Sep 28 2016

‘McAfee Labs Threats Report’ Offers Primer on Security Data Science, Analytics, Big Data, Machine Learning

Analytics, big data, automation, and machine learning are all terms we use when talking about the future of cybersecurity. As the volume of security data increases, data science will become an important weapon to disrupt adversaries.

Too often, these terms are used as synonyms, but they refer to different parts of the domain of data science. To stay ahead of threats and predict vulnerabilities, we should all have a basic understanding of the fundamental security building block of data science.

What is data science?

Data science is the confluence of math, statistics, hardware, software, and data management. Data scientists apply mathematical algorithms and models to solve problems—such as detecting an attack before it happens or stopping ransomware before it takes over a computer or network. Data management covers the processes of gathering data throughout software and hardware environments, as well as governance, policies, security, storage, and mathematical boundary conditions. Effective data management is as important as the algorithms themselves.

What is big data?

Big is the essential part of big data. Security tools can collect massive quantities of data, which are necessary to develop sustainable patterns of normal and anomalous behavior. The quantities are mind-boggling—data scientists often work in yottabytes (1024 bytes) of data.

What are analytics?

Analytics are the scientific process of transforming data into business insight. This involves mining big data to identify patterns, build models, test those models against real scenarios, and iterate through the process to improve the ultimate effectiveness. There are four basic types of analytics: descriptive (what happened?), diagnostic (why did it happen?), predictive (what will happen?), and prescriptive (this is what is recommended because that will happen).

What is automation?

Automation (as it pertains to machine learning) is simply the process of having computers execute analytic models. Automation can be applied to many parts of cybersecurity and data science by removing repetitive tasks, summarizing datasets that are larger than humans can handle, identifying patterns, and performing mitigation functions, among others.

What is machine learning?

Machine learning is the action of automating analytics to the point that the computer builds on and enhances the model over time, identifying new patterns and relationships to which it can apply rules and policies. When working at the predictive or prescriptive levels, the machine will calculate the expected future value of a particular variable.

What are some common myths?

Big data, analytics, and machine learning are very powerful, but they cannot solve every problem.

Some key myths of analytics:

  • They can be done quickly.
  • The results are always right.
  • You don’t have to know any math or statistics.

Some key myths of machine learning:

  • Human involvement is not required.
  • You can just pick a model and apply it to your data.
  • It is hack proof.

Analytics, big data, automation, and machine learning can be applied to a wide range of business challenges. For cybersecurity, the opportunity is to identify anomalous behavior and other indicators of attack sooner, and even predict future attacks based on context, learned patterns, and shared threat intelligence. Understanding the basics of data science is important to be able to effectively apply these tools to current and future business and security needs.

For the full crash course in security data science, analytics, and machine learning, download the McAfee Labs Threats Report: September 2016.

The post ‘McAfee Labs Threats Report’ Offers Primer on Security Data Science, Analytics, Big Data, Machine Learning appeared first on McAfee.

Sep 27 2016

Android.Lockscreen ransomware now using pseudorandom numbers

The latest Android.Lockscreen variants are using new techniques to improve their chances of obtaining ransom money.

Sep 27 2016

ISC Releases Security Updates for BIND

Original release date: September 27, 2016

The Internet Systems Consortium (ISC) has released updates that address a vulnerability in BIND. Exploitation of this vulnerability may allow a remote attacker to cause a denial-of-service condition.

Available updates include:

  • BIND 9 version 9.9.9-P3
  • BIND 9 version 9.10.4-P3
  • BIND 9 version 9.11.0rc3
  • BIND 9 version 9.9.9-S5

US-CERT encourages users and administrators to review ISC Knowledge Base Article AA-01419 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

Sep 27 2016

Firefox ready to block certificate authority that threatened Web security


The organization that develops Firefox has recommended the browser block digital credentials issued by a China-based certificate authority for 12 months after discovering it cut corners that undermine the entire transport layer security system that encrypts and authenticates websites.

The browser-trusted WoSign authority intentionally back-dated certificates it has issued over the past nine months to avoid an industry-mandated ban on the use of the SHA-1 hashing algorithm, Mozilla officials charged in a report published Monday. SHA-1-based signatures were barred at the beginning of the year because of industry consensus they are unacceptably susceptible to cryptographic collision attacks that can create counterfeit credentials. To satisfy customers who experienced difficulty retiring the old hashing function, WoSign continued to use it anyway and concealed the use by dating certificates prior to the first of this year, Mozilla officials said. They also accused WoSign of improperly concealing its acquisition of Israeli certificate authority StartCom, which was used to issue at least one of the improperly issued certificates.

"Taking into account all the issues listed above, Mozilla's CA team has lost confidence in the ability of WoSign/StartCom to faithfully and competently discharge the functions of a CA," Monday's report stated. "Therefore we propose that, starting on a date to be determined in the near future, Mozilla products will no longer trust newly issued certificates issued by either of these two CA brands."

Read 10 remaining paragraphs | Comments