What’s Next in Cyberattack Prediction?
There’s a lot of buzz these days about cyberattack prediction. The U.S. federal government is keen to develop technologies that will not just detect but accurately predict cyberthreats. But they aren’t alone. The commercial sector is also ramping up their interest in cyberattack prediction.
Although it may seem like cyberattack prediction is only a dream, recent advances have made the capability quite feasible. Yes, we have a long way to go before it will become mainstream, but a number of rapidly advancing technologies have been put it within reach.
Cyberattack prediction requires lots of data. But in the last few years, inexpensive storage and processing technologies have transformed our ability to capture, store, and process enormous amounts of data. Not long ago, the concept of “big data” was hard to understand. Today, our unprecedented sharing technologies essentially make all data “big data”.
Not only can we capture, store and process data like never before, we also have more data than ever before. Among other things, social media and smartphones have revolutionized our ability to create data. According to IDC, the data we create and copy annually will reach 44 zettabytes by 2020. That’s 44 trillion gigabytes.
Finally, to help make cyberattack prediction a reality, machine learning has really come to the forefront. One only has to consider the astonishing progress of autonomous vehicles to witness the growth of machine learning.
All of these advancements have happened during the last five years, and have also enabled cyberattack prediction to experience rapid growth. Lastline founders Christopher Kruegel and Giovanni Vigna, along with several colleagues, developed a history-based attack prediction prototype platform with a 94% accuracy rate. Other leading scientists and organizations have also developed promising models of attack-prediction. More money and research is aimed at cyberattack prediction than ever before.
Although cyberattack prediction has made a lot of progress, much remains to be done. While we already have the fundamental attack-prediction technologies in place, we need to see more maturity in some areas. What do we need to see next?
- Global Information Sharing. The more data the better (as long as it’s good data). A specific organization can capture and analyze its own data, but for many, that won’t be enough. It’s imperative that cyberattack data from across the globe be shared on a larger scale.
- Integration of social data. While enterprise network data like logs and alerts are critical, so is non-enterprise data from social networks, traditional media reports, and other unclassified sources. Cyberattack prediction systems need to do a better job at integrating and analyzing this external data.
- Network environment matching. Attack methods and sequences vary dramatically from one network environment to another. The machine learning algorithms are highly dependent on the organization’s specific network infrastructure. However, global threat intelligence doesn’t always include network configuration information. The machine learning algorithms are improving to overcome this challenge, but we aren’t there quite yet.
- Adoption. Adoption has been slow, for obvious reasons. However, like most new technologies, maturity only comes with actual, real-world experience. Fortunately, we are starting to see early adopters that are willing to pay the price to bring this cyber-attack prediction to the forefront.
It’s always interesting to watch new, revolutionary technologies emerge, and that’s certainly the case with cyberattack prediction. Yes, we have much to do before this becomes feasible or even possible for most organizations. But I’m optimistic that it will happen sooner than most people believe.