Cybersecurity teams have always had to adapt to new attack methods and change the tools they use to better suit the organization’s processes. A prime example of adapting to ways of working is the increased preponderance of cloud-based enterprise services and applications. If most business work is done on web-based SaaS platforms, perimeter-based cybersecurity protection is losing importance and CISOs are starting to look at zero-trust frameworks cloud-based, for example.
Likewise, as more businesses move their workflows to Google Suite or Office 365, the secure email gateway that protected the email server and on-premises clients is being put on the back burner in favor of ICES solutions. (built-in cloud email security).
At the same time, agent-based endpoint protection that uses heuristic analysis or rule-based algorithms with push/pull updates proves more ineffective against very, very smart phishing attacks that exploit weaknesses in the “biological interface” of each device. Educating users about online hygiene can play a part in solving this problem, but even seasoned cybersecurity veterans reading these pages will know that they too have, in a moment of inattention, clicked on the strange suspicious link.
To stay ahead of the money-making machine that is hacking, cybersecurity professionals are turning to several tools that block attack vectors and use a new generation of products that use algorithms learning tools to help report anomalies more efficiently.
A problem inherent in any area of nascent technology is that AI or ML is more often “deployed” by marketing departments than it is hard-coded into applications or services. The “powered by AI” badge should always be taken with a grain of salt. Fortunately, cybersecurity is one area where machine learning can prove effective and isn’t subject to wild claims about its abilities. Or, at least, much less likely to be the subject of this type of claim.
Packet-level traffic inspection, for example, can form a consistent training corpus for ML algorithms, especially when accompanied by predefined sets of statistically reliable data that describe “typical” network activity. .
In predictive analytics, machine learning is known to be less effective: the cybersecurity vendor that can predict the nature of the next big zero-day attack and prevent it will certainly switch products.
But back to the biggest source of cybersecurity headaches and the source of the most successful attacks: human error. Massive ransomware attacks have made too many headlines over the past twelve months as phishing emails have become more sophisticated. There is even evidence that the investment of time and energy that hackers put into personalized hand-written emails is a worthy business for criminals. Against motivated attackers, can machine learning help prevent phishing emails from reaching their targets?
A few weeks ago we spoke with Eyal Benishti, the CEO of IRONSCALES, precisely about this subject. Its platform’s tight integration with Office 365 means end users have seamless protection in their work environment, and security teams deploy IRONSCALES with just a few clicks. The basis of the machine learning algorithms that the platform uses are well presented by the company’s technical lead for ML in this blog post (warning: contains uncensored code samples: beware of uncensored data scientists), but empirically shows that ML can be designed to be effective on phishing emails.
To save readers an afternoon spent researching the blog post’s statistical and programming methods, here’s a quick rundown: IRONSCALES algorithms first identify emails that are anomalous, then categorize those that are suspects. Unfortunately, due to the correlation between spam senders and phishing senders, often the same people and facilities, an additional layer of textual analysis takes place on message bodies that can safely predict whether an email offers fake Rolexes or something much smarter.
But perhaps the final nail in the ML skeptic’s coffin should be IRONSCALES’ open admission that its platform (and by inference, all other cybersecurity platforms) cannot offer. such protection. User training and education still plays a critical role for that last percentage or less of malware that will slip through any defenses a company can erect. As you might expect, IRONSCALES offers training to all of its customers, alongside its cybersecurity software solutions and an active user community that propagates profiles of the threats it receives.
In an age when we can buy “AI-powered” fridges, it’s refreshing to find a cybersecurity company happy to prove their interest in improving threat detection. We suggest reading the blog post (linked again here), and if it’s too opaque, you can contact IRONSCALES here: they also specialize in human interaction.