Bay Street News

To Get In Front of Cyber Adversaries Fortinet Predicts Organizations Will Employ More Automation To Combat Threats

AI Fuzzing and Machine Learning Poisoning Will Uncover New Network and Software Vulnerabilities

SUNNYVALE, Calif., Nov. 15, 2018 (GLOBE NEWSWIRE) —

Derek Manky, Chief, Security Insights & Global Threat Alliances, Fortinet
“We are seeing significant advances in cybercriminal tools and services which leverage automation and the precursors of AI. Organizations need to rethink their strategy to better anticipate threats and to combat the economic motivations of cybercriminals forcing them back to the drawing board. Rather than engaging in a perpetual arms race, organizations need to embrace automation and AI to shrink the windows from intrusion-to-detection and from detection-to-containment. This can be achieved by integrating security elements into a cohesive security fabric that dynamically shares threat information for broad protection and visibility across every network segment from IoT to multi-clouds.”

News Summary:
Fortinet® (NASDAQ: FTNT), a global leader in broad, integrated, and automated cybersecurity solutions, today unveiled predictions from the FortiGuard Labs team about the threat landscape for 2019 and beyond. These predictions reveal methods and techniques that Fortinet researchers anticipate cybercriminals will employ in the near future, along with important strategy changes that will help organizations defend against these oncoming attacks. For a more detailed view of the predictions and key takeaways for CISOs, visit the blog. Highlights of the report follow:

Cyberattacks Will Become Smarter and More Sophisticated
For many criminal organizations, attack techniques are evaluated not only in terms of their effectiveness, but in the overhead required to develop, modify, and implement them. As a result, many of their attack strategies can be interrupted by addressing the economic model employed by cybercriminals. Strategic changes to people, processes, and technologies can force some cybercriminal organizations to rethink the financial value of targeting certain organizations. One way that organizations are doing this is by adopting new technologies and strategies such as machine learning and automation to take on tedious and time-consuming activities that normally require a high degree of human supervision and intervention. These newer defensive strategies are likely to impact cybercriminal strategies, causing them to shift attack methods and accelerate their own development efforts. In an effort to adapt to the increased use of machine learning and automation, we predict that the cybercriminal community is likely to adopt the following strategies, which the cybersecurity industry as a whole, will need to closely follow.

•   Artificial Intelligence Fuzzing (AIF) and Vulnerabilities: Fuzzing has traditionally been a sophisticated technique used in lab environments by professional threat researchers to discover vulnerabilities in hardware and software interfaces and applications. They do this by injecting invalid, unexpected, or semi-random data into an interface or program and then monitoring for events such as crashes, undocumented jumps to debug routines, failing code assertions, and potential memory leaks. Historically, this technique has been limited to a handful of highly skilled engineers working in lab environments. However, as machine learning models are applied to this process we predict that this technique will not only become more efficient and tailored, but available to a wider range of less technical individuals. As cybercriminals begin to leverage machine learning to develop automated fuzzing programs they will be able to accelerate the process of discovering zero-day vulnerabilities, which will lead to an increase in zero-day attacks targeting different programs and platforms.

•   Swarm-as-a-Service: Significant advances in sophisticated attacks powered by swarm-based intelligence technology is bringing us closer to a reality of swarm-based botnets known as hivenets. This emerging generation of threats will be used to create large swarms of intelligent bots that can operate collaboratively and autonomously. These swarm networks will not only raise the bar in terms of the technologies needed to defend organizations, but like zero-day mining, they will also have an impact on the underlying cybercriminal business model. Ultimately, as exploit technologies and attack methodologies evolve, their most significant impact will be on the business models employed by the cybercriminal community.

Currently, the criminal ecosystem is very people-driven. Some professional hackers for hire build custom exploits for a fee, and even new advances such as Ransomware-as-a-Service requires black hat engineers to stand up different resources, such as building and testing exploits and managing back-end C2 servers. But when delivering autonomous, self-learning Swarms-as-a-Service, the amount of direct interaction between a hacker-customer and a black hat entrepreneur will drop dramatically.   

•   Poisoning Machine Learning: Machine learning is one of the most promising tools in the defensive security toolkit. Security devices and systems can be trained to perform specific tasks autonomously, such as baselining behaviors, applying behavioral analytics to identify sophisticated threats, or tracking and patching devices. Unfortunately, this process can also be exploited by cyber adversaries. By targeting the machine learning process, cybercriminals will be able to train devices or systems to not apply patches or updates to a particular device, to ignore specific types of applications or behaviors, or to not log specific traffic to evade detection. This will have an important evolutionary impact on the future of machine learning and AI technology.

