Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint

9/30/2019
09:00 AM
Guy Caspi, CEO & Co-founder, Deep Instinct
Guy Caspi, CEO & Co-founder, Deep Instinct
Sponsored Article
100%
0%

Beating the Bullet: From Detection to Prevention

How deep learning technology acts pre-emptively to stop attackers before they cause serious damage.

A core evaluation of artificial intelligence in cybersecurity indicates that AI is at the precipice of overhauling the attack domain. Organizations need to be ready for this next wave of attack because the reality on the ground will make it very difficult for the cybersecurity eco-system to adequately prepare themselves.

The current approach to security is that of detection and response, where the solution is triggered once a file has been accessed. In this constant pursuit of threat hunting and analysis, companies are losing the technological upper-hand against an attack landscape that is increasingly sophisticated, and where advanced attacks easily evade modern detection and response-based solutions.

Not surprisingly, CISO’s and company boards are growing weary of spending a lot of money on a raft of security products, only to later spend much more in the aftermath of a breach which inevitably occurs. This comes at an enormous cost, with time and resources spent remediating the breach rather than focusing efforts on developing revenue streams. The frequency of this scenario has prompted some industry leaders to a pursue a new frontier of prevention with a pre-emptive approach that can stop an attack before any damage can be done.

Is a preventative approach realistic? Many question the possibility, but the answer from Deep Instinct, is a resounding, Yes! Worse, there is a false sense of security in the wealth of data and analytics that a detection solution provides. Real, effective security is the difference between detection and prevention.

Beating the Bullet: The Preventative Approach
For both networks and endpoints there is a widening gap between the capability of threat actors and the efficacy of detection solutions, making it harder to adequately protect a device. In the detection and response approach an attack, or the steps to carry it out, are analyzed post-execution when the SOC team has access, as the malicious activity unfolds, creating additional artefacts. However, this effectively puts the security solution and the attack in a race, where the solution is pursuing the attack by running behind the threat actor. This reactive approach means that organizations have all the data they could possibly want about a breach, but little to actually stop it, relying mostly on human skill to identify, contain and remediate damage.

This common approach of detection and response, which is intended to reduce risk, actually exacerbates it, and highlights the business case for a pre-emptive cybersecurity solution. CISO’s shouldn’t resign themselves to solutions that operate post-execution, but should demand a solution that acts pre-emptively to keep them protected.

By definition, a zero-time preventative solution incorporates five elements to distinguish it from a detection and response-based solution, or other supposedly preventative tools. These include:

1. Pre-execution – The solution is designed to be triggered before any malicious business logic takes place. For example, as soon as a file is accessed, downloaded on to a device, or malicious code injection is fully executed.

2. Autonomous – Once the solution is activated, it autonomously analyzes and makes decisions on prevention and alerts, regardless of human involvement and Internet connectivity. If a human is involved it’s not a real-time solution.

3. Zero-time – Any new data artefact or file must be analyzed in a matter of milliseconds, prior to being executed, opened or causing compromise, effectively providing a zero-time response.

4. All threats – The solution’s design should cover a broad range of cyberattack vectors and surfaces, both known and yet unknown threats.

5. All environments – the solution should protect a wide range of OSes and environments, be it networks, endpoints, mobile devices or servers, from a single unified platform.

Currently, deep learning is the only technology available that is able to deliver these five elements to provide a real prevention-oriented solution. The adaptation and application of deep learning makes it possible to harness its innate advantages of fast inference and high accuracy to provide prevention. The rigorous analysis of deep learning also provides a remarkably low false positive rate, despite the higher rates of detected files.

To learn more about solutions that work in pre-execution, read the full article.

About The Author

Guy Caspi, CEO & Co-founder, Deep Instinct

A serial entrepreneur, Guy Caspi has spearheaded companies in senior positions through entire life cycles, from start up, accelerate growth and up to IPO in Nasdaq. Guy has in-depth knowledge of machine learning and deep learning assimilation in cybersecurity, which he has applied to his unique go-to-market execution experience.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
mubeen khatri
50%
50%
mubeen khatri,
User Rank: Apprentice
10/8/2019 | 8:07:30 AM
appliance repair
Pretty good post. I just stumbled upon your blog and wanted to say that I have really enjoyed reading your blog posts. Any way I'll be subscribing to your feed and I hope you post again soon.
 
COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/6/2020
Ripple20 Threatens Increasingly Connected Medical Devices
Kelly Sheridan, Staff Editor, Dark Reading,  6/30/2020
DDoS Attacks Jump 542% from Q4 2019 to Q1 2020
Dark Reading Staff 6/30/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15564
PUBLISHED: 2020-07-07
An issue was discovered in Xen through 4.13.x, allowing Arm guest OS users to cause a hypervisor crash because of a missing alignment check in VCPUOP_register_vcpu_info. The hypercall VCPUOP_register_vcpu_info is used by a guest to register a shared region with the hypervisor. The region will be map...
CVE-2020-15565
PUBLISHED: 2020-07-07
An issue was discovered in Xen through 4.13.x, allowing x86 Intel HVM guest OS users to cause a host OS denial of service or possibly gain privileges because of insufficient cache write-back under VT-d. When page tables are shared between IOMMU and CPU, changes to them require flushing of both TLBs....
CVE-2020-15566
PUBLISHED: 2020-07-07
An issue was discovered in Xen through 4.13.x, allowing guest OS users to cause a host OS crash because of incorrect error handling in event-channel port allocation. The allocation of an event-channel port may fail for multiple reasons: (1) port is already in use, (2) the memory allocation failed, o...
CVE-2020-15567
PUBLISHED: 2020-07-07
An issue was discovered in Xen through 4.13.x, allowing Intel guest OS users to gain privileges or cause a denial of service because of non-atomic modification of a live EPT PTE. When mapping guest EPT (nested paging) tables, Xen would in some circumstances use a series of non-atomic bitfield writes...
CVE-2020-15563
PUBLISHED: 2020-07-07
An issue was discovered in Xen through 4.13.x, allowing x86 HVM guest OS users to cause a hypervisor crash. An inverted conditional in x86 HVM guests' dirty video RAM tracking code allows such guests to make Xen de-reference a pointer guaranteed to point at unmapped space. A malicious or buggy HVM g...