Prevention first solutions are the next step in the evolution of cybersecurity - The EE

Prevention first solutions are the next step in the evolution of cybersecurity

Chuck Everette of Deep Instinct

Complacency is a dangerous strategy. Today, too many organisations have been lulled into a false sense of security by the false promises of Endpoint Detection and Response (EDR). This technology is often talked about as the latest must-have innovation in cybersecurity after going from “some distant technological thing not many folks were looking at or buying … to now being the primary tool to deal with the threats,” according to Gartner VP Chris Silva.

Unfortunately, EDR is not enough. Attacks are now executed long before systems identify malicious activity. If this process takes just a few minutes, it is too late. The damage is done. Attacks can cause serious destruction in less than 60 seconds, leaving defenders with nothing left to do but mop up the wreckage, says Chuck Everette, director of cybersecurity advocacy at Deep Instinct.

There is a growing sense of hopelessness among security teams that rely on EDR and other inadequate technologies. Last year, Deep Instinct’s Voice of SecOps report found that 86% of UK businesses do not believe it is possible to prevent ransomware and malware attacks. The study also showed that 83% of cybersecurity professionals believe they should be “getting more” from their antivirus and EDR solutions.

There is an antidote to this gloomy attitude, deep learning. This technology can detect known and unknown threats in less than 20 milliseconds faster than the blink of a human eye. It can even predict threats before they happen due to its ability to mimic the human brain.

If an organisation wants the very best protection, it should explore deep learning and move towards a prevention-first security posture.

What is deep learning and how is it different to other AI security solutions?

IBM describes deep learning as an advanced “subset” of machine learning, which is arguably an underestimation of its power and potential. Really, deep learning is an evolution of AI that is significantly more advanced than machine learning and offers the ability to detect and stop potential threats before they turn into serious problems. It learns the same way as the human brain by absorbing information, interpreting it and then learning from its deductions.

Deep learning focuses on “training” a neural network by exposing it to very large data sets made up of millions or even hundreds of millions of files. Over time, the neural network learns to recognise which files are benign or malicious.

Human defenders cannot “know” what a new threat is going to look like or how it will behave, but they can certainly predict the nature of the next problem coming their way. Deep learning offers organisations a predictive ability which means they no longer have to wait to be attacked, but can move to a proactive, prevention-first security posture that can not only tackle unknown threats but can predict when they will strike.

Deep learning is a relatively new concept in the cybersecurity industry, yet companies including Tesla, YouTube, Netflix and Amazon are already using deep learning to power autonomous driving, recommendation systems, and image recognition functionality.

Why are endpoint detection and response (EDR) solutions no longer enough to protect organisations against cyberattacks?

EDR is all about securing entry points to networks which is a crucial task if organisations want to reduce their risk levels. The demand for EDR is growing, with the market for this technology set to double to more than $2.5 billion market worldwide, according to a prediction from 360 Research Reports. 

EDR uses machine learning to detect threats post execution at the endpoint, before alerting security teams and triggering a response. Although EDR is getting a lot of buzz right now, it employs a similar technique to traditional antivirus solutions, relying on digital signatures to find and flag malware.

Every day, hundreds of thousands of new pieces of potentially dangerous malware are released into the wild. We have also seen the rise of polymorphic variants capable of altering its identifiable characteristic as it replicates and spreads – rather like a virus that evolves as it jumps from victim to victim. We know that yesterday’s vaccines don’t always work on today’s mutated viruses. Similarly, chasing signatures is an ineffective way of preventing breaches. There is simply too much malware to follow this method of defence. The solution is deep learning, which enables organisations to cope with new variants, rather than simply fighting fires by keeping known threats under control.

How can deep learning predict and prevent cyberattacks and why is that important when protecting organisations?

Machine learning and other relatively primitive forms of AI are incapable of tackling unknown threats and zero days. Deep learning can analyse vast amounts of data, draw conclusions and learn from its findings, just like a human brain. It does not rely exclusively on legacy techniques such as threat profiles, the manual labelling of malware and banks of outdated signatures. Instead, its advanced capabilities allow security solutions to detect new malware variants before they have time to execute or even penetrate the network.

Machine learning solutions fail to detect up to 40% of threats. When a new variant or zero day appears, it can take between two and four weeks to train the system to recognise it. If an organisation deploys deep learning, it is moving beyond a “detect and respond” stance and towards a “prevent and protect” strategy.

Deploying traditional detection and response solutions is like building a great big castle and waiting for the enemy to attack. Deep learning is a more proactive policy. You’re taking the fight to the enemy.

The volume of false positives is one of the biggest challenges facing UK organisations today, how can deep learning help?

The problem of false positives can be deeply dispiriting for security teams. EDR solutions often generate a blizzard of minor alerts, forcing security professionals to spend a large proportion of their time performing futile tasks and tackling minor problems.

A recent survey found that 69% of respondents agreed that “low staff morale could result from alert fatigue due to the overwhelming volume of false positives”.

Deep learning can help because it is simply much more effective at identifying genuine threats and weeding out false positives. It improves the security of an organisation and brightens the days of the security teams protecting that business.

The author is Chuck Everette, director of cybersecurity advocacy at Deep Instinct.

Follow us and Comment on Twitter @TheEE_io

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.