Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint

9/30/2019
09:00 AM
Guy Caspi, CEO & Co-founder, Deep Instinct
Guy Caspi, CEO & Co-founder, Deep Instinct
Sponsored Article
100%
0%

Beating the Bullet: From Detection to Prevention

How deep learning technology acts pre-emptively to stop attackers before they cause serious damage.

A core evaluation of artificial intelligence in cybersecurity indicates that AI is at the precipice of overhauling the attack domain. Organizations need to be ready for this next wave of attack because the reality on the ground will make it very difficult for the cybersecurity eco-system to adequately prepare themselves.

The current approach to security is that of detection and response, where the solution is triggered once a file has been accessed. In this constant pursuit of threat hunting and analysis, companies are losing the technological upper-hand against an attack landscape that is increasingly sophisticated, and where advanced attacks easily evade modern detection and response-based solutions.

Not surprisingly, CISO’s and company boards are growing weary of spending a lot of money on a raft of security products, only to later spend much more in the aftermath of a breach which inevitably occurs. This comes at an enormous cost, with time and resources spent remediating the breach rather than focusing efforts on developing revenue streams. The frequency of this scenario has prompted some industry leaders to a pursue a new frontier of prevention with a pre-emptive approach that can stop an attack before any damage can be done.

Is a preventative approach realistic? Many question the possibility, but the answer from Deep Instinct, is a resounding, Yes! Worse, there is a false sense of security in the wealth of data and analytics that a detection solution provides. Real, effective security is the difference between detection and prevention.

Beating the Bullet: The Preventative Approach
For both networks and endpoints there is a widening gap between the capability of threat actors and the efficacy of detection solutions, making it harder to adequately protect a device. In the detection and response approach an attack, or the steps to carry it out, are analyzed post-execution when the SOC team has access, as the malicious activity unfolds, creating additional artefacts. However, this effectively puts the security solution and the attack in a race, where the solution is pursuing the attack by running behind the threat actor. This reactive approach means that organizations have all the data they could possibly want about a breach, but little to actually stop it, relying mostly on human skill to identify, contain and remediate damage.

This common approach of detection and response, which is intended to reduce risk, actually exacerbates it, and highlights the business case for a pre-emptive cybersecurity solution. CISO’s shouldn’t resign themselves to solutions that operate post-execution, but should demand a solution that acts pre-emptively to keep them protected.

By definition, a zero-time preventative solution incorporates five elements to distinguish it from a detection and response-based solution, or other supposedly preventative tools. These include:

1. Pre-execution – The solution is designed to be triggered before any malicious business logic takes place. For example, as soon as a file is accessed, downloaded on to a device, or malicious code injection is fully executed.

2. Autonomous – Once the solution is activated, it autonomously analyzes and makes decisions on prevention and alerts, regardless of human involvement and Internet connectivity. If a human is involved it’s not a real-time solution.

3. Zero-time – Any new data artefact or file must be analyzed in a matter of milliseconds, prior to being executed, opened or causing compromise, effectively providing a zero-time response.

4. All threats – The solution’s design should cover a broad range of cyberattack vectors and surfaces, both known and yet unknown threats.

5. All environments – the solution should protect a wide range of OSes and environments, be it networks, endpoints, mobile devices or servers, from a single unified platform.

Currently, deep learning is the only technology available that is able to deliver these five elements to provide a real prevention-oriented solution. The adaptation and application of deep learning makes it possible to harness its innate advantages of fast inference and high accuracy to provide prevention. The rigorous analysis of deep learning also provides a remarkably low false positive rate, despite the higher rates of detected files.

To learn more about solutions that work in pre-execution, read the full article.

About The Author

Guy Caspi, CEO & Co-founder, Deep Instinct

A serial entrepreneur, Guy Caspi has spearheaded companies in senior positions through entire life cycles, from start up, accelerate growth and up to IPO in Nasdaq. Guy has in-depth knowledge of machine learning and deep learning assimilation in cybersecurity, which he has applied to his unique go-to-market execution experience.

Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
mubeen khatri
50%
50%
mubeen khatri,
User Rank: Apprentice
10/8/2019 | 8:07:30 AM
appliance repair
Pretty good post. I just stumbled upon your blog and wanted to say that I have really enjoyed reading your blog posts. Any way I'll be subscribing to your feed and I hope you post again soon.
 
COVID-19: Latest Security News & Commentary
Dark Reading Staff 9/17/2020
APT Groups Set Sights on Linux Targets: Inside the Trend
Kelly Sheridan, Staff Editor, Dark Reading,  9/11/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-9739
PUBLISHED: 2020-09-18
Adobe Media Encoder version 14.3.2 (and earlier versions) has an out-of-bounds read vulnerability that could be exploited to read past the end of an allocated buffer, possibly resulting in a crash or disclosure of sensitive information from other memory locations. User interaction is required to exp...
CVE-2020-9744
PUBLISHED: 2020-09-18
Adobe Media Encoder version 14.3.2 (and earlier versions) has an out-of-bounds read vulnerability that could be exploited to read past the end of an allocated buffer, possibly resulting in a crash or disclosure of sensitive information from other memory locations. User interaction is required to exp...
CVE-2020-9745
PUBLISHED: 2020-09-18
Adobe Media Encoder version 14.3.2 (and earlier versions) has an out-of-bounds read vulnerability that could be exploited to read past the end of an allocated buffer, possibly resulting in a crash or disclosure of sensitive information from other memory locations. User interaction is required to exp...
CVE-2020-0089
PUBLISHED: 2020-09-18
In the audio server, there is a missing permission check. This could lead to local escalation of privilege regarding audio settings with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-137015603
CVE-2020-0262
PUBLISHED: 2020-09-18
In WiFi tethering, there is a possible attacker controlled intent due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-156353008