Cisco 2018 Annual Cybersecurity Report Reveals Security Leaders Rely On And Invest in Automation, Machine Learning and Artificial Intelligence To Defend Against Threats

The sophistication of malicious programs is increasing as adversaries begin to militarize cloud services and bypass detection through encryption, which is used as a tool to hide command and control activity. To reduce opponents' time to operate, security professionals said they will increasingly take advantage of and spend more on tools that use AI and machine learning, as reported in Cisco's 11th Annual Cybersecurity Report (ACR). 2018

While encryption is intended to improve security, the expanded volume of encrypted web traffic (50% as of October 2017), both legitimate and malicious, has created more challenges for defenders trying to identify and monitor potential threats. Cisco threat researchers observed a more than threefold increase in encrypted network communication used by inspected malware samples over a 12-month period.

The machine learning application can help improve the security defenses of the network and, over time, "learn" how to automatically detect unusual patterns in encrypted web traffic, the cloud and IoT environments. Some of the 3,600 information security officers (CISO) interviewed for the Cisco 2018 Security Capability Reference Study report stated that they were dependent and eager to add tools such as machine learning and artificial intelligence, but were frustrated by the amount of false positives they generate. While still in its infancy, machine learning and AI technologies will mature and learn what "normal" activity is in the network environments they are monitoring.

"The evolution of malware last year shows that our adversaries continue to learn," said John N. Stewart, Senior Vice President and Director of Security and Trust at Cisco. "Now we have to raise the bar, lead from top to bottom, conduct business, invest in technology and practice effective security, there is too much risk and it is up to us to reduce it."

Additional highlights of Cisco's 2018 Cybersecurity Annual Report

    The financial cost of the attacks is no longer a hypothetical number:

•         According to survey respondents, more than half of all attacks resulted in financial damages of more than US $ 500,000, including, among others, loss of income, customers, opportunities and out-of-pocket costs.

        
    Attacks on the supply chain increase in speed and complexity

•     These attacks can affect computers on a massive scale and can persist for months or even years. Advocates should be aware of the potential risk of using software or hardware from organizations that do not appear to have a responsible security stance.

•         Two of these attacks in 2017, Nyetya and Ccleaner, infected users by attacking trusted software.
•         Advocates should review third-party effectiveness testing of security technologies to help reduce the risk of attacks on the supply chain.

    Security is increasingly complex, the scope of infractions is expanding

•     Advocates are implementing a complex combination of products from a representative sample of providers to protect against infractions. This complexity and growth in infractions has many subsequent effects on the ability of an organization to defend itself against attacks, such as an increased risk of losses.

•         In 2017, 25 percent of security professionals said they used products from 11 to 20 providers, compared with 18 percent of security professionals in 2016.

•         Security professionals said that 32 percent of infractions affected more than half of their systems, compared to 15 percent in 2016.

•     Security professionals see value in behavioral analysis tools in locating malicious actors in networks

•         92 percent of security professionals said that behavioral analysis tools work well. Two thirds of the health sector, followed by financial services, found that behavioral analysis worked extremely well to identify malicious actors.

        
    The use of the cloud is growing; attackers taking advantage of the lack of advanced security

•         In this year's study, 27 percent of security professionals said they are using private clouds outside the establishment, compared with 20 percent in 2016

•         Among them, 57 percent said they host networks in the cloud because of better data security; 48 percent, due to scalability; and 46 percent, due to the ease of use.

•         While the cloud offers better data security, attackers take advantage of the fact that security teams have difficulty defending against the evolution and expansion of cloud environments. The combination of best practices, advanced security technologies such as machine learning and first-line defense tools, such as cloud security platforms, can help protect this environment.

        
    Trends in the volume of malware have an impact on the time of detection of the defenders (TTD)

•         The average Cisco TTD of approximately 4.6 hours for the period from November 2016 to October 2017, well below the average TTD of 39 hours reported in November 2015, and the median of 14 hours reported in the Cybersecurity Annual Report of Cisco 2017 for the period November 2015 to October 2016.

•         The use of cloud-based security technology has been a key factor in helping Cisco to drive and maintain its average TTD at a low level. A faster TTD helps defenders move earlier to resolve infractions.

Additional recommendations for defenders:

•     Confirm that you adhere to corporate policies and practices for the patching of applications, systems and devices.

•     Access accurate and timely threat intelligence data and processes that allow that data to be incorporated into security monitoring.

    Perform deeper and more advanced analyzes.

•     Back up data frequently and test restoration procedures, processes that are critical in a world of network-based ransomware worms and fast mobiles and destructive cyber weapons.

    Conduct a microservice security scan, cloud service and application management systems.

About the report:

The Cisco 2018 Annual Cybersecurity Report, now in its eleventh year, highlights the findings and insights derived from threat intelligence and cybersecurity trends observed over the past 12-18 months from threat investigations and six partners technologies: Anomali, Lumeta, Qualys, Radware, SAINT, and TrapX. In addition, the report includes the results of the annual Benchmark Study (SCBS), which this year surveyed 3,600 heads of security (CSO) and security operations (SecOps) managers from 26 countries on the state of cybersecurity in their organizations .

About Cisco

Cisco (NASDAQ: CSCO) is the global technology leader that has made the Internet work since 1984. Our people, our products and our partners help society connect securely and take advantage of tomorrow's digital opportunity today. Find out more at newsroom.cisco.com and follow us on Twitter at @Cisco.

Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and / or its affiliates in the United States. UU And in other countries. A list of Cisco's trademarks can be found at www.cisco.com/go/trademarks. The third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply an association relationship between Cisco and any other company.