I confess. It’s human nature after all to be hopeful. But we’ve all done it. Admit it. We’ve fallen for the promise of the “silver bullet”. Maybe not recently. But at some point we did it. After getting burned a couple of times, we’ve learned. We’ve become a bit jaded. Cynical. Skeptical. (And rightfully so.)
“Install this firewall & you’ll block hackers from getting to your network.”
“Virus protection will keep your PCs safe.”
“Macs aren’t susceptible to malware like PCs are.”
“SIEM is going to reveal all the events that let us find all the intrusions.”
“FireEye is impenetrable tests for all malicious code before it can get to your inbox.”
And you hear the absurd claims from sales newbies who wouldn’t recognize an insider threat if it was crawling out their… well, you get my point… “They say things like, “If Target had used our appliance, they would have prevented that from ever happening.” Or… “If that hospital in California had been using our software, we would have found that ransomware before it ever flipped a bit.”
But here I go again. I’m may sound like I’ve got something crawling out my… But, I’m in pretty good company on this one. Here’s 92 of the most brilliant InfoSec authorities involved in venture capital who would say that I might not be too far off the mark… http://cyberlaunch.vc/mentors
Oh and the CISO of Microsoft. And security luminaries at Google (uh… ABC… Alphabet… what is their name now?) And the NSA, M5, & CIA. And online gaming sites & Las Vegas casinos. The interest at RSA was high with sessions on the topic overflowing. I’m not alone, and sadly it’s not beneath me to join in the HYPE CYCLE!!!
*** HYPE WARNING *** STOP READING NOW *** CEASE READING *** ROLL EYES ***
<<pulls out bullhorn>>
Get ready for the most revolutionary game-changing InfoSec revolution… EVER in the history of the world!!! It’s going to change how you consume/assess/detect/resolve security threat!!! It’s going to change the structure of your teams. It’s going to change EVERYTHING!!!
<<Notice all the exclamation points!?! This must really be good!>>
What is it you ask? Machine Learning applied to InfoSec… Data Science… Cognitive Learning… Pattern Recognition… Artificial Intelligence…
InterWorks has identified a number of technologies that have entered production, and more that will come to market soon. A few you may have heard of… Cylance… Vectra… Darktrace… Panopticon…
Others, we’re happy to talk about.
Here’s a couple of reasons that this is so significant and why you need to have it on your radar and budget…
- Forget “false positives”. There’s really no such thing with machine learning. There’s an algorithmic way of classifying, scoring and correlating events/threats/flows/chains/etc., but the days of looking at security in a binary way is about to slip away very, very fast.
- Current methods of threat intelligence overwhelm security analysts. Data feeds that sometimes conflict, sometimes confuse, sometimes overwhelm. Mathematic techniques are able to find patterns, correlations,
- Correlating activities that occur over extended periods of time is almost impossible. The most damaging intruders are patient, often lying dormant for weeks or months to avoid detection.
- There is not a systematic feedback loop with current InfoSec logs & threat intelligence. Cognitive learning takes an analyst’s input and incorporates it into the system.
- Machine learning can incorporate location, presence, time-of day, device usage & group behaviors into its analysis. Here’s a greatly simplified example. The system just noticed John Thomas logged out of his office computer at 5:35PM. He logged in from his home computer at 5:50PM. Whether via automobile or mass transit, the fast route between the office & John’s home is 35 minutes. Further, the smallest differential between John logging off at work and logging in from home is 1 hour. And typically, John’s android device is pinging the mail server from an AT&T 4G network after leaving work and switches to a Comcast address whenever he logs in from home.
OK. It’s not the “silver bullet”. I admit that. Maybe it’s more like a “Hubble Telescope”, a tool that helps us understand the interworkings of our networks and applications & users in a way that we never have before.
Want to learn more? Give us a call or email us… email@example.com