AI tech combats cyberattack, cryptojacking
The global median time from when a computing network is compromised to discovery stands at 99 days, according to the Mandiant M-Trends 2017 report from FireEye Inc. The problem is that attackers are gaining access to domain administrator credentials (the keys to the kingdom) approximately three days after entry, based on data collected in the report. Come often … stay longer … steal everything.
This problem is a serious enterprise concern, because once 72 hours are up, a lot of very bad things can happen, and it is why Vectra Networks Inc. has developed a different approach — using artificial intelligence — to look for attacker behavior, not payload.
“One of the things that people aren’t paying enough attention to is the fact that all the systems they have in place are looking for exploits. They’re looking for malware. And there’s a lot of attacks that actually don’t use malware,” said Mike Banic (pictured), vice president of marketing at Vectra. “The smart attackers now sit and lay low, they watch how your enterprise operates.”
Banic spoke with John Furrier (@furrier), host of theCUBE, SiliconANGLE Media’s mobile livestreaming studio in Palo Alto, California, to discuss Vectra’s use of AI technology to combat threats and how its tools can be used to defeat cryptojacking.
Using metadata to analyze behavior
Vectra’s solution is to focus on network metadata rather than deep packet inspection. Its tools look for behavioral patterns using AI to analyze log information and seemingly innocuous system events that could reveal the presence of an unwanted intruder.
“The attacker has to perform certain things,” Banic explained. “Anybody in information technology should care when an internal host is being controlled by an external host.”
One of the rising threats to network security involves cryptojacking, the practice of criminals to take over networked computers and run cryptocurrency mining operations. This is an especially troubling trend because Vectra analysts are seeing criminals suddenly pivot and sell an operating crypto mining botnet to the highest bidder, who then turns around and launches a direct attack.
“We’ve seen that scenario in enterprises and have been able to alert the team in real time so they can stop it,” Banic said. “It’s the AI that’s doing it; it’s not a human that has to take an action.”
Watch the complete video interview below, and be sure to check out more of SiliconANGLE’s and theCUBE’s CUBE Conversations.
A message from John Furrier, co-founder of SiliconANGLE:
Show your support for our mission by joining our Cube Club and Cube Event Community of experts. Join the community that includes Amazon Web Services and Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger and many more luminaries and experts.
We really want to hear from you, and we’re looking forward to seeing you at the event and in theCUBE Club.