The Future Has Arrived: Defining Preemptive Data Security

Cybercrime and cybersecurity are in a constant arms race. Over the years, attackers and defenders have  escalated their battle with new methods and technologies, each vying for an advantage. We are now at the precipice of cybercrime’s most dangerous evolution, which has the potential to deliver a knockout blow—Artificial intelligence (AI) models designed without safeguards, or so-called Dark AI, are supercharging attackers’ capabilities. These Dark AI models are on the cusp of running sophisticated attacks that can easily bypass existing security tools, an eventuality for which most of the cybersecurity community isn’t prepared.

In recognition of this growing threat, Gartner released research detailing a new category of cybersecurity, defined by its ability to prevent threats before they execute, adapt to new threats, and scale to the size and speed required by governments and enterprises. Gartner calls this new category Preemptive Cybersecurity and predicts that it will be an operational requirement by the early 2030s, releasing broad definitions of what preemptive solutions entail.

This blog goes further and defines the key tenets and requirements of Preemptive Data Security, a specific implementation of Preemptive Cybersecurity. A true preemptive data security solution must have all of these qualities:

Effective Unknown Threat Identification

Definition: The ability to determine the malicious nature of a file by its intrinsic behaviors and characteristics, not by pattern matching against a database of known threats. 

Preemptive data security relies on several unique functions operating together to be effective. Most importantly, a preemptive solution requires the ability to identify unknown and zero-day threats.

Unknown threat identification matters because Dark AI tools are complicating how attacks unfold. In a paradigm shift that will rock much of the cybersecurity industry, malware is now being written in minutes and permuted in just seconds alongside more effective obfuscation strategies. Non-adaptive defenses that rely on signatures, CVEs, and threat feeds to remain effective will be fighting blind as their efficacy craters.

To combat this shift, preemptive solutions need to be able to autonomously and intelligently identify never-before-seen threats. New attacks are unfolding with alarming speed, overwhelming legacy cybersecurity tools that lack the ability to defend against novel threats. Defenses need to be smarter.

Real-Time Zero-Day Prevention

Definition: The ability to recognize never-before-seen or encountered files as malicious and automatically quarantine or delete them pre-execution, without disrupting the flow of data through an organization.

Alongside unknown and zero-day threat identification is the ability to prevent threats before they execute. That means that the identification process must be completed before a file is written to disk or uploaded to the cloud—and the solution must be capable of quarantining or deleting files instantaneously. Merely seeing a threat coming isn’t enough to prevent it. The preemptive solutions of the future will have the autonomy to make real-time decisions and protect organizations seamlessly.

Because Dark AI is making attacks easier to launch and reinforce, the volume will continue to grow. Effective defenses require a solution that can match the increased volume, identifying malicious files and automatically preventing them from breaching their targets.

Real-Time Insights and Explainability

Definition: The ability to scan malicious files and provide, in moments, a detailed readout of the characteristics of the planned attack, including capabilities, obfuscation methods, and any other available information.

Detection and response only solves part of the problem. SOC teams must understand more than just the how, but the why. They are already overwhelmed by the scale of daily alerts, with 56% of SecOps teams reporting an increase in stress YoY. Increased attacks generated by Dark AI are only worsening the problem. SOC teams are still responsible for investigating incoming attacks and determining as much as possible about them. Merely preventing attacks doesn’t help them understand the big picture, which can leave them vulnerable to future attacks. Empowering human security teams requires real-time insights and explainability into why an attack was prevented and which vulnerabilities it sought to exploit.

Enterprise Speed & Scalability

Definition: The ability to seamlessly adapt to growing asset and data estates, including additional endpoints, configurations, and storage methods, without incurring speed-based bottlenecks or introducing unsustainable infrastructure growth.

The amount of data produced and stored by organizations is exploding. Nearly every device is now connected in some way or another. Assets that form vast IoT networks are becoming more commonplace, while portals that exist outside of organizational perimeters make it easier than ever for customers and clients to upload data and communicate. With these advances comes additional vulnerabilities; weaknesses that criminals target using new methods that bypass traditional endpoint protection.

Preemptive data security solutions must be able to adapt to expanding data ingestion, communication, and storage capabilities to ensure that organizations can operate and grow without introducing new vulnerabilities. This necessitates the use of streamlined models that can quickly scan every incoming file and be easily implemented into a growing infrastructure. Ease and flexibility of implementation are essential, and must be further enabled by future-proofed AI models that help to avoid the accumulation of technical debt or entrenchment.

Defense Across the Entire Data Estate

Definition: The ability to prevent threats wherever they are encountered in a data estate, whether at the endpoint, in applications, or in NAS or cloud storage repositories.

Preemptive solutions need to work across an organization’s entire data estate to provide comprehensive, unified protection. Many of the same reasons that make scalability and speed a requirement also apply to the need for whole-estate data protection. Additional connection points, growing storage, larger device fleets, and portals all need to be visible and protected from incoming malicious files.

Flexible, unified solutions as part of a defense-in-depth strategy allow for more comprehensive, layered data protection. Integrating into different aspects of the data estate and adapting to incoming threats is an important capability for preemptive solutions because the scope of cyberattacks has expanded dramatically. Single-point solutions like EDRs may be suitable for protecting their small domain, but the reality is that the attack surface has expanded well beyond their scope.

Purpose-Built Deep Learning Framework

Definition: Deep learning is the most advanced form of artificial intelligence. A purpose-built deep learning framework is trained on millions to billions of data points to teach it to recognize threats faster and more accurately than any other solution on the market today.

Bringing together all the tenets above requires a deep learning (DL) framework. Machine learning (ML) frameworks are too brittle and myopic to provide any of the required capabilities, especially as they grow in complexity. They fall especially short of preventing unknown threats.

The power of DL stems from its ability to continuously learn and adapt, making autonomous connections as it encounters more data. In turn, it grows in efficacy against unknown and zero-day threats over time and can be integrated across data estates. Additionally, the speed with which DL models can ‘think’ and make decisions far surpasses the speed of ML and analog models, which, in the case of cybersecurity, allows it to scan files at much greater speed and volume with a much smaller footprint.

And, because DL models don’t rely on comparative analysis to determine if a file is malicious, they can explain why files are quarantined or prevented. Utilized alongside a generative AI model that can translate results into plain language, true explainability can be achieved, augmenting human teams and speeding the investigation and remediation process while reducing burnout.

Next Steps

DL models don’t grow on trees. In fact, there are only around a dozen publicly known DL frameworks in the world—and 11 have nothing to do with cybersecurity. Deep Instinct’s DSX Brain is the only purpose-built deep learning framework for cybersecurity and the only solution positioned to meet the present and future needs of organizations looking to implement preemptive data security in their environments.

Cybercrime isn’t waiting for defenders to catch up. When AI saturation happens (sooner rather than later), traditional defenses are going to collapse. The legacy players in the cybersecurity space have not built the technological foundation necessary to transition to preemptive security. Training models that can prevent threats require a huge investment in AI researchers, hardware, data, and time. Unfortunately, time is the rarest commodity on that list.

Deep Instinct is built to fight the future. We provide better security with better AI. We fight Dark AI with better AI. And we are capable of providing the capabilities that comprise a true preemptive data security solution today.

Try Deep Instinct now; request your free scan. Put us to the test.