Derek Manky, Fortinet, CUBE Conversation #CUBEConversation #theCUBE https://siliconangle.com/2017/09/25/security-must-fight-automation-with-automation-in-new-class-of-iot-attacks-cubeconversation-thecube/ Cybersecurity must fight automation with automation in new class of IoT attacks Automation and machine learning are great technologies for Internet of Things and data applications. They’re also handy tools for cyber attackers to infiltrate those applications. “Threats are becoming more sophisticated to try to obfuscate into data flows and to try to remain silent on networks,” said Derek Manky (pictured), global security strategist at Fortinet Inc. Unlike more familiar attack types that use “brute force” to breach security, these new attacks are much more sleuth-like, Manky told Peter Burris (@plburris), host of theCUBE, SiliconANGLE Media’s mobile livestreaming studio, during an interview at theCUBE’s Palo Alto studio in California. (* Disclosure below.) Attackers are making use of automation technology to exploit vulnerabilities in areas with a lot of interconnectivity, such as mobile and IoT devices. To get a current assessment of the cybersecurity landscape, Fortinet recently released its “Global Threat Landscape Report.” Researchers analyzed security threat data to forecast trends in vulnerabilities and attacks, finding that mobile attacks leaped from two percent of the world’s breaches to 10 percent in the past year. IoT is the new “rising star” for attackers, according to Manky. Security hygiene and Hajime Shadownets are IoT botnets that employ code to worm from router to router or device to device, Manky explained. Hajime is an IoT malware of this class. “Hajime is using automated techniques to download new password lists and try different attacks using updated and dynamic intelligence that’s being built into this automated code,” Manky said. Auomation technology like that used in Hajime allows these threats to exploit vulnerabilities new and old. Ninety percent of organizations in Fortinet’s report saw exploits of vulnerabilities that were three or more years old. “We need to fight automation with automation,” Manky said. An integrated intelligence security fabric such as Fortinet’s uses automation to actually make decisions about how to respond to threats. It does not dispose of security professionals but re-purposes them to focus on even higher-level defense, Manky concluded. Watch the complete video interview below. (* Disclosure: Fortinet Inc. sponsored this segment on SiliconANGLE Media’s theCUBE. Neither Fortinet nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)