Black Hat Reveals Expanding Threat Landscape, Code Analytics Potential

By Scot Petersen  |  Posted 2015-08-10 Print this article Print
Black Hat IoT

There's also a genuine fear that the Internet has lost, or is quickly losing, it's "dream of freedom" in the name of locking it down, said Jennifer Granick, Director of Civil Liberties at the Stanford Center for Internet and Society in her keynote.

The cyber-industrial complex

What needs to happen is a re-examination of the security industry as a whole and the amount of investment businesses are prepared to make to get in front of security, not chasing it.

There are signs this is starting to happen, with a growing understanding of just what the industry is up against. Researchers are starting to follow the money to nation-states or other well-financed entities, and at Black Hat they discussed new advanced analytics and machine learning methods to trace code back to its sources and predict new iterations of exploits.

Cyber-attackers are no longer script kiddies, said Arun Lakhotia, of the Software Research Lab at the University of Louisiana at Lafayette, during a presentation. "They are following good coding practices," he said.

Cyber-attackers are professionals, producing complex, production-ready code. Yet the volume of exploits points to the fact that coders are also using standard tools and methods, such as code reuse and automation.

"Signatures are dead," as a reliable approach to anti-virus, said Matt Wolff, chief data scientist at Cylance. They "reinforce the need for smarter and more adaptive approaches to combating today's highly variant malware," he said.

Wolff and co-researcher Andrew Davis discussed how machine learning and pattern recognition can be used to classify code as either benign or malware and can do so at a greater scale than human analysis, which will help vendors and security administrations keep up with the variants.

Who or what is behind the millions of malware events per year is still pretty hazy. Researchers can piece together puzzles to get educated guesses, but stopping and prosecuting attackers is another thing. "Commercially written, offensive software from companies like FinFisher and Hacking Team has been sold to repressive regimes under the guise of 'governmental intrusion' software," wrote a team of researchers who presented a paper on nation-state malware.

The new analytics coupled with innovative threat detection and prevention technology from startups like Endgame, Prevoty and enSilo provide some hope. Enterprises have more and better tools to secure their data, and may yet be able to achieve a perpetual standoff with attackers. Anything more than that would exceed most reasonable expectations.

Scot Petersen is a technology analyst at Ziff Brothers Investments, a private investment firm. Prior to joining Ziff Brothers, Scot was the editorial director, Business Applications & Architecture, at TechTarget. Before that, he was the director, Editorial Operations, at Ziff Davis Enterprise, While at Ziff Davis Media, he was a writer and editor at eWEEK. No investment advice is offered in his blog. All duties are disclaimed. Scot works for a private investment firm, which may at any time invest in companies whose products are discussed in this blog, and no disclosure of securities transactions will be made.


Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel