This report by Cisco essentially gives you the playbook for defending your network in 2018. What did we see in 2017 that is making a resurgence? How are threats evolving?
These are a few of the questions that this report aims to address. If you are a security professional or simply work in IT, this report is something that will give you an idea of where your business needs to innovate to stay ahead of the bad actors.
Below are some snippets of what you can expect to see:
"Defenders should also consider adopting advanced security technologies that include machine learning and artificial intelligence capabilities. With malware hiding its communication inside of encrypted web traffic, and rogue insiders sending sensitive data through corporate cloud systems, security teams need effective tools to prevent or detect the use of encryption for concealing malicious activity."
"WannaCry did not track encrypted damage to and the payments made by affected users. The number of users who received decryption keys after making a payment is also unknown. (WannaCry is still propagating, and users continue to pay ransoms—in vain.) Due to the very low performance of WannaCry as ransomware, the U.S. government and many security researchers believe the ransom component is effectively a smokescreen to conceal WannaCry’s true purpose: wiping data."
"Machine learning is useful for automatically detecting “known-known” threats—the types of infections that have been seen before (see Figure 3). But its real value, especially in monitoring encrypted web traffic, stems from its ability to detect “known-unknown” threats."