How deep learning can deliver improved cybersecurity [Q&A]
Traditional cybersecurity isn't necessarily bad at detecting attacks, the trouble is it often does so after they have occurred.
A better approach is to spot potential attacks and block them before they can do any damage. One possible way of doing this is via 'deep learning' allowing technology to identify the difference between good and bad.
We spoke with Brooks Wallace, cybersecurity sales leader at Deep Instinct to find out more about this innovative solution.
BN: Why aren't traditional approaches to cybersecurity working?
BW: If you look at cybersecurity, there's always been this holy grail of prevention. But we see that because traditional cybersecurity companies use conventional technologies and machine learning approaches focusing on detection, which don't prevent attacks as they have to execute first to be detected and remediated. Deep learning is able to address that problem.
BN: So how is deep learning different?
BW: Machine learning is built using data that is given to a machine to learn the difference between good and bad, that data is compiled by an individual or an organization and that is handed to the machine to understand what the differences are. This relies on someone seeing the difference between good and bad, as it can be given data that's a subset of data all the data that is known malicious or benign.
A deep learning framework takes all the raw data that is available and there’s no human interaction. There's no one saying this is good, this is bad. It works autonomously to understand the differences and is making its own decisions. This is really powerful because it is building a great understanding the differences between what is good and bad. It means you can prevent attacks before they strike.
BN: How does this help protect the new remote working model?
BW: It's autonomous and making decisions on its own without any interaction, even without any connectivity to the internet. That's super important for a number of verticals, if you're in the field, your device is still protected and because there’s an agent that is sitting there with a very small footprint.
It's as effective in solving and preventing known and unknown threats because of the way that it's structured. It's also powerful because it doesn't require constant updates. Compared to other technologies today, you're getting rid of all this clutter and noise around managing your device -- or even network -- security by using deep learning.
BN: Ransomware attacks are big news at the moment, how can deep learning help prevent them?
BW: We're seeing a massive rise in sophisticated nation state ransomware, with attacks against enterprises across Europe and the US. Colonial Pipeline for one example, hospitals being attacked universities in the UK being attacked, causing disruption and serious downtime for lots of organizations that then have to spend their time recovering lost assets. So ransomware is the biggest thing in the boardroom right now. Delivering prevention means being able to stop the ransomware before it can execute and do any damage.
A trend we're seeing at the moment is AI data poisoning, where malicious pieces of data are inserted into the AI model and are used to attack the systems. If a hacker can poison the data that is given to the AI, the machine doesn't know. And that's scary because now there's a backdoor it's opened up. There's now this AI on AI battle taking place in real time. Deep learning allows you to build in a series of techniques in order to protect against and prevent that type of data poisoning.
It's a war of attrition between the attackers and the good guys, these nation states or small armies of hackers under strict discipline to focus on stealing money, or government secrets or just disrupt. This what's driving the evolution of the next wave of cybersecurity and the need for deep learning.
BN: How much does the human factor come into play?
BW: The FBI is claiming that cyberattacks have increased by more than 400 percent since the start of the pandemic and this is because people have started working from home and they're using their laptops and desktops in ‘dirty’ home environments. It's this perfect storm of strain on IT resources for any organization. Security used to be in a containerized room in an office space and everybody was locked down, today that doesn't apply, it's not available to anyone.
People are clicking on these malicious links, perhaps because they don't know any better or maybe haven’t been educated correctly. Maybe they just forgot, maybe they're not aware of the targeted attacks we're seeing.
Security professionals are crying out for change, they're looking for solutions that use deep learning, because they understand the threat to the user base isn't going to change behavior. But using the right solution on the device that is able to prevent attacks, before they can execute and infiltrate the system laterally, will make them more secure.
BN: How does deep learning work with existing security solutions and can it apply to any size of business?
BW: the best approach is still multi-layered, but you can make that work for a lot less for the enterprise, by augmenting your security stack with something powered by deep learning. You're going to get this professional front which cuts down on all the alert fatigue that organizations are experiencing which leads to burnout, and which leads to all kinds of costs. Deep learning technology allows us to reduce the cost of ownership of an entire security stack, while providing more efficiency for an organization.
Smaller organizations are rushing out to have somebody else manage their security and turning to MSSPs. By adding this to their security stack MSSPs can reduce the amount of time they have to spend on managing each of their individual accounts, benefiting their own bottom line but also providing security effectively with fewer and fewer alerts, and fewer false positives.