Get fresh updates from Hortonworks by email

Once a month, receive latest insights, trends, analytics information and knowledge of Big Data.

cta

Get Started

cloud

Ready to Get Started?

Download sandbox

How can we help you?

closeClose button
prev slide
As Threats Multiply, AI Holds Promise for Cyber Defenses
September 15, 2017

Data-Protection Efforts Must Prepare for Destruction-of-Service Attacks

Organizations already have plenty to worry about in terms of data protection, but a new type of cyberattack could prove much more damaging and harder to remediate. A destruction of service (DeOS) attack has the potential to destroy the data backups and safety nets organizations rely on to restore their systems and data following an attack, according to Cisco.

DeOS attacks are a more dangerous version of distributed denial of service (DDoS), which employs botnets to overload the target organization’s servers with traffic until they can no longer handle the extra load. DDoS attacks last hours or days, after which a company can resume normal operations. But DeOS ups the ante by actually eliminating backup data, making data protection that much more challenging.

This is one of the many new security risks that are emerging with the Internet of Things (IoT). The IoT increases attack surfaces with the potential to turn appliances, medical devices, and a near-infinite number of connected objects into botnets that deliver cyberattacks. Hackers typically exploit vulnerabilities in computers and other connected devices to carry out an attack. “The IoT is a bold new frontier for attackers and defenders in their arms race,” Cisco said in its 2017 Midyear Security Report.

The Case for an Automated Response

Data protection won’t be easy against DeOS. Organizations will have to rely on automation and orchestration to prepare a response. With DDoS, organizations can take a number of steps to stop an assault, including building resilience and redundancy into their network architecture and creating diverse paths into data centers. Organizations also can take advantage of services from network providers that detect when an attack is under way, divert traffic, separate good traffic from bad, and mitigate the attack.

To respond to DeOS attacks, it will be crucial to quickly detect malicious activity in real time and automate an immediate response, especially as IoT networks expand. Artificial intelligence (AI) will play a fundamental role here by employing machine-learning algorithms that detect anomalies and patterns that indicate an attack is under way.

Detection tools have to be integrated into mitigation systems to trigger an automated response that minimizes the impact of an assault. Let’s say a DeOS attack includes a ransomware component that starts to lock users out of their systems. An immediate, automated response would isolate the machine through which the ransomware penetrated the network. Further automated steps could include either completely rebuilding the machine or restoring the affected data from a backup.

Ransomware, of course, is usually accompanied by a demand for ransom, but paying doesn’t necessarily guarantee a restoration of services. In up to one-third of cases, cybercriminals take the money and run, so the best defense is to have reliable backups and an automated response.

A Single View of Data Protection

Effective defenses against ransomware and new types of cyberattacks include organizing all threat-related data into a single view. Security teams need to see and analyze the data so they can build behavior profiles and orchestrate automated responses. The response is key. There’s no point in running analytics if you can’t translate what you learn into action—and in the case of a cyberattack, that means mitigation.

When under attack, the challenge for an organization is to prevent the spread of infection. This is when functionality—such as network pattern analytics through machine learning—can play a big role in protecting systems. It uncovers unusual behavior, like when a machine performs tasks it isn’t supposed to. Once the behavior is identified, the machine can be automatically isolated for remediation.

This AI approach to cybersecurity is crucial to identifying previously undiscovered vulnerabilities by looking at anomalies and patterns that indicate the potential presence of malware. This information can then be organized, digested, and published in threat intelligence feeds to help other organizations defend themselves.

Without a single view, capturing, analyzing, and acting on data is an enormous challenge. If analysts have to manage multiple data sources, they’re bound to miss something—and that something could be the data point that would lead to the prevention of the next DeOS or other type of attack.

With a macro view of all threat data, security teams can keep a close eye on threats, monitoring the information and responses along the way and making adjustments as needed. A single view—married to AI—is critical to your data-protection strategies as cyberattacks become more frequent and dangerous.

To combat the new forms of cyberattacks, it’s time to consider the next generation of cybersecurity.

Leave a Reply

Your email address will not be published. Required fields are marked *