Machine behaviors that threaten enterprise security
Machine learning has moved enterprise security forward, allowing for visibility inside the network in order to better understand user behavior. However, malicious actors are using what is done with machine learning on the inside in order to attack the perimeter.
Specifically, these types of attacks include DNS tunneling, attaching to Tor networks, and sending rogue authentication requests to directory services. Tom Gorup, security operations leader for Rook Security, said that in addition to these threats, “In general what we are seeing across the board is phishing, from wire fraud to distribution of malware. Generally we’re seeing scans they’re attempting to exploit.”