Cyber-security and cyber-criminals are engaged in a constant arms race. The minute a software vulnerability gets patched or a security tool is able to block a class of attacks, malware writers shift gears and look for something new to exploit.
For years, security professionals have strived to get ahead of attackers. But the status quo, unfortunately, is that security is reactive, and it’s hard to imagine how it could be otherwise. How can you block cyber-crooks, after all, until you know what they’re up to? We don’t live in a Minority Report type of world, after all, where psychics can help us sniff out crimes before they happen.
That doesn’t mean we don’t try. In the physical world, the desire to get ahead of crime has led to all sorts of dubious practices, everything from stop-and-frisk to NSA snooping. In cyber-space, security professionals are now turning to big data to try to discover patterns that may indicate a crime is coming, even if it has not yet occurred.
This is the crux of the NSA surveillance controversy, after all.
Less invasive is the new Pleiades tool developed by researchers at Georgia Tech, the University of Georgia and security startup Damballa. Pleiades doesn’t intuit coming crimes, but it can identify zero-day attacks before security researchers even know what exactly the malware is.