The Future of CyberSecurity: Real-Time Threat Detection

The deck is stacked against defenders in cybersecurity, but a new breed of threat detection could help even the odds.

This last year has made the need for immediate help obvious, first with the Equifax hack and now Meltdown and Spectre, there’s now a focused attention towards the fundamental characteristic of cybersecurity.

Peter Thiel put simply:

One of the challenges with cybersecurity is that there is something about it where it’s very asymmetric. In most forms of military technologies, the defense side is pretty good… I think people’s intuitions are shaped by their everyday experience where there’s more balance between attack and defense. In the world of cyber, there’s no balance at all. Attack is super easy; defense is super hard.”

What Makes Cyber Defense So Difficult?

Part of what makes defense so difficult is the ability for attackers to probe defenses efficiently without being detected. If we were to try to understand cybersecurity in familiar terms, it would be like tasking a military force to defend a position while all your defenders were blindfolded.

Visibility is a large part of the problem, but the depiction isn’t 100% accurate. Defenders find it incredibly difficult to detect fraudulent activity not because they cannot see anything, but because they are overwhelmed by seeing too much. Vast stockpiles of security data pass through defenses constantly. From login attempts to downloads to password changes, most of this data is created by authentic users acting in good faith. Unfortunately when trying to manage this enormous amount of data, nefarious activity often, almost always, goes undetected until well after the fact.

This fundamental problem has always made cybersecurity unusually difficult to perform reliably, particularly for the most obvious targets. Hacking Equifax was undoubtedly a hackers dream; the equivalent of the Super Bowl. With the odds stacked against the defenders, it is amazing that these big targets are compromised as infrequently as they are. Security companies and the businesses that hire them are actually performing admirably with the tools currently available. Unfortunately, attacks are still succeeding so something needs to change because these hacks are unsustainable. Security and trust is too important.

A New Cybersecurity Technology Just Went Mainstream

Peter Thiel, the entrepreneur quoted above, is spearheading a movement in applying machine learning to cybersecurity. The issue is not availability of data, but abundance of data. Turning the data into useful information is the primary challenge, precisely the challenge that machine learning can overcome.

Machine learning is when a program can improve its ability to solve questions over time as it is exposed to incoming data. Voice recognition software employs machine learning by processing pre-recorded speech and text matches. Millions of samples are delivered to teach the software to guess what the text will be for a voice in real time. By the time you ask Siri or Google for directions to the nearest gas station, the algorithm has already experienced so many other voices, words, and dialects that you can be understood easily, whether you are from Texas, Boston, or Denver.

Applied to cybersecurity, machine learning proceeds by examining authentic calls on the system: all the login attempts, downloads, and droves of security data that would overwhelm human security personnel. Once enough data has been processed, it has a knack for identifying potentially fraudulent activity, and it will alert defenders in real-time whenever suspicious activity is detected.

Suddenly, beautifully, the blindfold is lifted, and attacks can be identified and thwarted before they penetrate defenses.

Companies Developing and Applying Machine Learning to Cybersecurity Today

The idea of real-time threat detection has existed for some time, but now some large players have entered the field. Our security partners, Webroot and Fortinet, are applying and improving machine learning to/with their security solutions at a rapid and growing pace.

It is not a question of usefulness, it is only a question of how well attackers will be able to disguise their attacks in the future. But regardless, this innovation is a game changer.

The deck is stacked against defenders in cybersecurity, but a new breed of threat detection could help even the odds.

This last year has made the need for immediate help obvious, first with the Equifax hack and now Meltdown and Spectre, there’s attention to a fundamental characteristic of cybersecurity that Peter Thiel put simply:

“One of the challenges with cybersecurity is that there is something about it where it’s very asymmetric. In most forms of military technologies, the defense side is pretty good… I think people’s intuitions are shaped by their everyday experience where there’s more balance between attack and defense. In the world of cyber, there’s no balance at all. Attack is super easy; defense is super hard.”

What Makes Cyber Defense So Difficult?

Part of what makes defense so difficult is the ability for attackers to probe defenses efficiently without being detected. If we were to try to understand cybersecurity in familiar terms, it would be like tasking a military force to defend a position, but to do so while all defenders were blindfolded.

Visibility is a large part of the problem, but the depiction isn’t 100% accurate. Defenders find it incredibly difficult to detect fraudulent activity not because they cannot see anything, but because they are overwhelmed by seeing too much. Vast stockpiles of security data pass through defenses constantly. From login attempts to downloads to password changes, most of this data is created by authentic users acting in good faith. There is unfortunately so much of this kind of data that nefarious activity often, almost always, goes undetected until well after the fact.

This fundamental problem has always made cybersecurity unusually difficult to perform reliably, particularly for the most obvious targets, like Equifax. Hacking Equifax was undoubtedly a hackers dream, the equivalent of the Super Bowl. And with the odds stacked against the defenders, it is amazing that these big targets are compromised as infrequently as they are. Security companies and the businesses that hire them are actually performing admirably with the tools currently available. And yet, something needs to change because these hacks are unsustainable. Security and trust is too important.

A New Cybersecurity Technology Just Went Mainstream

Peter Thiel, the entrepreneur quoted above, is spearheading a movement in applying machine learning to cybersecurity. The issue is not availability of data, but abundance of data. Turning the data into useful information is the primary challenge, precisely the challenge that machine learning can overcome.

Machine learning is when a program can improve its ability to solve questions over time as it is exposed to incoming data. Voice recognition software employs machine learning by processing pre-recorded speech and text matches. Millions of samples are delivered to teach the software to guess what the text will be for a voice in real time. By the time you ask Siri or Google for directions to the nearest gas station, the algorithm has already experienced so many other voices, words, and dialects that you can be understood easily, whether you are from Texas, Boston, or Denver.

Applied to cybersecurity, machine learning proceeds by examining authentic calls on the system: all the login attempts, downloads, and droves of security data that would overwhelm human security personnel. Once enough data has been processed, it has a knack for identifying potentially fraudulent activity, and it will alert defenders in real-time whenever suspicious activity is detected.

Suddenly, beautifully, the blindfold is lifted, and attacks can be identified, and thwarted before they penetrate defenses.

Companies Developing and Applying Machine Learning to Cybersecurity Today

The idea of real-time threat detection has existed for some time, but now some large players have entered the field.

  • Palantir – Peter Thiel is CEO and Cofounder
  • Darktrace – Has a long list of successful case studies to prove its technology works
  • Chronicle – Google created Alphabet, a parent company. Alphabet created “X,” a technology incubator for the big-research but big payoff opportunities in technology, like self-driving cars. In January, X created Chronicle, a cybersecurity company that will use machine learning to expose threats.

It is not a question of usefulness. At this point, it is only a question of how well attackers will be able to disguise their attacks in the future. But regardless, this innovation is a game changer.

Resources

Peter Thiel on cybersecurity: Very hard to defend, very easy to attack

CEO and Co-founder of Chronicle, Stephen Gillett. “Give Good the Advantage.”

Powered by estound

© Platte River Networks - All Rights Reserved

Privacy Notice

Proud Member of the following organizations: