Skip to main content

Stop mitigating cybersecurity threats and start preventing them

cybersecurity
(Image credit: Image source: Shutterstock/deepadesigns)

The impacts of a successful cyberattack can be devastating. Through multiple forms of extortion, criminals can use stolen data and other business-critical assets, including sensitive financial and customer data to hold companies hostage with just one campaign. The average cost of a phishing attack last year was $832,500, with zero-day attacks costing around $1,238,000. Spending this amount of money to recover from a cyberattack could bring a company to its knees. Today’s cyberattacks present very real existential threats to businesses and C-level executives are beginning to fully realize the gravity of these threats. It is critical that organizations invest in solutions that are going to help stop these attackers before they enter their environments. 

However, with so many solutions on offer, companies are often settling for solutions that don’t provide the necessary level of protection against advanced malware. Expecting a mitigation approach to protecting against an attack is a recipe for failure. Many solutions on the market only identify attacks once they’ve been executed and are present in an environment, which is too late. If these checks take up to 60 seconds to detect an unknown threat, that’s 60 seconds too long.

Where existing security approaches fall short 

An organization’s security position is dependent on a number of factors – company age, financial viability, and the expertise of the security team, to name a few. Where larger, more experienced companies have bigger budgets and a more mature security stack with a layered defense, younger or smaller businesses may have a less sophisticated security setup. These organizations often have to take a more reactive approach to cybersecurity due to limited resources, leaving them open to more exposure. 

As cybersecurity has evolved, SOC teams have seen that certain prevention techniques do not work, so they turned their attention to endpoint detection and response (EDR). The belief was that if they could understand where an attack originated, then they could address those weaknesses to prevent further attacks. However, the speed at which cyber threats are evolving means that attackers are finding new and faster ways of accessing targeted environments. 

There are a number of practices that all organizations should deploy as part of their baseline defense systems. Providing employee security awareness training to promote good cyber hygiene, including an emphasis on how to spot phishing attempts, should be woven into a company’s culture. On top of this, all systems should be patched, up-to-date, and an effective endpoint protection platform (EPP) should be implemented. But what’s the next step?

Deep learning is the next evolution in cybersecurity  

Deep learning is the most advanced subset of artificial intelligence and takes inspiration from how the human brain works. The more data that is fed into the deep neural networks at the core of deep learning, the better it is at intuitively understanding the meaning of new data. It, therefore, does not require a human to help it understand the significance of new features. This neurological network is ‘trained’ by raw data samples that contain millions of files labeled as malicious and benign. Given time, the system learns to instinctively differentiate malicious code from benign code. 

Machine learning (ML) is quite different 

ML, on the other hand, requires manual processes where an employee is needed to categorize the data sets and feed them back into the system. Cybercriminals have recently begun manipulating machine learning for their own gain, using tactics like poisoning data sets so that the system fails to recognize malicious content. Deep learning-based security is not susceptible to these attack techniques because it uses raw data which is far more resilient to adversarial attacks. Deep learning mimics a human brain in that it processes and categorizes data unsupervised, without the need for human interference, and it, therefore, becomes predictive. This predictive technology allows threats to be immediately prevented and would be instrumental in stopping some of the world’s most high-profile recent attacks- like the ransomware attack on Colonial Pipeline where criminals gained access to the company’s systems through a malicious email. Deep learning-based cybersecurity is designed to identify and stop these types of attacks in their tracks. 

Evolving thinking around the best solution  

With complete preventative options available, businesses that choose to stick with mitigation solutions are providing attackers with vulnerabilities to access their environments. Previous attacks have demonstrated that once an adversary gets into an environment, they’ll start inserting back doors to allow for access at a later date. Solutions that are designed to mitigate cyberattacks are often limited in their scope as they can only be applied to certain areas of the network, so weaknesses often remain. 

Security teams are overloaded with responsibilities, to the point where genuine threats could be missed due to thousands of alerts coming through in any one day, leading to alert fatigue. Most solutions, although driven by automation, still rely on a certain level of human interaction. Deep learning, however, reduces the amount of pressure on SOC teams and frees up their time as it functions independently. 

To complicate matters more, the competitive cybersecurity landscape and the varying approaches to stopping cyberattacks can make defining the ‘best path forward’, difficult even for the most well-read cyber pro. While businesses want to market their offering as ‘next best thing’ in terms of AI and ML, all solutions are not created equal (despite what their marketing may imply). Just as AI and ML have become buzzwords in recent years, so too is deep learning being wantonly used by companies, without much thought for what it is or can actually do. Understandably, it’s almost impossible for businesses to know which solution is right for them when they have hundreds of options, all attached with varying promises of cyber protection. 

Education and patience- are key to helping businesses find the right solution for them. With deep learning, as a concept that is often muddled with machine learning, many customers may not fully understand the technology behind it, so vendors need to provide the necessary learnings upfront. 

Preventing threats with deep learning 

Deep learning can deliver a new level of defense against the onslaught of cyberattacks experienced by organizations today. Staying at the bleeding edge of innovation is the only way to outpace new and ever-evolving cyberattacks, protecting your organization, employees, and customers. 

However, too many organizations are still settling for a mitigation approach to cybersecurity where they consider success to be stopping an attack once the hackers are in their environments. Deep learning is designed to be added to an existing security stack, rather than replacing old technology – making your security posture complete. This integration can reduce the number of alerts a security team receives each week by 25 percent or more. It will also transition businesses away from traditional detection and response systems, which lack the ability to prevent attacks before entering the system. It’s about becoming more proactive and less reactive. 

Deploying a predictive and preventative solution built on a deep learning foundation will make a multi-layered security stack extremely robust in stopping known and unknown cyberattacks. When the negative consequences of a successful attack are so extreme, the time for mitigation is over. The time for a prevention-first era has officially arrived.

Chuck Everette, Director of Cybersecurity Advocacy, Deep Instinct

Chuck Everette is the Director of cyber security advocacy at Deep Instinct.