Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


09:00 AM
Guy Caspi, CEO & Co-founder, Deep Instinct
Guy Caspi, CEO & Co-founder, Deep Instinct
Sponsored Article

Beating the Bullet: From Detection to Prevention

How deep learning technology acts pre-emptively to stop attackers before they cause serious damage.

A core evaluation of artificial intelligence in cybersecurity indicates that AI is at the precipice of overhauling the attack domain. Organizations need to be ready for this next wave of attack because the reality on the ground will make it very difficult for the cybersecurity eco-system to adequately prepare themselves.

The current approach to security is that of detection and response, where the solution is triggered once a file has been accessed. In this constant pursuit of threat hunting and analysis, companies are losing the technological upper-hand against an attack landscape that is increasingly sophisticated, and where advanced attacks easily evade modern detection and response-based solutions.

Not surprisingly, CISO’s and company boards are growing weary of spending a lot of money on a raft of security products, only to later spend much more in the aftermath of a breach which inevitably occurs. This comes at an enormous cost, with time and resources spent remediating the breach rather than focusing efforts on developing revenue streams. The frequency of this scenario has prompted some industry leaders to a pursue a new frontier of prevention with a pre-emptive approach that can stop an attack before any damage can be done.

Is a preventative approach realistic? Many question the possibility, but the answer from Deep Instinct, is a resounding, Yes! Worse, there is a false sense of security in the wealth of data and analytics that a detection solution provides. Real, effective security is the difference between detection and prevention.

Beating the Bullet: The Preventative Approach
For both networks and endpoints there is a widening gap between the capability of threat actors and the efficacy of detection solutions, making it harder to adequately protect a device. In the detection and response approach an attack, or the steps to carry it out, are analyzed post-execution when the SOC team has access, as the malicious activity unfolds, creating additional artefacts. However, this effectively puts the security solution and the attack in a race, where the solution is pursuing the attack by running behind the threat actor. This reactive approach means that organizations have all the data they could possibly want about a breach, but little to actually stop it, relying mostly on human skill to identify, contain and remediate damage.

This common approach of detection and response, which is intended to reduce risk, actually exacerbates it, and highlights the business case for a pre-emptive cybersecurity solution. CISO’s shouldn’t resign themselves to solutions that operate post-execution, but should demand a solution that acts pre-emptively to keep them protected.

By definition, a zero-time preventative solution incorporates five elements to distinguish it from a detection and response-based solution, or other supposedly preventative tools. These include:

1. Pre-execution – The solution is designed to be triggered before any malicious business logic takes place. For example, as soon as a file is accessed, downloaded on to a device, or malicious code injection is fully executed.

2. Autonomous – Once the solution is activated, it autonomously analyzes and makes decisions on prevention and alerts, regardless of human involvement and Internet connectivity. If a human is involved it’s not a real-time solution.

3. Zero-time – Any new data artefact or file must be analyzed in a matter of milliseconds, prior to being executed, opened or causing compromise, effectively providing a zero-time response.

4. All threats – The solution’s design should cover a broad range of cyberattack vectors and surfaces, both known and yet unknown threats.

5. All environments – the solution should protect a wide range of OSes and environments, be it networks, endpoints, mobile devices or servers, from a single unified platform.

Currently, deep learning is the only technology available that is able to deliver these five elements to provide a real prevention-oriented solution. The adaptation and application of deep learning makes it possible to harness its innate advantages of fast inference and high accuracy to provide prevention. The rigorous analysis of deep learning also provides a remarkably low false positive rate, despite the higher rates of detected files.

To learn more about solutions that work in pre-execution, read the full article.

About The Author

Guy Caspi, CEO & Co-founder, Deep Instinct

A serial entrepreneur, Guy Caspi has spearheaded companies in senior positions through entire life cycles, from start up, accelerate growth and up to IPO in Nasdaq. Guy has in-depth knowledge of machine learning and deep learning assimilation in cybersecurity, which he has applied to his unique go-to-market execution experience.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
mubeen khatri
mubeen khatri,
User Rank: Apprentice
10/8/2019 | 8:07:30 AM
appliance repair
Pretty good post. I just stumbled upon your blog and wanted to say that I have really enjoyed reading your blog posts. Any way I'll be subscribing to your feed and I hope you post again soon.
Data Leak Week: Billions of Sensitive Files Exposed Online
Kelly Jackson Higgins, Executive Editor at Dark Reading,  12/10/2019
Lessons from the NSA: Know Your Assets
Robert Lemos, Contributing Writer,  12/12/2019
4 Tips to Run Fast in the Face of Digital Transformation
Shane Buckley, President & Chief Operating Officer, Gigamon,  12/9/2019
Register for Dark Reading Newsletters
White Papers
Current Issue
The Year in Security: 2019
This Tech Digest provides a wrap up and overview of the year's top cybersecurity news stories. It was a year of new twists on old threats, with fears of another WannaCry-type worm and of a possible botnet army of Wi-Fi routers. But 2019 also underscored the risk of firmware and trusted security tools harboring dangerous holes that cybercriminals and nation-state hackers could readily abuse. Read more.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2019-12-15
read_colordef in read.c in Xfig fig2dev 3.2.7b has an out-of-bounds write.
PUBLISHED: 2019-12-14
There is an improper authentication vulnerability in Huawei smartphones (Y9, Honor 8X, Honor 9 Lite, Honor 9i, Y6 Pro). The applock does not perform a sufficient authentication in a rare condition. Successful exploit could allow the attacker to use the application locked by applock in an instant.
PUBLISHED: 2019-12-14
Some Huawei smart phones have a null pointer dereference vulnerability. An attacker crafts specific packets and sends to the affected product to exploit this vulnerability. Successful exploitation may cause the affected phone to be abnormal.
PUBLISHED: 2019-12-13
There is an information disclosure vulnerability in certain Huawei smartphones (Mate 10;Mate 10 Pro;Honor V10;Changxiang 7S;P-smart;Changxiang 8 Plus;Y9 2018;Honor 9 Lite;Honor 9i;Mate 9). The software does not properly handle certain information of applications locked by applock in a rare condition...
PUBLISHED: 2019-12-13
Huawei CloudUSM-EUA V600R006C10;V600R019C00 have an information leak vulnerability. Due to improper configuration, the attacker may cause information leak by successful exploitation.