Machine Learning Enlisted to Fight Ransomware
Everyone seemingly is complaining about the spread of ransomware, and now somebody is trying to do something about it using machine learning-based behavioral analytics techniques to track suspicious behavior on company networks.
As the scale of the ransomware threat grows, including ransom payments by hospitals and universities and growing fears that it will soon spread to other sectors, a Silicon Valley security intelligence firm has rolled out an approach for detecting ransomware via machine learning.
Exabeam, a specialist in user and “entity” behavior analytics based in San Mateo, Calif., unveiled its analytics approach to detecting ransomware attacks during a security conference this week. The early warning system is touted as being able to spot ransomware activity on corporate networks without relying on third-party security controls. The platform also can spot suspicious activity within cloud services, servers and, increasingly, personal devices connected to corporate and other enterprise IT infrastructure.
Moreover, network threats are seen as increasing as the Internet of Things becomes a reality. Hence, the ability to monitor machine behavior “becomes critical to IT security,” asserts Exabeam CEO Nir Polak.
Market watchers note that security applications for machine learning are just now emerging as threats like ransomware proliferate. Machine learning “is just coming to security now because IT doesn’t believe that technology can prevent everything, and desperately needs a way of catching an attack before a customer reports it,” concludes a survey on machine learning technology drivers released earlier this month by 451 Research.
“A lot of security incidents like ransomware, which encrypts your share file, are done by the time big data even starts analyzing,” the report added. “So the [machine learning] trick is turning a big data problem (profile creation) into a ‘little data’ problem (anomaly detection), to be able to react quicker.”
While hospitals have been the primary targets of ransomware attacks, primarily due to their ability to pay, attackers have recently moved to other targets such as universities. For example, the University of Calgary reportedly transferred 20,000 Canadian dollars in bitcoins after attackers encrypted university emails and other files.
Security companies warn that universities are prime targets for ransomware attacks given their openness, changing populations and the large number of personal devices hosted on university networks.
The problem is likely to get worse, with the BBC recently reporting that security researchers have identified more than 120 separate types of malicious software used in ransomware attacks. “Ransomware and crypto malware are rising at an alarming rate and show no signs of stopping,” the British broadcaster quoted Intel Corp.’s (NASDAQ: INTC) European technology chief as warning.
Hence, cyber security and so-called endpoint security specialists are turning to new tools like machine learning as a way to help overwhelmed IT staffs monitor network traffic. Machine learning proponents argue the technology can help spot ransomware before attackers penetrate IT infrastructure, encrypt mission-critical data and force more victims to pay up.