Beating the Bullet: Moving Beyond EDR

How deep learning technology acts pre-emptively to stop attackers before they cause serious damage

A core evaluation of artificial intelligence (AI) in cyber threat landscape indicates that AI is on the verge of overhauling the attack domain. Organizations need to be ready for the next wave of attacks because the reality on the ground will make it very difficult for the cybersecurity eco-system to adequately prepare itself.

The current approach to security is that of detection and response, where the security product is triggered once a file has been accessed. In this constant pursuit of threat hunting and analysis, companies are losing the technological upper-hand against an attack landscape that is increasingly sophisticated, and where advanced attacks easily evade modern detection and response-based products.

Not surprisingly, CISOs and company boards are growing weary of spending much money on a raft of security products, only to later spend more on the aftermath of a breach which inevitably occurs. This comes at an enormous cost, with time and resources spent remediating the breach rather than focusing efforts on developing revenue streams. The frequency of this scenario has prompted some industry leaders to a pursue a new frontier of prevention with a pre-emptive approach that can stop an attack before any damage can be done.

“Is a preventative approach realistic?” Some might question the possibility, but the answer from Deep Instinct, is a resounding, Yes! Worse, there is a false sense of security in the wealth of data and analytics that a detection product provides. Real, effective security is the difference between detection and prevention.

Beating the Bullet: The Preventative Approach

For both networks and endpoints there is a widening gap between the capability of threat actors and the efficacy of detection software, making it harder to adequately protect a device. In the detection and response approach, an attack, or the steps to carry it out, are analyzed post-execution when the SOC team has access as the malicious activity unfolds, creating additional artefacts. However, this effectively puts the security software and the attack in a race, where the software is pursuing the attack by running behind the threat actor. This reactive approach means that organizations have all the data they could possibly want about a breach, but little to no means of actually stopping it, relying mostly on human skill to identify, contain and remediate damage.

This common approach of detection and response, which is intended to reduce risk, exacerbates it and highlights the business case for a pre-emptive cybersecurity solution. CISOs shouldn’t resign themselves to products that operate post-execution but should demand a solution that acts pre-emptively to keep them protected.

By definition, a zero-time preventative solution incorporates five elements to distinguish it from a detection and response-based solution, or other supposedly preventative tools. These include:

  1. Pre-execution – The solution is designed to be triggered before any malicious business logic takes place. For example, as soon as a file is accessed, downloaded on to a device, or malicious code injection is fully executed.
  2. Autonomous – Once the solution is activated, it autonomously analyzes and makes decisions on prevention and alerts, regardless of human involvement and Internet connectivity. If a human is involved it’s not a real-time offering.
  3. Zero-time – Any new data artefact or file must be analyzed in a matter of milliseconds, prior to being executed, opened or causing compromise, effectively providing a zero-time response.
  4. All threats – The solution’s design should cover a broad range of cyberattack vectors and surfaces, both known and unknown threats.
  5. All environments – the solution should protect a wide range of OSs and environments, be it networks, endpoints, mobile devices or servers, from a single unified platform.

Currently, deep learning is the only technology available that is able to deliver these five elements to provide a real prevention-oriented solution. The adaptation and application of deep learning makes it possible to harness its innate advantages of fast inference and high accuracy. The rigorous analysis of deep learning also provides a remarkably low false positive rate, despite the higher rates of detected files.

To learn more about the evolution from detection and response to Prediction and Prevention, read the whitepaper Reinventing Cybersecurity Prevention with Deep Learning

Guy Caspi, CEO & Co-founder, Deep Instinct

A serial entrepreneur, Guy Caspi has spearheaded companies in senior positions through entire life cycles, from start up, accelerated growth and up to IPO in Nasdaq. Guy has in-depth knowledge of machine learning and deep learning assimilation in cybersecurity, which he has applied to his unique go-to-market execution experience.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.