Blue Robin Cyber Security Experts

We Must Use Machines For Cyber Defense & Protection 

02-10-19 1:56 PM By Hadi Shavarini

Machine Learning - The Only Way To Deliver A Protection & CyberSecurity Solution For The "Unknown" Threats! 

Once upon a time, to protect the castle, they used to dig a deep, wide ditch around it and fill it with water- aka the moat.   This was the defense system against attacks to protect the entrance and exits of the castle.  Nowadays, the Cyberspace infrastructure of the castle (the corporate Network) is a borderless, non-contained collection of employees, contractors, partners, clients, portals, gateways, IP addresses, email threads with attachments, contact lists as deep as the Cyberspace itself, on & on – all connected and used on multiple devices from anywhere, any time, externally and within the secure boundaries of the corporate network. 

To deal with this ever-so-rapidly changing threat landscape, and to manage the out-of-corportate-control expansion of entrances and exits to the castle, the IT organizations of every size have realized that they need more than a managed firewall, and anti malware/virus software. They need a smart Cyberspace defense system to keep the Castle from falling into the hands of the unknown attackers 24x7x365. 

You see, in the castle days, when an attack came, the castle keepers knew in advance who the attackers are, and could see them from afar before they even got close to the castle.  This allowed them to prepare, and to some extent defend the castle.   This is exactly how most of the current cybersecurity systems are built to function - defend against "known" threats.  This is what is called "definition"-based cybersecurity system.  

Most (if not all) of the cyberspace defense products in use today, are not designed to deal with the new generation of targeted attacks that are sophisticated, and carefully-crafted in nature.   While the current cybersecurity tools (like anti virus, anti phishing, etc) are still useful and needed to deal with the vast majority of “known” threats, they lack the machine intelligence to identify, detect and defend against  the smaller number of  “advanced” attacks.  The new waive of attacks originate from the "inside" of the network, undetected, without warning , and can evade all of the perimeter defenses.  

These "inside attacks" are "unknown bad" , which means there are no “signatures” or "definitions" to match with and to fire up a command of actions to stop the attack.  If not detected on time (or better yet in real-time),  the safety of the castle will for sure be compromised.  

The IT administrators must build a cybersecurity defense system that protects the corporate network and the web/cloud infrastructures agains the "unknown" cyber attacks.  They must utilize the machine learning technology to get ahead of cyberspace hackers.  It is time for our IT admins to think like hackers do.