an MRI to look at soft tissue. That is how I spot the ingredients, and if it blocks then I feed it right back to that deep learning algorithm, and now every other customer, whether they have seen it or not, they are protected.”
A key factor that has driven the need for these kind of defences is the fact that cybercrime has become organised crime. Attacks can be accessed pre-packaged and with customer service, completely changing the game.
Russian hackers allegedly steal NSA programs via Kaspersky vulnerability
Over HALF of business leaders unaware of data location
Yahoo hack revelation: ALL accounts affected in 2013 breach
“Now I do not have to be an expert in malware to go and pick up code, I can buy it 24/7, and they will guarantee it to get through something. They will keep mixing the cocktails until they find something that will work. You no longer have to be one of those geek kids, now it is organised crime, it is a business plan, and it is a highly lucrative business plan,” said Conner.
Conner believes the key to slashing the ever multiplying threat volumes is to be persistent in conducting joint operations to cripple the supply chain. Interestingly, Conner paralleled the cybersecurity situation with the current geopolitical environment, making the point that maximum strength is achieved in collaboration, rather than in isolation.
“As much as it is socially acceptable to be isolationist, Brexit, Trump for elected on protectionism, traditional politics right now are all about those barriers again, this is one where we have to be diligent and global in nature. The best defence is good offence; there are key players on the creation side that if we keep the focus on, it does disrupt the supply of new malware.”
While it seems to be clear that automation combined with collaboration is essential in the future of cybersecurity, the widening skills gap continues to place pressure on the industry. Keen to explore SonicWall’s approach to this problem, we put the question to the CEO.
“I spoke way back before it was cool in 2001, we have learned how to protect air, land and sea, the next threat is cyber. We have a million install based customers out there, 18,000 partners; I need to keep them educated on the line of what the new threat vectors are,” said Conner.
Cybersecurity education is currently of paramount importance, particularly in terms of data protection with the GDPR regulation on the horizon, now mere months away from going live. Bill Conner believes that preparation for this is essential, regardless of geographical location.
He said: “You will see us with a separate program on that, and how to deal with it. As big as it is here, you won’t hear about it on the American side, you to the other side of the pond and it is maybe one in ten awareness, but it is still global.”