Predictive Analytics: The Future Is Now

By on

Enhanced analytical capabilities will help organizations better understand how attacks will unfold, and how to stop them in their earliest stages. 

Prediction is as old as humankind, as we’ve search for clues to the future. Big data, computer models, and sophisticated algorithms have brought us much closer to accurately predicting things such as actuarial tables, inventory levels, and financial behavior. These tools help with pricing, manufacturing, and application approvals. Advanced analytics can also help security analysts understand the probable path of an attack and enable faster actions to contain or even stop it before it becomes a serious threat.

Security officers already bear some responsibility to predict threats, which affects budget, purchase, and staffing decisions. They use available information on today’s threats to prepare for tomorrow’s, on a broad scale. But how do you predict and respond to a single serious attack amid all of the day-to-day noise in a way that is actionable and sustainable?

Effective prediction requires a large amount of data from a range of activities, including normal behavior, historical events, and third-party intelligence. The bad news is that the sheer volume of security data we are collecting is already overloading the ability of human analysts to interpret. The good news is that this is exactly what predictive analytics needs to crunch through and present in an actionable format.

To use a simple example, you have data from a historical attack that used several IP addresses and domains. Those addresses are already flagged as malicious, but you investigate and find that there are another 200 domains with the same owners. Adding those domains to the watch list gives you an early warning that, if any of them is being accessed from your network, you are probably seeing the beginnings of a new attack.

This example is admittedly simple, and there are significant barriers to overcome before predictive security analytics becomes commonplace. The ability to distinguish between suspicious and malicious, to determine if someone has a weapon and is not merely loitering outside, requires more context about the data. Where did this information come from? How old is it? Why was it marked malicious? A threat intelligence exchange model can provide this much-needed context, sharing threat information in real-time among partners, other companies in the industry, security vendors, and government agencies.

Incomplete Alerts

Even with context, the alerts from predictive analytics are still going to be incomplete. They are not going to deliver the same certainty as matching a malware signature or known bad IP address. What they will do is provide enough probable cause for protective actions to start earlier, before you have all the details of the attack.

Is the market ready for these tools? Not quite. Most customers I meet with are so busy with collecting data for compliance and regulatory use cases that predictive analytics are an aspirational goal. But these organizations are slowly building the foundation needed for prediction by increasing integration and automation of their security forces. These foundational abilities include real-time hunting, prioritization, and scoping of security incidents seen in their environments. Blocking decisions are being made automatically, based on policies and increasingly detailed profiles of normal and abnormal behavior. And we continue to work with our industry partners to respond to rapidly changing and evolving attack patterns with tools that are smart, integrated, and adaptive.

Enhanced analytical capabilities will help those on the front lines better understand how attacks will unfold, and stop these strikes in their earliest stages.

Leave a Comment

Similar articles

2018 was a wild ride when it came to cybersecurity. While some hackers worked to source financial data, others garnered personal information to personalize cyberattacks. Some worked to get us to download malware in order to help them mine cryptocurrency or harness our devices to join their botnets. And the ways in which they exact ...
Read Blog
Rockstar Games’ Red Dead Redemption 2 has struck a popular chord with many online gamers. Unfortunately, the Western-themed action-adventure game has also become a popular vessel for malicious activity among cybercriminals as well. Scammers are tricking gamers into giving up their personal information with phony “free” downloads of the online game, while simultaneously making a ...
Read Blog
Pay-per-install, or PPI for short, is a type of software program that presents users with third-party offers while they are in the middle of another download. If a user clicks on the third-party advertisement, the software developer earns money from the download. One specific PPI program has caught the attention of our McAfee ATR team, ...
Read Blog