Legacy Solutions Have Become a Cyber Defense Problem

Legacy Solutions Have Become a Cyber Defense Problem

The cyber defense community is at a crossroads that is magnified by cyber criminals’ adoption of AI and ransomware-as-a-service. With year-after-year of the IBM Cost of Data Breach report showing the time to discover and contain a breach hovering around 200 days, it’s obvious that AI and ransomware-as-a-service is not fully responsible for current situation. They’ve made a bad situation worse but aren’t solely responsible.

With millions of dollars being invested in cyber security platforms, it’s reasonable to ask why is so much still getting through and not being found. The best way to find the answer is to examine the problem: what is the common thread among both breaches and internal threats? People. While this is the undisputed answer, legacy security solutions focus instead on increasingly problematic substitutes, particularly credential.

When organizations manage access via credentials alone, they must accept that they’re taking a calculated risk. If you doubt it, only look at the brute force attack that hit 2.8 million IP addresses daily from January and February of this year. It overwhelmed systems with millions of attempts to login with automated user and password combinations. This attack hit major security vendors, including Palo Alto Networks and SonicWall. Attempting to use security providers as the attack vector isn’t new, but it is increasing.

While pairing credentials with MFA is a security posture improvement, MFA introduces its own set of security issues. We’ve seen it be leveraged by cyber criminals, who have resent credentials to grant themselves broader access and authorization. Just as it is sometimes forgotten that a credential is not a person, it should also be remembered that MFA is verifying a device at a specific point in time. There is no guarantee that the person holding the device is who you expect it to be. The credential and MFA combination model has been put to the test and failed when applied to hybrid, remote, and offshore teams.

Modern security practices diverge from legacy solutions in several critical areas. While legacy solutions focus on managing a process or understanding how an exploitation was possible. They attempt to work within existing or expected workflows. This approach of making a newer version of an approach that isn’t working is doomed to fail. When legacy solutions introduce changes, they are often at the expense of the end user, in the form of additional friction in their processes. We’ve repeatedly seen that as friction is introduced, adherence to security protocols decreases. Making access cumbersome doesn’t equal a more secure organization.

Modern security shifts from the credential-MFA model to a comprehensive understanding of who is doing what. Through the use of ML and AI, real-time person-based modeling at scale is possible in a way that wasn’t even a few years ago. AI-enhanced behavioral-based analysis enables securities to identify when behavior, at a person-level, doesn’t match what is expected. Obvious initial questions include: Is this person access from a different region? OR Are they using a machine they haven’t used before? By adding AI-enabled behavioral analysis, signals may be added to address human-centric characteristics. With this important addition, false positive rates fall dramatically while real-time detection and response are added.

When considering modern security, it is not enough to send alerts if a potential anomaly is detected. SOC analysts, security engineers, and CISOs report alert fatigue. Increasing alerts without providing context increases noise and anxiety, does little to truly help the situation. Context is king! Instead of sending an alert indicating there is something odd with an account and should be checked, security solutions need to provide a deeper understanding of who is the person acting and what are they attempting to accomplish.

What modern security enables that legacy solutions struggle with is delivering real-time understanding of which person is actively engaged in malicious behavior.

About the Author

In prior executive leadership roles, Mimoto CEO & Co-founder Kris Bondi made a name for herself as a category creator and GTM strategist that significantly increased adoption and positioned companies. She contributed to seven acquisitions and two IPO filings. She’s best known for making the “serverless” a movement and a category.

Kris is a pioneer in applying AI to real-world problems. As CMO of Neura, an Israel-based AI company, Kris championed the concept of products proactively interacting with people. This prior experience with a neural network of digital doubles has enabled her to determine where Mimoto’s groundbreaking technology can immediately address an organization’s most critical internal security gaps, as well as envision the company’s future use cases.

Among her career highlights is as a stringer for the Harrisburg Patriot covering Nelson Mandela’s first speech in the United States.

Kris can be reached online at https://www.linkedin.com/in/krisbondi/ and at Mimoto’s company website https://www.mimoto.ai/


Source link