By Brooks Wallace, VP EMEA at Deep Instinct
As the cyber security industry grows and the cyber landscape changes, criminals are getting smarter and are overcoming even the most challenging cyber defences. Our news is saturated with cyber attacks targeting a different organisation in a different industry each and every day, so we can be forgiven for thinking that a solution to stopping cyber attacks altogether will never be available.
However, despite the plethora of attacks we witness, only 77 percent of UK businesses claim that cybersecurity is a high priority, and a staggering 39 percent have reported breaches or attacks in the last 12 months. Whether it’s the attitude towards security that needs to change, or the technology solutions themselves, it’s time to look towards a more innovative and effective solution that takes a prevention-first approach.
One approach that is allowing organisations to take control of their security and stop attacks from entering their networks completely, is deep learning (DL). Deep learning is the next step in the evolution of cyber security as its very foundations take inspiration from how the human brain works. Unlike machine learning (ML), DL is capable of making unsupervised decisions resulting in files being identified as benign or malicious autonomously. DL also has an incredibly fast processing speed and can identify a potential breach in less than 20 milliseconds, meaning the number of threat alerts received are lessened and the potential for false positives is reduced drastically.
For too long, organisations have assumed that there will come a time when they are attacked and have therefore been focused on solutions that mitigate an attack once they have already breached a network. Should we not, instead, focus on stopping and preventing these attacks altogether, so we don’t end up as victims?
Changing for the better
Many companies are using conventional technology, like machine learning (ML) for detection and remediation of cyber threats and attacks. However, ML technology has several flaws that criminals can exploit. In particular, traditional ML machines are vulnerable to being manipulated with “poisoned” data sets that have been created by another ML tool. These sets feed the solution bad data, cleverly training it to ignore genuine threat data and creating false negatives that the attackers can hide behind, tricking a model into thinking something malicious is benign.
ML tools are also usually reliant on data feeds from AV, endpoint detection and response (EDR), and other security tools. This means they can only react to, rather than predict threats, something adversaries are increasingly capable of exploiting with attacks designed to wreak havoc before they can be detected by the organisation’s security team.
While DL is not a new technology and is currently being used by companies such as Tesla and Netflix who use it to analyse and congregate data for a more personal experience, it is a relatively new concept in cybersecurity. Deep learning is currently being used in cybersecurity from the creation of a neurological network which has been ‘trained’ by raw data samples, containing millions of labelled files both malicious and benign. Over time, the network learns to instinctively identify malicious code. Because the neural network is being trained with this raw data, it can predict and prevent attacks before they take place. This technology moves away from the traditional endpoint detection and response approach to one of complete prevention – seeing and stopping potential threats before they become real-time threats.
Making it a number one priority
Deep learning is able to eliminate potential threats and risks that ML simply cannot. Cyber criminals are constantly evolving their techniques in order to attack organisations and breach a network, so conventional ML solutions simply cannot be enough anymore. DL is able to predict and prevent even the most sophisticated attacks before they’ve entered the network.
The number one priority for security teams is to anticipate risk and work to be steps ahead of cyber criminals. The nature of deep learning makes it harder for criminals to compromise the technology, and therefore allows an organisation to have a stronger defence against attacks.
Ransomware attacks that have made the headlines on an almost daily basis have the ability to cripple a business’ operations for weeks, if not months, and can even have the power to completely destroy the business altogether. A deep learning approach can give IT leaders peace of mind knowing that known and unknown attacks are being prevented with both speed and accuracy. Applying deep learning as part of a multi-layered security stack can reduce the number of alerts a security team is reviewing every week by as much as 25%, giving security teams time back that would otherwise be spent on recovering lost assets.
While organisations will still need conventional technology to maintain a strong infrastructure, deep learning can dramatically improve their security stance by providing complete protection.
Organisations looking to begin incorporating deep learning into their existing infrastructure will need to consider how it will interact with existing solutions and processes. However, it can be used with conventional technology to further enhance the organisation’s security posture. Once it is properly integrated into the security stack, SOC teams will benefit from an immediate reduction in the volume of false positives and other low-level alerts consuming their days. Better yet, the organisation will be able to change their security stability from reacting to incoming attacks to proactively predicting and stopping them before they’ve entered the network.
With the onslaught of attacks companies are witnessing on a daily basis, security teams are desperate for a solution that actually works and can stop them from becoming victims and headline news themselves. Being able to stop criminals in their tracks before they even come close to a company network will prove extremely valuable. Deep learning as a solution, therefore, gives an organisation the ability to predict and detect unknown attacks, all without the assistance of human engineering, and this will revolutionise their cyber defence. With deep learning, businesses will not only be able to prevent the attacks of today, but also predict and prevent the attacks of tomorrow.