Despite sophisticated tools and solutions that are being rolled out by cybersecurity vendors, every IT security officer knows that data breaches eventually happen — it’s not about the if but the when — and they usually go undetected for a long time.
Machine-learning-powered solutions have somewhat remedied the situation by enabling organizations to cut down the time it takes to detect attacks. But we’re still talking about attacks that have already happened.
What if we could stay ahead of threat actors and predict their next attack before they take their first destructive step? It might sound like a crazy idea out of Spielberg’s Minority Report,but thanks to the power of predictive analytics, it might become a reality.
Predictive analytics is the science that is gaining momentum in virtually every industry and is enabling organizations to modernize and reinvent the way they do business by looking into the future and obtaining foresight they lacked previously.
This rising trend is now finding its way into the domain of cybersecurity, helping to determine the probability of attacks against organizations and agencies and set up defenses before cybercriminals reach their perimeters. Already, several cybersecurity vendors are embracing this technology as the core of their security offering. Here’s how predictive analytics is changing the cybersecurity industry.
The traditional approach to fighting cyberattacks involves gathering data about malware, data breaches, phishing campaigns, etc., and extracting relevant data into signatures, i.e. the digital fingerprint of the attack. These signatures will then be compared against files, network traffic and emails that flow in and out of a corporate network in order to detect potential threats.
While signature-based solutions will continue to remain a prevalent form of protection, they do not suffice to deal with the advanced and increasingly sophisticated cybercriminals who threaten organizations.
“In the past decade or so, the landscape of cyber security threats has changed dramatically,” explains Amir Orad, CEO of analytics company Sisense. “The bad actors have transitioned from ‘script kiddies’ to organized crime and state actors, which direct highly sophisticated attacks against specific targets, for example via APTs — agents that infiltrate your IT systems and surreptitiously trickle minute amounts of data outwards.”
A Verizon Data Breach Investigations Report reveals that more than 50 percent of data breaches remain undiscovered for months. In contrast, thanks to the array of innovative malware, botnets and other advanced data-theft tools at their disposal, attackers only need minutes to gain access to the critical data they seek after they compromise a target.
Moreover, threat signatures are gradually becoming a thing of the past. “The most significant change in the cyberthreat landscape is the rise of point-and-click exploit kits,” says Dr. Anup Ghosh, founder and CEO of cybersecurity firm Invincea. These exploit kits enable attackers to create unique signatures for each attack. “This approach breaks most traditional security systems because the products haven’t seen the attack before in order to detect it,” explains Ghosh, who’s done a stint as cybersecurity expert at the Defense Advanced Research Projects Agency (DARPA).
“Current cybersecurity solutions leave a wide gap in coverage,” says Doug Clare, vice president for cyber security solutions at analytics software company FICO. “It’s like having a burglar alarm that doesn’t go off until after the burglar’s done his work, left the premises and crossed the county line.