How Machine Learning Saved a $1m Whiskey Bottle from a Cyberattack

Date: 1 September 2020

Artificial Intelligence (AI) and Machine Learning (ML) have become the kind of buzzwords that are used so often, it’s fair to say that they are almost abused. They are usually over-publicized and there are vendors who indiscreetly exploit these terms for their own benefit. Very few people understand these technologies and many also consider them a new-age sect of the Dark Arts. 

In this blog, we cover: 

• Challenges with AI & ML Technologies
• Introduction to Link11
• The AI-Backed Solution from Link11
• Case Studies on the Success of this Solution
• Questions Answered in the Webinar
• Resources & Attachments Available for Download
   

Unravelling the secrets of AI and ML and providing clarity on the true powers and capabilities of these technologies was the primary objective of the webinar hosted by Cyber Management Alliance in association with Link11. Titled ‘Creating the Fastest Cyber-Attack Response Tool Using Machine Learning’ the webinar on Cyber Management Alliance’s BrightTALK channel also turned the spotlight on how Karsten Desler of Link11 created a cybersecurity toolset that can detect a sophisticated attack and take a calculated, automatic and immediate mitigating response.

In this really engaging and eye-opening discussion, Amar Singh, Founder and CEO of Cyber Management Alliance, Karsten Desler, Chief Developer and Co-Founder at Link11 and Joss Penfold, Regional Director at Link11 delve into the solution that Link11 has created using ML algorithms that can continuously learn and analyse malicious traffic and automatically take corrective action, with no human interaction. 

Key Quotes

Amar Singh: “We often tell our clients that they have to trust Machine Learning a little to derive its full benefit. Attackers are using AI and ML. You will lose out if you don’t embrace these advanced technologies.”

Karsten Desler: “It’s important to understand that AI and ML are not negative technologies. It’s how you use them and how targeted you can be with them that truly makes the difference.”

Joss Penfold: “You need to be aware of the potential threats and know that cyber-attackers are using bots and botnets to attack infrastructure. There isn’t any need to be afraid of advanced technologies but it’s important to look at them as a tool that can enable better protection.”    

The challenge with AI and ML technologies

• Very few people truly understand AI and ML. 
• Many Marketing teams have overused the words and they’ve lost their meaning 
• Clients don’t completely trust Machine Learning so they’re unable to derive its full benefit. 
• Cyber-attackers are using bots and botnets to identify and attack infrastructure. You definitely don’t want a scenario where you have a botnet being used for an attack which humans are trying to mitigate, especially if this is happening in the case of business-critical online infrastructure.    
• Response times, currently, are slow and manual. If you don’t increase your response time, if you don’t automate it, you are going to lose out to the criminals.       

Introduction to Link11 & its core value proposition

Link11 launched its DDOS mitigation service in 2012. It has, since, shifted focus towards cybersecurity and hyper resilience. Karsten has been the Co-Founder and CTO of Link11 and the initial version of the DDOS service was developed by him.   

For Link11, the core technology and chief offering is focused on detecting anomalies. In other words, as Karsten puts it, it’s about mapping what normal traffic looks like, building really fine-grain profiles of normal traffic and then using these profiles to detect anomalies which can be in the form of DDOS attacks or a bot trying to crawl a website. 

The Artificial Intelligence-backed solution 

Link11’s products take two different paths: 

1. The Self-Learning AI Shield: This Shield continuously feeds global, shared Attack Sequence Database to gain intelligence across the customer base. It looks at normal traffic profiles and feeds this information into the signature database. These traffic profiles are, then, used by all products that that profile is relevant to. 

2. Fingerprint Technology: A virtual fingerprint of every user exists to ensure IP agnostic decisions are possible. A lot of botnets come from different IP addresses, so the technology looks at deeper profiles and not just IP addresses. Link11 creates IP agnostic detections that work over different parameters and then out of that a fingerprint is created which is used to identify an attacker or a non-attacker. It’s a multi-dimensional approach where you don’t look at one single bit of data but try to aggregate different sources and different dimensions. 

Karsten explains what the anomaly detection looks like with the Link11 Artificial Intelligence tool.

More details on this are at 19:28 onwards in the recording.