Defenses Will Become More Sophisticated
To counteract these developments, organizations will need to continue to raise the bar for cybercriminals. Each of the following defensive strategies will have an impact on cybercriminal organizations, forcing them to change tactics, modify attacks, and develop new ways to assess opportunities. The cost of launching their attacks will escalate, requiring criminal developers to either spend more resources for the same result, or find a more accessible network to exploit.

Speed, Integration, and Automation Are Critical Cybersecurity Fundamentals
There is no future defense strategy involving automation or machine learning without a means to collect, process, and act on threat information in an integrated manner to produce an intelligent response. To contend with the growing sophistication of threats, organizations must integrate all security elements into a security fabric to find and respond to threats at speed and scale. Advanced threat intelligence correlated and shared across all security elements needs to be automated to shrink the necessary windows of detection and to provide quick remediation. Integration of point products deployed across the distributed network, combined with strategic segmentation, will significantly help fight the increasingly intelligent and automated nature of attacks.

Additional Resources for More Reading:

About Fortinet
Fortinet (NASDAQ: FTNT) secures the largest enterprise, service provider, and government organizations around the world. Fortinet empowers its customers with intelligent, seamless protection across the expanding attack surface and the power to take on ever-increasing performance requirements of the borderless network – today and into the future. Only the Fortinet Security Fabric architecture can deliver security without compromise to address the most critical security challenges, whether in networked, application, cloud, or mobile environments. Fortinet ranks #1 in the most security appliances shipped worldwide and more than 375,000 customers trust Fortinet to protect their businesses. Learn more at http://www.fortinet.com, the Fortinet Blog, or FortiGuard Labs.    

FTNT-O

Copyright © 2018 Fortinet, Inc. All rights reserved. The symbols ® and ™ denote respectively federally registered trademarks and common law trademarks of Fortinet, Inc., its subsidiaries and affiliates. Fortinet’s trademarks include, but are not limited to, the following: Fortinet, FortiGate, FortiGuard, FortiCare, FortiManager, FortiAnalyzer, FortiOS, FortiADC, FortiAP, FortiAppMonitor, FortiASIC, FortiAuthenticator, FortiBridge, FortiCache, FortiCamera, FortiCASB, FortiClient, FortiCloud, FortiConnect, FortiController, FortiConverter, FortiDB, FortiDDoS, FortiExplorer, FortiExtender, FortiFone, FortiCarrier, FortiHypervisor, FortiIsolator, FortiMail, FortiMonitor, FortiNAC, FortiPlanner, FortiPortal, FortiPresence , FortiProxy, FortiRecorder, FortiSandbox, FortiSIEM, FortiSwitch, FortiTester, FortiToken, FortiVoice, FortiWAN, FortiWeb, FortiWiFi, FortiWLC, FortiWLCOS and FortiWLM.

Other trademarks belong to their respective owners. Fortinet has not independently verified statements or certifications herein attributed to third parties and Fortinet does not independently endorse such statements. Notwithstanding anything to the contrary herein, nothing herein constitutes a warranty, guarantee, contract, binding specification or other binding commitment by Fortinet or any indication of intent related to a binding commitment, and performance and other specification information herein may be unique to certain environments. This news release may contain forward-looking statements that involve uncertainties and assumptions, such as statements regarding technology releases among others. Changes of circumstances, product release delays, or other risks as stated in our filings with the Securities and Exchange Commission, located at www.sec.gov, may cause results to differ materially from those expressed or implied in this press release. If the uncertainties materialize or the assumptions prove incorrect, results may differ materially from those expressed or implied by such forward-looking statements and assumptions. All statements other than statements of historical fact are statements that could be deemed forward-looking statements. Fortinet assumes no obligation to update any forward-looking statements, and expressly disclaims any obligation to update these forward-looking statements.

Media Contact: Investor Contact: Analyst Contact:
John Welton Peter Salkowski Ron Davis
Fortinet, Inc. Fortinet, Inc. Fortinet, Inc.
408-235-7700 408-331-4595 415-806-9892
pr@fortinet.com psalkowski@fortinet.com rdavis@fortinet.com