Risk Hunting. PHOTO: Cybercrime Magazine.

Risk Hunting Is The Next Generation In Cybersecurity

Leveraging artificial intelligence and machine learning

Eli Kirtman

Northport, N.Y. – Oct. 22, 2020

“CISOs have an impossible job,” says Dan Singer, founder and CEO of Digitalware, Inc. “Most CISOs can’t answer what their security risks are in the current threat landscape, how to reduce overall risks, and how to handle them.”

It is a gloomy forecast for CISOs and security folks.

The dark truth is both CISOs and security practitioners are ill-equipped with despaired tools that produce overwhelming amounts of disaggregated data they must cross-reference and prioritize — making it nearly impossible to digest and render actionable intelligence.

Imagine sifting through the estimated 111 billion lines of new software code every year, or hunting for risks in the 100 zettabytes of data predicted to live in the cloud by 2025.

“It’s like piloting a submarine,” says Rob Bathurst, CTO at Digitalware. “You’ve got all these tools and billions of dollars of sensors, and everything is telling you what is going on, but you don’t really know what you’re up against outside.”

Not only does this complicate the CISO’s duty to communicate business and cyber risks to key decision-makers in the organization, but it also puts security teams in a vulnerable stance as they blindly slug it out with adversaries in the trenches.

Cybercrime TV: CISOs Have An Epiphany

Dan Singer and Rob Bathurst usher in the idea of Risk Hunting

The attack surface is too big for ill-equipped CISOs and security teams to conquer. Threats are shooting into businesses from existing and new vulnerabilities, infinite attack vectors and surfaces, dynamically changing public cloud platforms, and other exploitable gateways.

Adversaries will strike businesses with ransomware every 11 seconds, and newly reported zero-day exploits will hit one per day by next year, according to Cybersecurity Ventures.

If businesses can’t determine their risk profile — “Then it’s game over,” says Singer.

As the cry for help echoes around the entire planet, we can expect to fork out $20 billion in ransom demands and $6 trillion annually for cybercrime damages by 2021.

It’s time to cast light on the attack surface.

We can no longer afford to blindly fight cyber foes. We’ve got to leverage tools that enable us to quantify and understand the data and scale our security posture to beat evolving threats.

To know the foe, we must understand its mind — what motivates it to act nefariously. Then we must break down the crime to understand its methods. Forensic psychiatrists and scientists are traditionally the go-to experts for profiling criminals and reconstructing their crimes.

But in cybersecurity, we neither have the luxury of time to postmortemly reconstruct cybercrimes, nor are we privy to banter with the likes of Dr. Hannibal Lecter to gain insight on the psychology of cybercriminals.

Fortunately, we can leverage artificial intelligence and machine learning to understand the mindset and methodology of our security folks and the attacker, which is proving to render insight on both business and cyber risks. This is precisely what Digitalware is doing with its groundbreaking Epiphany Intelligence Platform.

Epiphany uses contextual data to analyze how offensive security people solve the perplexing riddle of attack vectors, and reveals where the attacker is likely to plant its foothold in our environment, the attacker’s ultimate target (server, etc.), the prize (sensitive data), and the prize value (ransom demands, etc.).

Using this data, the platform then builds models of the strengths and weaknesses for both the defender and attacker based on programmed constraints, and consequently reveals the attacker’s potential to breach a target and steal its prize based on those pre-trained risk conditions and the attacker’s capability.

“We enhance that with threat intelligence on the attacker’s perspective across the world,” says Bathurst. “Then we use our own risk intelligence capability to take threat conditions that appeared in the wild — the zero days or whatever — and break down the combination of factors required for the attacker to gain a foothold and how it transitions through the data set to reach its prize target.”

By using contextual data models to understand the attacker, we can identify tactical and strategic risks inside the organization, and determine what those risks mean to the business as a whole — potentially stomping the attacker’s ability to get its foot in the door.  

But is this really the holy grail of risk hunting?

Sorry, CISOs. There is no such thing in cybersecurity, according to Singer.

But he and Bathurst believe Epiphany simplifies the complex data problem that security practitioners are up against.

Not only does Epiphany cast light on the attack surface and tap our adversary’s mind, but it also provides actionable intelligence that enables CISOs to reduce and communicate risks across the organization, from the board to executive leadership teams to the trenches and back again.

Sounds complicated? Bathurst calls Epiphany the Apple model for cybersecurity. If you get behind its dashboard, then tell us what you think.

Eli Kirtman is a freelance writer based in Cincinnati, Ohio.