22 Oct Risk Hunting Is The Next Generation In Cybersecurity
Leveraging artificial intelligence and machine learning
Northport, N.Y. – Oct. 22, 2020
“CISOs have an impossible job,” says Dan Singer, founder and CEO of Digitalware, Inc. “Most CISOs can’t answer what their security risks are in the current threat landscape, how to reduce overall risks, and how to handle them.”
It is a gloomy forecast for CISOs and security folks.
The dark truth is both CISOs and security practitioners are ill-equipped with despaired tools that produce overwhelming amounts of disaggregated data they must cross-reference and prioritize — making it nearly impossible to digest and render actionable intelligence.
“It’s like piloting a submarine,” says Rob Bathurst, CTO at Digitalware. “You’ve got all these tools and billions of dollars of sensors, and everything is telling you what is going on, but you don’t really know what you’re up against outside.”
Not only does this complicate the CISO’s duty to communicate business and cyber risks to key decision-makers in the organization, but it also puts security teams in a vulnerable stance as they blindly slug it out with adversaries in the trenches.
Cybercrime TV: CISOs Have An Epiphany
Dan Singer and Rob Bathurst usher in the idea of Risk Hunting
The attack surface is too big for ill-equipped CISOs and security teams to conquer. Threats are shooting into businesses from existing and new vulnerabilities, infinite attack vectors and surfaces, dynamically changing public cloud platforms, and other exploitable gateways.
If businesses can’t determine their risk profile — “Then it’s game over,” says Singer.
It’s time to cast light on the attack surface.
We can no longer afford to blindly fight cyber foes. We’ve got to leverage tools that enable us to quantify and understand the data and scale our security posture to beat evolving threats.
To know the foe, we must understand its mind — what motivates it to act nefariously. Then we must break down the crime to understand its methods. Forensic psychiatrists and scientists are traditionally the go-to experts for profiling criminals and reconstructing their crimes.
But in cybersecurity, we neither have the luxury of time to postmortemly reconstruct cybercrimes, nor are we privy to banter with the likes of Dr. Hannibal Lecter to gain insight on the psychology of cybercriminals.
Fortunately, we can leverage artificial intelligence and machine learning to understand the mindset and methodology of our security folks and the attacker, which is proving to render insight on both business and cyber risks. This is precisely what Digitalware is doing with its groundbreaking Epiphany Intelligence Platform.
Epiphany uses contextual data to analyze how offensive security people solve the perplexing riddle of attack vectors, and reveals where the attacker is likely to plant its foothold in our environment, the attacker’s ultimate target (server, etc.), the prize (sensitive data), and the prize value (ransom demands, etc.).
Using this data, the platform then builds models of the strengths and weaknesses for both the defender and attacker based on programmed constraints, and consequently reveals the attacker’s potential to breach a target and steal its prize based on those pre-trained risk conditions and the attacker’s capability.
“We enhance that with threat intelligence on the attacker’s perspective across the world,” says Bathurst. “Then we use our own risk intelligence capability to take threat conditions that appeared in the wild — the zero days or whatever — and break down the combination of factors required for the attacker to gain a foothold and how it transitions through the data set to reach its prize target.”
By using contextual data models to understand the attacker, we can identify tactical and strategic risks inside the organization, and determine what those risks mean to the business as a whole — potentially stomping the attacker’s ability to get its foot in the door.
But is this really the holy grail of risk hunting?
Sorry, CISOs. There is no such thing in cybersecurity, according to Singer.
But he and Bathurst believe Epiphany simplifies the complex data problem that security practitioners are up against.
Not only does Epiphany cast light on the attack surface and tap our adversary’s mind, but it also provides actionable intelligence that enables CISOs to reduce and communicate risks across the organization, from the board to executive leadership teams to the trenches and back again.
Sounds complicated? Bathurst calls Epiphany the Apple model for cybersecurity. If you get behind its dashboard, then tell us what you think.
– Eli Kirtman is a freelance writer based in Cincinnati, Ohio.