Algorithms spot suspicious patterns in network traffic

Sunil Sharma
MD- Sales, India & SAARC, Sophos 

“The sudden onset of the pandemic forced businesses to very quickly set up working from home facilities/ services, with little time to plan out robust IT security infrastructures to protect these facilities. Additionally, the rise of remote working has also resulted in a decentralised workforce wherein employees are accessing data via their company’s network through multiple endpoints, making it difficult for businesses to manage so many identities. Adversaries are exploiting VPN and Remote Desktop Protocol vulnerabilities to gain access and move laterally to create more damage.

PATCH EARLY, PATCH OFTEN
We’ve won part of this battle already, because most businesses these days do install security patches, if not immediately, but regularly. But there are still many organizations out there that take their time about it, putting off updates for weeks or even months “in case something goes wrong”.

KNOW WHAT YOU’VE GOT 
Whether you call it an asset register, an IT inventory, or just a plain old list of computers and software you’re using, make an effort to know what’s on your network – even if you’re a small company where everyone works remotely from home. Cybercrooks go looking for old, unloved, unpatched computers, because they know that they could be easy stepping stones to bigger things.

SET UP A SECURITY HOTLINE 
Even the tiniest business can do this: make it easy for your users to report anything that doesn’t look right. You don’t need a dedicated phone number or a call centre – an easy-to-remember email address might be all you need.

REVISIT YOUR BACKUP STRATEGY 
As with patching, this is a battle that we’ve won in part: many companies do know that backups are important, and make at least some effort to keep secondary copies of vital data.

The use of machine learning, specifically deep neural networks, continues to be one of the most significant drivers of new technologies in security. Machine learning allows us to analyze and process massive amounts of data. Machine learning algorithms can be used to detect threats in executable and other files, such as user-generated documents. They are also useful for detecting malicious websites just by looking at the URI. An algorithm can be used to scan emails for simple spam and phishing campaigns, but also for more dangerous threats like thread-jacking and business email compromise attacks.  

But more than that, these algorithms can learn what normal looks like in an organization and spot suspicious patterns in network traffic, authentication, and user behavior. These types of security products act as an early warning system for organizations. It allows the security team to react to events as they are happening and well before any long-lasting damage can occur.”