13 May 2019
Cap Vista’s portfolio company, Insidersecurity and their flagship product Monitor has been featured in TechInAsia
SINGAPORE /Tech in Asia/ — If you think your network is safe, think again.
Criminal hackers are becoming increasingly savvy in their attacks – and they may not be working alone. Recent events like the Marriott data heist and the Wannacry ransomware attacks show that hackers may be part of a criminal syndicate or acting on behalf of a foreign state.
Their techniques are getting smarter with automated phishing kits, which exploit emerging technologies like artificial intelligence and machine learning.
Emerging technologies have also given more autonomy to malware. Previously, attackers needed to maintain control with compromised systems from a command-and-control station. With AI, once malware penetrates a network, it can now mimic normal user behavior and spread within the network without requiring human assistance. Even its actions can be automated based on context.
But it’s not only cyber criminals who rely on emerging technologies. Various cybersecurity players are also leveraging them to build more advanced security systems.
1. Cybersecurity behavior analytics
Cybersecurity behavior analytics leverages data analytics and machine learning to catch attackers in a compromised network before they can do any serious damage. It does this first by establishing a baseline of normal user activity using a proprietary algorithm then by hunting for abnormal activity around the clock. The sensors flag abnormal activities for further action.
Some tools are even able to stop a cyber breach in real time. One such example is Monitor, a technology first conceived by Jonathan Phua, CEO of Singaporean cybersecurity firm InsiderSecurity.
Phua founded the company in 2015 after identifying several “structural problems” that companies face.
For one, attacks often escape detection because there is too much data to sift through even for companies with large security teams: a problem that can only be tackled by using emerging technologies like big data analytics and machine learning.
Another problem is a lack of sensors in a network’s infrastructure, where “an attacker can be standing in front of you, but you’re blind and you can’t see him,” Phua describes.
“We decided to start our company, and to come out and solve these challenges,” he says.
To gain better recognition, InsiderSecurity took part in the Infocomm Media Development Authority (IMDA) of Singapore’s Accreditation@SG Digital program, where it performed a third-party evaluation of its product. Getting accredited helped InsiderSecurity gain access to clients like government agencies, sgCarMart, and Singapore College of Insurance, where it analyzes billions of network events each month.
2. Smarter antivirus software
Older antivirus programs scan computer networks at various intervals to catch malicious code, but they can only defend networks against known viruses and malware. They need humans to update them regularly. These programs simply cannot keep up with hackers who rapidly deploy intelligent bots and tools that compromise networks easily.
By leveraging machine learning, some antivirus programs are able to remove humans from the equation. One example is Avast Cybercapture, a program that lives within the Avast Free Antivirus software.
The system is capable of learning what constitutes normal code, quickly capturing suspicious files and automatically isolating them. These files are sent to Avast’s cloud-based neural networks where they are dissected and put through data analysis. Once the program determines whether the files are malicious or not, the results are sent back to the user for prompt action while the data is fed into the program’s algorithms. This way, Avast users are always protected from the latest threats.
3. Machine learning-driven firewalls
Traditional firewalls act on a single layer of parameters and depend on previously observed threats to detect suspicious files. However, these firewalls tend to create false positives as they flag even benign files as suspicious, requiring a lot of user intervention to manually unflag them.
For large organizations, this could present a potential bottleneck that needs significant time and effort to manage. More devious hacking tools may deploy many false positives – or even a false negative – to conceal a successful breach.
However, firewalls driven by data analysis and machine learning algorithms are able to present two layers of threat detection towards incoming data. Take for instance the Fortinet Web Application Firewall.
According to its website, the first layer of the firewall “builds the mathematical model for each learned parameter and then triggers anomalies for abnormal requests. The second then verifies if the anomaly is an actual threat or if it is a benign variance.” This approach ensures that little to no human intervention is required since the firewall is able to decide for itself whether to block the incoming file or let it through with “100 percent application threat detection accuracy.”