Cyber threats are becoming potentially more harmful as artificial intelligence becomes pervasive in our everyday computing lives and business. Unfortunately, as hackers become savvier, it’s not just enough for a corporation to secure its network systems to react to malware threats on-premise, but to also secure remote workforce as they work remotely from the Covid safety of their homes.
The real concern is the lack of cybersecurity in work environments (either on-premise or remote), whereby compromise may not be recognised for minutes, hours or even weeks after the company’s IT network has been compromised. The biggest problem(s) today in the cybersecurity industry are that point-focused security solutions are simply not working effectively to mitigate security threats at the point of compromise; and, security operating centre (SOC) teams that utilise security solutions are increasingly managing profound amounts of incoming threat data, including on-premise and remote work environments.
These issues translate into IT departments operating with smaller numbers of technical skilled IT individuals, leading not only to cyber fatigue, but their customers becoming victims of successful hackers too. This reality, combined with the pressure to adopt new technologies as budgets are shrinking, is particularly concerning. Thus, it is essential that organisations access much more proactive security solutions with faster response technologies that employ extended intelligent detection methods with real-time risk control.
Artificial Intelligent SOAR
The recent AI patent on security orchestration automation response (SOAR) system may represent a significant improvement required in proactive security. AI-based SOAR reduces the risk management resource needed for human intervention to respond to security incidents when identifying a network breach. The functional elements of AI/SOAR is ‘automated intelligence’, which is aligned with machine learning (ML) capabilities that ‘extend awareness’, including accurate identification of traffic patterns that correlate with business compliance and IT risk analytics.
DDoS vs Ransomware
Distributed Denial of Services (5Gbps attacks or larger) grew 967% over the past year. Concomitantly, attacks under 5Gbps increased exponentially by 257%. Exploitation of smart and IoT devices as well as cyber-criminal innovations are leading to frequent and complex multi-vector attacks. This dramatic increase is the result of attackers amassing complex giant botnets, including insecure IoT devices.
Ransomware is forcing cities, countries, businesses, universities and enterprises to address tough choices. Either pay the ransom and encourage criminals to continue bringing essential services to their knees or refuse to be left with a massive cleanup bill. The AI/SOAR technology helps effectively secure company’s network perimeter by optimising the ability to detect and respond to threats faster at the customer’s IoT network edge. It further quantifies key performance indicators, reducing day-to-day workloads through real-time intelligence and reporting, and streamlines workflows for automated security.
That said, critical infrastructure and financial companies continue to leverage point product technologies to strengthen their “defence-in-depth” IT playbook strategy. This strategy was relevant 5 years ago, but all breach reports suggest that this “in-depth strategy” has not been working for some time.
Critical infrastructure industries are challenged by the business of leveraging new developed technologies that accommodate delivery of new and easier ways to deliver services in a digitally transformed world. The pace of these services is beginning to outperform the ability to deliver them securely. With the increased use of IoT, edge-based devices such as cameras and sensors running on faster 5G networks, security professionals are simply not keeping pace with the security challenges facing them.
The attack surface is too wide, the security technologies are “point focused”. Attackers, meanwhile, have moved from the independent individual hacker to sophisticated nation-state organised crime syndicates. These state-based adversary hacking groups understand that if conventional SOCs continue to deploy point-focused ‘defence-in-depth’ technologies, they will always stay one step ahead.
The article ‘A Symphony for Secure Banking’ (http://telanganatoday.com/a-symphony-for-secure-banking) states that on average, SOC incident response teams, at best, view only 50% of the log files. This leaves 50% of data files never audited, nor investigated. Hence, the attack surface continues to grow. Adding a new point solution only adds to the volume of alerts. Add in Big Data to further the digital transformation and we will simply run out of trained human eyes required to correlate the growing data-points necessary to make effective and accurate allow/block decisions in hours, days or weeks later.
All defence-in-depth technologies were developed with the known fact that collectively they cannot stop the attacker from gaining a foothold on the company’s network. It is assumed they will gain that foothold, then attempt to push the data points (log files) up to a human for the ultimate allow/block decision. However, this strategy has one key problem and that is latency. Latency will get you hacked every time and the adversary knows and exploits this problem.
Compounding all these problems across the industry is shared intelligence. Today shared intelligence is measured in terms of days, even weeks. A more practical view of shared intelligence is measured in terms of seconds or minutes — every 4 seconds to be exact. When a new polymorphic threat is identified, it must be blocked, brought back (educate) to a global threat observatory, distilled to the attributes needed, then update the newly identified malware threat(s) to all the customers within minutes. It is the shared ecosystem specific to this type of technology that keeps customers updated to the known and unknown never seen before techniques.
Risk Aware, Risk Control
Point products with human decision-making add to latency and the latency is getting every well-staffed SOC hacked. Additionally, it seems that all new technology starts from the assumption that the hacker is ‘on’ your network. It is time to stop the point product madness and start making allow/block decisions at the network’s IoT edge in millisecond speed and accuracy.
We must move the battle to the initial handshake, at the network’s edge and take it to that exact point in time when the hacker attempts to get on the network. When we win the battle at the network’s IoT edge, with speed and accuracy, we have won the battle.
As brick and mortar walls vanish within the banking industry, digitally based risk aware, risk control and risk transfer walls or methods must be effectively put to work to secure data at the point of ‘potential’ entry or compromise. In effect, deflecting and reflecting cybercriminals at the network’s point of entry informs risk awareness and risk control. But overlaying ‘data in motion’ insurance at the network data layer is the true answer to network safety and data security.
(The author is CEO, Founder of CloudCover)
Now you can get handpicked stories from Telangana Today on Telegram everyday. Click the link to subscribe.