In what the New York Times is calling, “One of the most sophisticated and perhaps largest hacks in more than five years,” malicious adversaries acting on behalf of a foreign government, likely Russian, broke into the email systems of multiple U.S. Federal agencies including the Treasury and Commerce Departments.
Sudden and widespread panic occurred among federal offices including the Department of Homeland Security when they pinpointed the source of intrusion within a widely used network management software made by a company called SolarWinds.
More importantly, while shutdown of SolarWinds was ordered immediately, it was discovered that the attackers had free-reign access starting months before, tracing activity all the way back to the spring. The New York Times explains, “The malign code was entered when the hackers broke into the periodic automatic updates of the software, much like when an iPhone is updated overnight.”
While many of today’s hacks involve stealing usernames and passwords, it’s easy to assume this intelligent attack used adversarial AI to insert electronic indicators that provide assurances to Microsoft, Google or other providers about the identity of their computer system and the email systems it was talking to. With this, the bad actors were able to trick the system and remain undetected on the network for months.
FireEye, a computer security firm that alerted their government clients about Russian attacks after its own systems were compromised, called the tactics of using third-party software that are linked into computer networks, “top-tier operational tradecraft.”
It is too soon to fully comprehend or understand the depth of consequences that these foreign attacks will have on FireEye’s 300,000 customers and U.S. government agencies.
Predictive AI Solutions Replacing Legacy SIEMs
Large enterprises are finding that their legacy SIEMs – and the constant push for NTA add-ons within them – are no longer an effective tool to detect and even predict threats on their network.
As we have learned about this recent attack, authentic real-time threat detection and predictive analysis based on actual, current network behavior is needed. Legacy NTA solutions rely on a historical analysis of network traffic and comparing behavior anomalies against one another. Rules and alerts based on a historical, non-evolving baseline are limited in their effectiveness.
As cybersecurity evolves and bad actors become more sophisticated – just as described in this recent hack – security teams must take a more proactive approach to Network Traffic Analysis (NTA) in order to avoid the next generation of hacks and breaches. But most NTA solutions are severely lacking in one foundational component: an accurate, generative baseline that evolves over time. Without this, truly meaningful anomaly detection is impossible.
SIEM platforms originated as compliance search and investigation platforms and were not built for advanced analytics. SIEMs have no predictive or adaptive capabilities, so they are vulnerable to unknown zero-day or emerging threats.
Enter MixMode’s Predictive AI, also known as third-wave AI, and how it is disrupting the cybersecurity industry. Meeting the needs of modern, next-generation SOCs, MixMode removes the siloed nature of additive NTA baselines with an adaptive approach that is responsive to rapidly evolving network baselines. Context-aware insights result in fewer false positive alerts, while AI-prioritized reports decrease demands on analyst time. Instead of spending hours sifting through SIEM logs, analysts can address genuine security vulnerabilities.
Learn more about MixMode’s self-supervised AI solutions today.