Cyber security innovation has stagnated, and we need a new approach
Article by Virsec A / NZ Regional Director Robert Nobilo.
It is often said that the definition of madness is to do the same thing over and over again and expect a different outcome. If this is the case, the cybersecurity community is suffering from collective insanity. In its efforts to protect computer systems and the organizations that use these systems from cyber attacks, the cybersecurity community has been taking the same approach: offering solutions that improve slightly, but not radically different from the previous ones.
With each new product or supposed innovation, the industry has promised a lot but contributed little. The only way to remedy this is to take a radically different approach.
Today, software manages the world
Let’s see where we are today with the software. It is ubiquitous, it sustains almost everything we do: how we buy things, how we work, how we communicate; how we entertain ourselves. It processes and retains our personal data, our payment information and more.
All of these ways we rely on software offer endless opportunities for attack. To make matters worse, the number and severity of these opportunities exploded with the advent of COVID-19. Many people started working remotely and the attack surface increased exponentially. More importantly, so did the number of “lucrative” targets because remote workers no longer “protected” their corporate networks from sensitive company data all of a sudden.
Not surprisingly, the COVID-driven connectivity explosion sparked an explosion of cybercrime activity. Criminals quickly developed new tools and techniques to exploit vulnerabilities and penetrate defenses, and were very successful.
Current approaches do not work
The cybersecurity community has tried to respond to these threats as quickly as possible by increasing investment in traditional tools such as EPP and EDR tools and more advanced behavioral tools, in an attempt to identify and block threats more quickly. However, these approaches only work for known threats and we are still experiencing significant downtime even before these attacks are detected, let alone responded to and resolved.
Some of these traditional tools now use machine learning algorithms to try to detect malicious activity, but they also produce many false positives. In addition, it can take many minutes, hours, and days after an attack before the alarm goes off, at which point damage is most likely. This is of little help when malicious software can cause damage in milliseconds.
In addition, these tools require labor. Require continuous adjustments and updates by experts. Cybersecurity skills were already scarce before COVID. The pandemic not only increased the demand for cybersecurity skills, but infections and quarantine requirements also reduced staff availability. Currently, 60% of computer security professionals say they have a small workforce.
Traditional tools also embody the cybersecurity paradigm that has prevailed for years: detecting a threat, responding to it, and solving it. While these tools try to detect malicious activity before it can cause damage, they are never 100% successful because they are based on learning from previous successful attacks to predict how future attacks will occur.
The obvious problem here is that they require prior knowledge of an attack in order to provide effective protection, similar to how vaccines learn to protect themselves against a particular virus. This also means that they often miss any unknown threat directed at them, giving the opponent enough time to wreak havoc on a computer system before the alarm goes off.
Take a new and better approach: protect computer systems from the inside out
Every cyberattack has one thing in common: the code; so all attacks are carried out by planting malicious code. Therefore, if we focus on the code specifically and not on the attacker, we are more likely to block any cyberattack. This is the protection of the software from the inside out. It represents a new approach to cybersecurity, which is different from the old notion of protecting the perimeter of a computer network and keeping attackers out of it.
So how do we protect ourselves from the inside out? Enter “deterministic” security tools. “Deterministic” tools can analyze every piece of software that an organization has running on its network and determine exactly how each one should behave (and what its code should look like). If these tools detect any deviation from the standard, they immediately block execution. Deterministic tools are not based on any prior knowledge of the threat. They do not require threat clouds, long learning periods, or periodic adjustments and updates to be “safe.” Nor do they alert an organization when it is too late. These tools prevent attackers from planting malicious code in real time before they have had a chance to install malware or leak data.
Businesses are using an increasing number of software applications; Internally developed applications, cloud deployed applications, open source applications, third-party applications, and more.
By focusing only on how to run software and stopping it when it does something different, deterministic protection provides 100% protection against all known and unknown threats.