UPDATED 12:00 EST / FEBRUARY 22 2018

EMERGING TECH

AI tech combats cyberattack, cryptojacking

The global median time from when a computing network is compromised to discovery stands at 99 days, according to the Mandiant M-Trends 2017 report from FireEye Inc. The problem is that attackers are gaining access to domain administrator credentials (the keys to the kingdom) approximately three days after entry, based on data collected in the report. Come often … stay longer … steal everything.

This problem is a serious enterprise concern, because once 72 hours are up, a lot of very bad things can happen, and it is why Vectra Networks Inc. has developed a different approach — using artificial intelligence — to look for attacker behavior, not payload.

“One of the things that people aren’t paying enough attention to is the fact that all the systems they have in place are looking for exploits. They’re looking for malware. And there’s a lot of attacks that actually don’t use malware,” said Mike Banic (pictured), vice president of marketing at Vectra. “The smart attackers now sit and lay low, they watch how your enterprise operates.”

Banic spoke with John Furrier (@furrier), host of theCUBE, SiliconANGLE Media’s mobile livestreaming studio in Palo Alto, California, to discuss Vectra’s use of AI technology to combat threats and how its tools can be used to defeat cryptojacking.

Using metadata to analyze behavior

Vectra’s solution is to focus on network metadata rather than deep packet inspection. Its tools look for behavioral patterns using AI to analyze log information and seemingly innocuous system events that could reveal the presence of an unwanted intruder.

“The attacker has to perform certain things,” Banic explained. “Anybody in information technology should care when an internal host is being controlled by an external host.”

One of the rising threats to network security involves cryptojacking, the practice of criminals to take over networked computers and run cryptocurrency mining operations. This is an especially troubling trend because Vectra analysts are seeing criminals suddenly pivot and sell an operating crypto mining botnet to the highest bidder, who then turns around and launches a direct attack.

“We’ve seen that scenario in enterprises and have been able to alert the team in real time so they can stop it,” Banic said. “It’s the AI that’s doing it; it’s not a human that has to take an action.”

Watch the complete video interview below, and be sure to check out more of SiliconANGLE’s and theCUBE’s CUBE Conversations.

Photo: SiliconANGLE

Since you’re here …

… We’d like to tell you about our mission and how you can help us fulfill it. SiliconANGLE Media Inc.’s business model is based on the intrinsic value of the content, not advertising. Unlike many online publications, we don’t have a paywall or run banner advertising, because we want to keep our journalism open, without influence or the need to chase traffic.The journalism, reporting and commentary on SiliconANGLE — along with live, unscripted video from our Silicon Valley studio and globe-trotting video teams at theCUBE — take a lot of hard work, time and money. Keeping the quality high requires the support of sponsors who are aligned with our vision of ad-free journalism content.

If you like the reporting, video interviews and other ad-free content here, please take a moment to check out a sample of the video content supported by our sponsors, tweet your support, and keep coming back to SiliconANGLE.

Cookies

We employ the use of cookies. Find out more.