A new report from CB Insights demonstrates that companies are proactively hunting for cyber threats. In order to do so, enterprises are harnessing the power of machine learning to locate and prevent hacks.
Cyber threat "hunting" gains momentum
"Reacting to cyber attacks is no longer enough," according to the Artificial Intelligence Trends 2019 report. Instead, cybersecurity teams are turning to advancements in machine learning to intentionally seek out malicious activity.
Breach Level Index, the global database of public data breaches, found that hackers compromised 4.5 billion data records worldwide in H1'18. Throughout the entirety of 2017, this figure was just 2.6 billion.
As a result, more companies are beginning to recognise the importance of innovative cyber-defence systems. Unlike other industrial applications of AI, however, cyber-defence is "a cat-and-mouse game between hackers and security personnel."
Constantly trying to keep ahead of one another is a particularly competitive game. In effect, this involves both parties leveraging new innovations in machine learning to advance their respective efforts.
The hunting process
Threat hunting entails seeking out malicious activity rather than reacting to alerts or a breach after it has happened. The process begins with a hypothesis on potential weaknesses in the network.
The team then uses manual and automated tools to test out the hypothesis in a "continuous, iterative process," the report states. Machine learning is an integral element of the process due to the "sheer volume of data in cybersecurity."
Although there is an emerging demand for threat hunters across various businesses, the title itself remains niche. As the report indicates, a search on LinkedIn for "threat hunters" reveals just 70+ job listings in the US from companies such as Microsoft, Dow Jones, and Verizon.
Hunting remains "new and poorly defined from a process and organisational standpoint," according to the IBM-sponsored SANS 2018 Hunting Survey. In fact, the survey revealed that the majority of "hunting" enterprises are either large or have been targeted in the past.
The survey also indicates that threat hunting is likely to gain further traction in the enterprise. Nevertheless, the process is still challenging as cybersecurity teams must negotiate an ever-changing, dynamic environment while reducing false positives.