Machine learning (ML) and digital transformation (DX) go hand in glove.
We’ve mastered how to feed data into pattern-recognition algorithms. And as we accelerate the digitalization of everything, even more data is being generated.
Related: Defending networks with no perimeter
Machine learning already is deeply embedded in the online shopping, banking, entertainment and social media systems we’ve come to rely on. Meanwhile, criminal hacking groups increasingly leverage ML to pillage those very same online systems.
At RSA 2020, I was encouraged by strong evidence that the cybersecurity industry has now jumped fully on board the ML bandwagon. Juniper Networks, known for its high-performance routers, is in the vanguard of established technology and cybersecurity vendors applying ML and automation to defend company networks.
I had the chance to sit down with Laurence Pitt, Juniper’s global security strategy director. We had a lively discussion about the surge of fresh data about to hit as 5G interconnectedness gains traction — and how this will surely result in a spike in fresh vulnerabilities. For a full drill down please give the accompanying podcast a listen. A few key takeaways:
This is an exciting time in the world of network security, with the growth of 5G pushing industries into a world where virtually anything can be connected. The proliferation of connected devices means that anything with a vulnerability can become an attack vector for the network, however, and it requires massive resources to manage all these systems and identify possible threats.
Pitt believes that ML is the way forward. ML focuses on training machines to learn from data without being programmed explicitly. By contrast, artificial intelligence (AI), though more often cited than ML, is distinct from ML. AI is a more far-reaching concept that seeks to create intelligent machines that would simulate human thinking patterns.
“Too many people talk about artificial intelligence as being where we’re going with this,” contends Pitt. “Machine learning on the other hand, is an opportunity for us to train systems to be able to manipulate and leverage data in a learned way so that they can accurately and repeatedly do tasks that either we don’t have the time to do or we can’t do fast enough.”
Pitt maintains that machine learning needs to be trained to do things that are repeatable, so that once those frameworks are in place, it can be presented with more complex tasks. He believes there is a trust element, however. “The people who are using it have to believe that every time it gives an answer, it’s going to be the right answer.”
With companies like Amazon, for example, that kind of trust factor does not come into play because it is analyzing predictable factors like a customer’s preferred airline or choice of music. With the corporate networks of today, however, threat signals could come from anywhere.
Pitt compares it to the world of Harry Potter, where the stairs in the castle are moving around all the time. “Every time you walk into a room, everything’s moved around. You have to start learning it again.”
Analyzing encrypted traffic
One area where Juniper is differentiating itself is in the area of encrypted traffic analysis. Pitt points out that a big challenge for businesses today is that more than 80 percent of Internet traffic is encrypted. Google and others have launched a major push to encourage encryption via Hypertext Transfer Protocol Secure (HTTPS), and malicious actors have taken full advantage.
“Up to 30 percent of bad traffic is now encrypted traffic as well,” Pitt points out. “And so being able to understand whether something is good or bad is very, very important.”
Legacy firewalls and intrusion detection systems can’t tell whether encrypted traffic is malicious. And the deep attacks hacking groups execute, via this means, can grab sensitive data at a crucial point — when it leaves the network wire and gets decrypted on its way to a business application.
“Now that is a risk. There is an element that somebody could find a vulnerability on the system that would allow them to exfiltrate that information,” explains Pitt. In response, Juniper is leveraging its machine-learning threat cloud to study patterns in the metadata of known, legitimate encrypted traffic, and thus identify anomalous, potentially malicious, traffic with the performance penalties of having to decrypt data in transit.
The network detects threats faster as it learns patterns, and performance does not suffer because the system is simply sending a message stream to the cloud and then reporting back on that.
Eliminating white noise
Juniper’s encrypted traffic analysis solution features the cloud-connected Juniper SRX firewall as a security gateway, with Juniper’s routers acting as part of the security enforcement. Meaningful inspection is facilitated by detecting traffic patterns. Furthermore, a layered security approach helps to reduce and manage risk. Based on the Open System Interconnection (OSI) networking framework model, protocols are implemented in seven layers, so routers and switches won’t work until there are seven in the stack.
Bad traffic is detected and turned away before it gains entry. “The firewall is able to make more performance decisions because it’s not having to deal with white noise and chatter so much,” Pitt points out.
It’s good to see tech and cybersecurity vendors applying ML to the rich data streams crisscrossing networks, and finding smarter ways to automate detection of stealthy attacks. This is the only way to keep pace, as DX advances, and as cybercriminals continue to innovate. I’ll keep watch.
Last Watchdog’s Melanie Grano contributing.
Pulitzer Prize-winning business journalist Byron V. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be.
*** This is a Security Bloggers Network syndicated blog from The Last Watchdog authored by bacohido. Read the original post at: https://www.lastwatchdog.com/my-take-deploying-machine-learning-at-router-level-helps-companies-prepare-for-rise-of-5g/