New deep learning tools can help us win the cyber war
For as long as humans have been fighting wars, innovation has allowed the eventual winning side to gain the upper hand. From the creation of the phalanx to the guerrilla warfare tactics that won the American Revolution to the use of air superiority to control ground warfare, we have seen military operations evolve to meet the challenges of time and place. Today’s wars are fought as much in cyberspace as they are on the physical field of battle – and are being waged against organizations large and small, not just between nations and their militaries.
As we’ve seen with the recent hybrid war between Russia and the Ukraine, cyberattacks are an important tool of modern warfare. Nation-states now use less overt ways to breach their adversary’s cyber defenses, disrupting military operations and critical infrastructures such as water, electricity, traffic routing, banks, and strategic institutions. But shadow wars are now being fought every day without most people being the wiser. Government agencies regularly release advice and warnings about cyberattacks and are taking a more active role in helping identify and dismantle threat groups. But threats are becoming more sophisticated across the board – forcing organizations of all sizes to strengthen their security posture and prepare for a greater range of threats than ever before.
The past few years have brought some of the most harmful and expensive cyberattacks the world has seen. Prominent trends include the exploitation of supply chain connections – such as the Colonial Pipeline attack that dominated news headlines and impacted fuel supplies up and down the US east coast – and a more recent move towards fast-acting, high-impact attacks that are so swift that organizations cannot detect or stop these attacks in time to prevent damage.
Threat actors and nation-states are always evolving their attack techniques and strategies, making it difficult for security professionals to stay ahead of the attackers for very long. Like a cat and mouse game, there’s an action and reaction that plays out daily by defenders and attackers that makes innovation crucial to stopping the newest and most destructive techniques.
One of the most challenging recent examples of this evolution has been with artificial intelligence (AI) technology. Machine learning (ML), the most common subset of AI, now plays an increasingly central role in threat detection and analytics. Many organizations consider it something of a secret weapon against cyber threats. Adversaries have shown they are not only able to keep ahead of ML technology, but can even subvert it to their advantage. Coined as Adversarial AI, threat actors use ML to target ML, exploiting weaknesses to fool an organization’s systems into thinking the incoming attacks are harmless, and therefore granting free access and movement virtually undetected.
The cloud has become the weakest link
Threat actors have a perpetual advantage over organizations amid digital transformation and cloud migration efforts. IT estates have become increasingly large and complex as firms pursue their digital agenda, with most organizations employing both multi-cloud and hybrid strategies. While this offers the agility and cost-effectiveness necessary to stay competitive, it also results in a significantly larger attack surface that’s harder to manage and protect effectively. Add in work-from-home and work-from-anywhere business trends, and the attack surface expands even more.
The fact that defenders must react to this changing landscape has become one of the most critical failing of reactive solutions like machine learning-powered defenses. While much faster and more efficient than any human, these tools must still wait for a threat to become present within the environment to identify it and then hope to stop it. In a complex IT environment full of potential attack paths and blind spots, it’s all too easy for an adversary to deploy a rapid ransomware attack that inflicts serious disruption before the defensive solutions can act. Proactive defenses are the only real method to prevent attacks – stopping them at the perimeter of the environment before they have a chance to enter and cause serious damage.
We can get ahead of cyber threats
With the bad actor community continuously evolving its tactics and strategies, the cybersecurity community needs to evolve its approach to countering cybercriminals. It’s important that security professionals have the right procedures and processes in place to defend against attacks. This includes simulating and demonstrating the current map of threats so that they themselves can take the proactive steps to stay ahead of the modern-day cybercriminal.
Greater collaboration between the public and private sector will become more normalized, with the sharing of intelligence between these two sectors going a long way in helping to shore up defenses. While more needs to happen on this front, by both sides, it’s encouraging to see those walls get broken down for the greater good.
The industry now also recognizes that it needs a prevention-first approach to stop today’s sophisticated threats. Many current tools focus more on mitigating the damage of attacks after a breach has occurred – a counterintuitive approach given the advances the industry has seen in threat prevention technology. Rather than letting attackers in and taking an “assume breach” mentality, more experts are recognizing that AI-driven solutions can detect and prevent attacks before they can execute in an organization’s environment and cause damage.
For example, deep learning (DL) has helped make cybersecurity strategies more proactive and less reactive. DL is the most advanced subset of AI that currently exists and it’s a huge step forward in computing when compared to machine learning. DL can accurately predict and identify dangers such as zero-day threats that bypass most current security solutions and can detect and defeat adversarial AI attacks which are becoming more prevalent.
Winning the cyber war
Cyberwarfare has changed the way nations and organizations view their overall security. Being aware of the risks serves as the first step in being better prepared. For step two, organizations must create defenses that can guard against even the most difficult to detect and insider attacks. Advancements like DL, which provides the speed, accuracy, and the computing power to detect and prevent the most advanced cyber threats, has emerged as a relatively new tool that cyber professionals have added to their security stack to stop breaches in their tracks. The ability to prevent and predict cyberattacks gives organizations the confidence they need to stay on the winning side of this growing war against cybercriminals.
Guy Caspi, co-founder and CEO, Deep Instinct