Article by Virsec A/NZ Regional Director, Robert Nobilo.
It is often said that the definition of insanity is doing the same thing over and over again and expecting a different result. If so, the cybersecurity community suffers from collective madness. In its efforts to protect computer systems and the organizations that use those systems from cyberattacks, the cybersecurity community has taken the same approach: offering solutions that are slightly improved, but not radically different from previous ones.
With each new product or supposed innovation, the industry has promised much but delivered little. The only way to remedy the situation is to adopt a radically different approach.
Today, software rules the world
Let’s see where we are today with software. It is ubiquitous and underpins almost everything we do: how we buy things, how we work, how we communicate; how we entertain ourselves. It processes and stores our personal data, payment information and much more.
All of these ways we rely on software present endless possibilities for attack. To make matters worse, the number and severity of these opportunities exploded with the outbreak of COVID-19. Many people have started working remotely and the attack surface has grown exponentially. More importantly, the number of “lucrative” targets also increased, as sensitive corporate data was suddenly accessed by remote workers who were no longer “protected” by their corporate networks.
Unsurprisingly, the explosion in connectivity caused by COVID has produced an explosion in cybercriminal activity. Criminals quickly developed new tools and techniques to exploit vulnerabilities and penetrate defenses, and they were very successful.
Today’s approaches don’t work
The cybersecurity community has tried to respond as quickly as possible to these threats by increasing investments in traditional tools such as EPP and EDR tools and more advanced behavioral tools, to try to identify and block threats more quickly. . However, these approaches only work for known threats, and we still experience significant wait times before these attacks are even detected, let alone responded to and resolved.
Some of these traditional tools now use machine learning algorithms to try to detect malicious activity, but they also produce many false positives. Additionally, many minutes, hours, and days can pass after an attack before an alarm is triggered, at which point damage is most likely done. This is of no use when malware can inflict damage in milliseconds.
Moreover, these tools are labor intensive. They require continuous adjustments and updates by experts. Cybersecurity skills were already in short supply before COVID. Not only has the pandemic increased the demand for cybersecurity skills, but infections and quarantine requirements have also reduced staff availability. Today, approximately 60% of IT security professionals report being understaffed.
Traditional tools also embody the cybersecurity paradigm that has prevailed for years: detect a threat, respond to it and remediate it. Although these tools attempt to detect malicious activity before it causes damage, they are never 100% successful, as they rely on learning from previous successful attacks to anticipate how future attacks will unfold.
The obvious problem here is that they require prior knowledge of an attack in order to provide effective protection, similar to how vaccines learn to protect against a particular virus. This also means that they frequently miss unknown threats targeting them, giving an adversary plenty of time to wreak havoc on a computer system before the alarm is triggered.
Take a new and better approach: protect IT systems from the inside out
Every cyberattack has one thing in common: code; whereby all attacks are performed by planting malicious code. So, if we focus specifically on the code and not the attacker, we have a better chance of blocking any cyber attack. This is inside-out software protection. It represents a completely new approach to cybersecurity, which differs from the age-old notion of protecting the perimeter of a computer network and keeping attackers away from it.
So how do you protect yourself from the inside out? Enter “deterministic” security tools. “Deterministic” tools can analyze every piece of software an organization runs on its network and determine precisely how each should behave (and what its code should look like). If these tools detect a deviation from the norm, they immediately block the execution. Deterministic tools do not rely on any prior knowledge of the threat. They don’t need threat clouds, long learning curves, or regular tuning and updating to be “secure”. Nor do they notify an organization when it is too late. These tools prevent attackers from planting malicious code in real time before they have had a chance to install malware or exfiltrate data.
Businesses use an ever-increasing number of software applications; in-house developed apps, cloud deployed apps, open source apps, third party apps and more.
By focusing only on how the software should work and stopping it when it does something different, Deterministic Protection provides 100% protection against all known and unknown threats.