How deep learning technology acts pre-emptively to stop attackers before they cause serious damage
A core evaluation of artificial intelligence (AI) in cyber threat landscape indicates that AI is on the verge of overhauling the attack domain. Organizations need to be ready for the next wave of attacks because the reality on the ground will make it very difficult for the cybersecurity eco-system to adequately prepare itself.
The current approach to security is that of detection and response, where the security product is triggered once a file has been accessed. In this constant pursuit of threat hunting and analysis, companies are losing the technological upper-hand against an attack landscape that is increasingly sophisticated, and where advanced attacks easily evade modern detection and response-based products.Not surprisingly, CISOs and company boards are growing weary of spending much money on a raft of security products, only to later spend more on the aftermath of a breach which inevitably occurs. This comes at an enormous cost, with time and resources spent remediating the breach rather than focusing efforts on developing revenue streams. The frequency of this scenario has prompted some industry leaders to a pursue a new frontier of prevention with a pre-emptive approach that can stop an attack before any damage can be done.“Is a preventative approach realistic?” Some might question the possibility, but the answer from Deep Instinct, is a resounding, Yes! Worse, there is a false sense of security in the wealth of data and analytics that a detection product provides. Real, effective security is the difference between detection and prevention.Beating the Bullet: The Preventative Approach For both networks and endpoints there is a widening gap between the capability of threat actors and the efficacy of detection software, making it harder to adequately protect a device. In thedetection and response approach, an attack, or the steps to carry it out, are analyzed post-execution when the SOC team has access as the malicious activity unfolds, creating additional artefacts. However, this effectively puts the security software and the attack in a race, where the software is pursuing the attack by running behind the threat actor. This reactive approach means that organizations have all the data they could possibly want about a breach, but little to no means of actually stopping it, relying mostly on human skill to identify, contain and remediate damage.This
common approach of detection and response, which is intended to reduce risk, exacerbates
it and highlights the business case for a pre-emptive cybersecurity solution.
CISOs shouldn’t resign themselves to products that operate post-execution but should
demand a solution that acts pre-emptively to keep them protected.By definition, a
zero-time preventative solution incorporates five elements to distinguish
it from a detection and response-based solution, or other supposedly
preventative tools. These include:
Pre-execution
– The solution is designed to be triggered before any malicious business logic
takes place. For example, as soon as a file is accessed, downloaded on to a
device, or malicious code injection is fully executed.
Autonomous
– Once the solution is activated, it autonomously analyzes and makes decisions
on prevention and alerts, regardless of human involvement and Internet
connectivity. If a human is involved it’s not a real-time offering.
Zero-time
– Any new data artefact or file must be analyzed in a matter of milliseconds,
prior to being executed, opened or causing compromise, effectively providing a
zero-time response.
All
threats – The solution’s design should cover a broad range of cyberattack
vectors and surfaces, both known and unknown threats.
All
environments – the solution should protect a wide range of OSs and environments,
be it networks, endpoints, mobile devices or servers, from a single unified
platform.
Currently,
deep learning is the only technology available that is able to deliver these
five elements to provide a real prevention-oriented solution. The adaptation and application of deep learning makes
it possible to harness its innate advantages of fast inference and high
accuracy. The rigorous analysis of deep learning also
provides a remarkably low false positive rate, despite the higher rates of
detected files.To learn more about the evolution from detection and response to Prediction and Prevention, read the whitepaper Reinventing Cybersecurity Prevention with Deep LearningGuy Caspi, CEO & Co-founder,
Deep InstinctA serial entrepreneur, Guy Caspi has spearheaded companies
in senior positions through entire life cycles, from start up, accelerated
growth and up to IPO in Nasdaq. Guy has in-depth knowledge of machine learning and
deep learning assimilation in cybersecurity, which he has applied to his unique
go-to-market execution experience.
There are many ways to do DevSecOps, and each organization — each security team, even — uses a different approach. Questions such as how many environments you have and the frequency of deployment of those environments are important in understanding how to integrate a security scanner into your DevSecOps machinery. The ultimate goal is speed […]
It’s Cybersecurity Awareness Month, but security awareness is about much more than just dedicating a month to a few activities. Security awareness is a journey, requiring motivation along the way. And culture. Especially culture.That’s the point Proofpoint Cybersecurity Evangelist Brian Reed drove home in a recent appearance on Business Security Weekly.“If your security awareness program […]
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news