The 2019 Verizon Data Breach Investigations Report (DBIR) came out not long ago. There are a lot of incremental
change in the 78 pages of charts and graphs, which is normal for a report of
this kind. The DBIR isn’t rocking anyone’s boat with blockbuster findings;
instead, it reveals trends that may or may not be comforting. Overall the
report serves as a useful barometer of the state of data protection, as a
reminder that things are not good in the world of cybersecurity, and that we
who make the tools enterprises rely on to protect their data should strive to
do better by them.Fact is, innovation in
cybersecurity has fallen behind innovation by the global hacker community.
While global spending on security has, according to Gartner, exceeded $124B, hackers have not been idle. They’ve adopted
methods that allow them to overwhelm traditional security tools and take
advantage of plain old human frailty. As long as our species remains
predisposed to click on interesting emails, rely on easy (or no) passwords, or
browse to places we shouldn’t, the hackers will have the edge. Unless, that is,
we come up with radically different approaches to security that are clever
enough to take into account our collective weaknesses. In the meantime data breaches continue apace, with thousands of incidents reported in 2018 resulting in around
5 billion sensitive records compromised.It’s a simple matter of
mathematics and scale. Hackers have started using offensive AI to generate and
deliver unique malware at a rate of four new samples per second. Cheap and
abundant compute, as well as a profusion of toolkits in the wild, have actually
made it easy to develop highly resilient and evasive “designer threats” that
can target a specific enterprise. For example at the 2018 BlackHat IBM
Research introduced DeepLocker, a toolkit to deliver highly obfuscated and evasive malware. This
class of AI-powered evasive malware conceals its intent until it reaches a
specific victim.
While DeepLocker was an
academic experiment, today it is possible for anyone to buy a tailor-made virus
that is guaranteed to get past the top 10 to 15 major security solutions the
first time it is deployed. Such attacks are sometimes augmented by an AI
algorithm that can add to the stealthiness of the malware, depending on the
environment and attempts made to discover it. AI raises the stakes, with an
advantage for the attackers. They need to get it right only once to score
while defenders need to defend successfully 24/7/365.When an
attack is successful in getting by perimeter defenses, according to Figure 28
of the DBIR, the typical time to compromise is measured in minutes. From there
it only takes a few hours for a hacker to move laterally to their target and
exfiltrate valuable data. Compare that to the time it takes for an enterprise
to discover it has been breached, which is measured in months and then, once a
breach is discovered, the days or weeks it takes to contain the breach. If that
doesn’t give you pause, you aren’t paying attention.The message for the
enterprise is simple: in today’s threat environment, speed kills. Any failure
to keep pace with the threat is an exacerbating factor, but we’ve settled into
a pattern of relying on incremental improvement in existing security tech. It’s
not good enough. The scale and speed of
today’s attacker onslaught is more than enough to overwhelm traditional approaches
to security, and, as security researcher Richard
Seiersen states in this LinkedIn
post, “A 99 percent success rate equates to a 100 percent failure rate” when
you rely on signature- and sandbox-based security.How do we—indeed, can
we—slow down the pace of the threat actors? Maybe that’s the wrong question.
Instead we should be thinking in terms of increasing the speed of our ability
to detect and prevent threats.The first step involves
recognizing and understanding the source of the biggest external threats and
focusing attention there. According to the DBIR, email (94%) and the web (23%)
are the primary means of threat delivery (the overlap of those two figures
accounts for cases where initial compromise is made via email and the victim is
directed to a web page where the payload may be completed). Establishing a
smarter, faster perimeter defense becomes the key to prevention.We believe that, where
human intelligence often lets us down, artificial intelligence can close the
security gap. And not garden-variety AI, which has been used for years in
cybersecurity with less than stellar results, but with deep learning, the most
sophisticated subfield of machine learning. The application of deep learning to
the challenges presented by hackers has shown excellent results in its ability
to detect and prevent threats from getting through the gate no matter how
amorphous your perimeter may be. Thus far we’ve demonstrated nearly 100%
detection rates against daily threat samples, including zero-day variants, and
automatically deliver threat detection verdicts in less than a second, stopping
threats cold.That’s faster than Gladys
at the front desk can click a link promising a cute new cat video. In fact,
she’ll never even see that email. And neither will Charlie in sales who is
eager to please everyone who reaches out to him in hopes of getting closer to
his next big deal. Speed kills in security, where humans never seem to learn
from our mistakes, but faster saves. And deep learning can act before we have a
chance to make the same mistakes (again).
Organizations can truly become cyber resilient only after their business and cybersecurity missions align, and a new report from LevelBlue bears that out.
