"Every moment of the
day they’re getting hit insidiously with requests
for logins, and that’s just
the facts of it."

BUILDING YOUR THREAT INTELLIGENCE

jackSeptember 16, 2019

AKAMAI and CONNECT MEDIA recently hosted 10 of Australia’s premier hi-tech leaders for an executive conversation on mitigating the latest cyber-attack threats.

With new attack vendors being discovered almost daily, AKAMAI’sEnterprise Security Architect provided a first-hand account of the emergence of a new security paradigm. Next followed a robust discussion on how to effectively militate against dynamic and mutating attack patterns.

As one of the world’s largest procurers of bandwidth, AKAMAI delivers a formidable portion of the internet. With a hundred and twenty terabytes per second of traffic – and visibility over 15 to 30 percent of global web traffic – AKAMAI absorbs billions of attacks a day.

This data is manipulated by a team of data scientists to create actionable threat intelligence that is then embedded in their security portfolio. Conversation around the table was anchored in this veritable intelligence.

image
image
image
BOILING THE OCEANS

To begin, we detailed the forces provoking change across the entire security ecosystem. The attack surface is expanded dramatically, feeding on devices on The Internet of Things with characteristically archaic security controls. In this sprawling environment, mitigating attacks with legacy perimeter defence methods is no longer feasible.

We identified that relying on a conga line of point security solutions merely serves to create complexity, with each threshold presenting an attack surface the attacker can compromise. And with bots morphing to leverage machines with different IP addresses, IP addressing is no longer sufficient to block an attack. The new defence mantra is not if, but when, as best security practice shifts to protecting critical assets and stopping the attack earlier in the kill chain. A new security paradigm is emerging, one that recognises that infiltration is a constant state for large organisations.

And as an attendee aptly analogised:

“IF THE ATTACKER IS ALREADY INSIDE YOUR HOUSE, WOULD YOU CONTINUE TO GO AND LOCK THE DOORS AND CLOSE THE WINDOWS? OR WOULD YOU GO AND PROTECT YOUR FAMILY AND TRY TO GET THIS ATTACKER OUT OF YOUR HOUSE?”
MIMICKING THE HUMAN TOUCH

There was strong interest in the work AKAMAI is undertaking to trap bots mimicking the human touch. Akamai are leveraging artificial intelligence and machine learning to identify attacks at layer 8 – the human layer. By identifying human and machine characteristics, or neuromuscular actions – the movement of a gyro, accelerometers, patterns in key presses, straight line coordinates and human imperfection – AKAMAI is making real-time, intelligent decisions to protect against evolving bots.

“WE’RE LOOKING FOR HUMAN CHARACTERISTICS… IF YOU MOVE YOUR MOUSE OVER TO A SUBMIT BUTTON, SOMETIMES YOU JUST OVERSHOOT AND YOU MOVE BACK. WE’VE SEEN BOTS WHO TRY AND MIMIC ALL OF THIS INFORMATION AND THEY SEND STRAIGHT LINE COORDINATES.
EVEN IF YOU HAD A RULER ON YOUR TRACKPAD, AND YOU TRIED TO DRAW A STRAIGHT LINE WITH YOUR FINGER, IT’S IMPOSSIBLE. WE’RE LOOKING AT ALL THIS AND THEN MAKING INTELLIGENT DECISIONS ON THE FLY TO STOP BOTS.”

By deploying user behavioural analytics – including orientation and acceleration events – to project a pictorial view of a user’s session, AKAMAI can determine in real-time whether or not the user is legitimate. All this information is fed to an AI engine that is constantly learning human behaviour and being trained to detect new bots.

Conversation around the table then gravitated towards minimising the user impact of modern security controls. As one attendee surmised, ‘It’s all about user impact and how you provide the level of security without obstructing the experience.’

There was a strong consensus that relying on ReCAPTCHA as a default security measure severely hinders the user experience. By only turning to ReCAPTCHA after exhausting other avenues, enterprises can greatly reduce the impact on user experience on their website.

image
image
image
DATA INJECTION

In a security environment that is constantly mutating, the consensus was that it is impossible to implement a solution today and expect for it to work seamlessly in the future. You need a system that is constantly evolving to combat changing threats.

One such stage of this evolution is the concept of data injection. Enterprises can tamper with, and therefore render valueless, the data that is fed to malicious bots and nefarious competitors. As one attendee noted:

‘I WAS GOING TO SAY,  I REALLY LIKE  THE IDEA OF DATA INJECTION, SO YOU IDENTIFY THAT IT’S A ROBOT, BUT DEPENDING ON THE PARTICULAR ROBOT OR SCRAPER, YOU CAN ACTUALLY CHANGE YOUR BEHAVIOUR.’
‘CHANGES THE GAME, RIGHT? AS OPPOSED TO THEM TRYING TO WORK OUT OTHER WAYS TO GET INTO YOUR SITE, THEY ACTUALLY THINK THEY’VE SUCCEEDED. THAT, FOR ME, IS QUITE ATTRACTIVE.’

Importantly, this form of data injection also creates a legal vector for action – by manipulating injected data assets, an enterprise can clearly trace the mutation to competitors and attribute that the data was stolen.

ZERO TRUST

No model better captures the seismic change erupting across the security landscape than the concept of Zero Trust. Zero Trust represents a deep shift in mentality, one which reflects the swarming business case for bring your own device and that recognises that 50% or more of breaches originate inside an enterprise’s network.

Zero Trust shifts access controls from the corporate security permitter to individual devices and users, dissolving the trusted enterprise perimeter in favour of a ‘never trust; always verify’ approach. In James’ words, ‘VPNs are dead’ – and the delegation agrees.

image
image
image
SUSTAINED DIALOGUE

With cyber-security locked on a trajectory of moves and countermoves, the importance of engaging in continuous industry dialogue cannot be understated.

Leaders around Australia are realising that maintaining a technical knowledge of the changing trends, threats and solutions in the cyber security domain bears heavily on corporate and personal success.

AKAMAI and CONNECT MEDIA will be continuing this series of executive conversations across Australia, empowering leading organisations to stay in the fight – in whatever form it takes.