As originally published in Forbes Technology Council.
For many working in the cybersecurity industry, efficient prevention is considered a chimera. As the CEO of a leading cybersecurity vendor, I don’t make this statement lightly; it’s a perception that I challenge almost every day.
A report commissioned by my company and conducted by the Ponemon Institute confirms that an astounding, but then not surprising, 76% of cybersecurity professionals surveyed believed that their organization focuses on detection because prevention is simply too challenging to achieve.
And yet the reason why I challenge the perception is that 70% of respondents intuitively know that being able to prevent cyberattacks would strengthen their organization’s security posture.
These findings validate what our experience has taught us time and again: Addressing cyber threats at the prevention stage costs organizations significantly less than addressing them later on.
This can be determined by analyzing the costs associated with every stage of the cybersecurity lifecycle:
• Prevention: Stopping attacks pre-execution, before any processes are running
• Detection: Identifying a malicious process at work on a machine or the network
• Containment: Limiting and stopping the spread of an existing cyberattack
• Recovery: Restoring the network and assets to their pre-attack state
• Remediation: Revising and enhancing the cybersecurity framework to prevent future threats
All in all, the deeper into the cybersecurity lifecycle a threat gets, the more expensive it becomes.
After our study was conducted, researchers found that the cost to prevent a phishing attack is only 18% of the total average cost of a phishing attack by the lifecycle’s end. Confirming the efficacy of prevention was another study that looked into security training programs. This study found that preventative techniques such as providing employees with comprehensive and continuous employee training programs could reduce phishing email click rates by 64%.
Cybersecurity professionals operate under a dichotomy. They logically know that prevention would strengthen their organization’s security posture, but so many believe prevention, at an effective level, can’t be achieved.
According to the survey conducted by Ponneman Institue on behalf of my company, when researchers asked what made a preventative approach unworkable, the top four reasons all pointed to a combination of ineffective tools and personnel:
• 63% said it takes too long to identify a cyberattack.
• 59% said technologies are outdated or insufficient.
• 55% said they lack the in-house expertise.
• 49% said false positive rates are too high.
Perhaps unintentionally, the employee workforce tends to undermine cybersecurity prevention controls in a number of different ways. According to SailPoint’s Market Pulse survey that sought to define enterprise challenges between security and efficiency, they found employees’ misuse of passwords undermine preventative security controls, along with taking rogue steps that violate cybersecurity procedures to get their work done more expediently.
A preventative tool that could dramatically minimize these obstacles could help an organization realize a more powerful security framework and considerable savings.
A prevention-focused tool should have three of these essential functions: prevent attacks in real-time, minimize false positives and prevent zero-day attacks.
All of these capabilities underscore the critical need to predict accurately and fast. The effectiveness of a preventative tool lies in its ability to predict future attacks with dependable reliability and rapid speed. The outcome of strong prediction capabilities makes it possible to:
• Prevent attacks in real-time. You don’t need a file to run in order to determine its status.
• False positives are minimized. Prediction methods are based on reliable and accurate formulas.
• Zero-day attacks can be prevented. Prediction methods should be able to extrapolate to novel, never-seen-before threats.
Without strong predictive capabilities, these sought-after benefits are harder, if not impossible, to achieve.
Effective prediction capabilities can be achieved by using deep learning technology — an advanced subset of AI. A deep learning tool analyzes 100% of raw data autonomously. Unlike AV tools, it can do more than identify known malicious threats or even characteristics of features, as you will find with most next-gen tools. It assesses all the available data and then conducts hierarchical abstractions to identify and predict new threats.
This ability to process information abstractly mimics how humans learn. For example, an art expert can recognize paintings by Picasso without being told. After repeated exposure, the artist recognizes elements such as subject, composition, color, line and texture to correctly identify a Picasso work they’ve never seen before. Deep learning works similarly, but more efficiently and accurately than humans.
To evaluate whether your companies require a deep learning-based cybersecurity solution, here are some important questions to consider:
1. Do you need to upscale your prevention capability? The prediction capability of deep learning is designed to make prevention tools less porous.
2. Is your security posture rigorous enough to prevent unknown, never-seen-before threats? The prediction accuracy of deep learning is able to determine the malicious status of even zero-day threats.
3. How important is it that your security works in real-time? Deep learning algorithms can inspect files statically, as they appear or move on disk, automatically removing any file deemed malicious.
4. Are you looking to reduce the number of security tools in your stack? Deep learning algorithms are input-agnostic and can be easily adapted to many different environments, avoiding the need to have one product for every different OS, device or threat entering your network.
Deep learning’s application to cybersecurity has enabled companies to achieve an efficient prevention-approach to cyberthreats. A tool’s ability to predict is often overlooked in favor of other practical security capabilities, but it’s the strength of accurate and fast prediction that underscores the performance of those capabilities, ultimately enabling organizations to improve their security posture as they manage their IT budgets.