Cybersecurity products used to be all about control points, hence the rise of antivirus products. The need to have visibility across the entire network eventually arose, prompting the release of solutions catering to such ends.
But what about threats that are invisible, or have yet to come? Is there really a way to be one step, or even two, three steps ahead of bad actors?
To decode the matter, Frontier Enterprise spoke with Shishir Singh, Executive Vice President and Chief Technology Officer of BlackBerry Cyber Security.
While a lot of organisations have some sort of security solution deployed to counter most cyberattacks, the problem usually arises when faced with complex threats.
“When it comes to complex attacks, those threats are actually mutating all the time. Signatures (i.e., a pattern associated with a malicious attack) started becoming obsolete. There was a need to make sure that you create something which is much more effective than just having a signature,” Singh observed.
“The question is, how are we going to detect (such attacks)? The intent is to understand the behaviour of the malware, the mutation of the malware, how it is changing— and pick those things,” he continued.
According to the CTO, advanced technology is needed to answer the growing sophistication of cyberattacks.
“I would say we are on the cusp of digital transformation with the multi-cloud environment adoption. Because if you look at it, US, Europe, APAC— you could say one region was lagging behind the other because the world is not flat. Now the web is flat. Whatever you do in the US, you can do exactly the same thing in Singapore,” Singh said.
AI on the front lines
In terms of security posture, enterprises either have very few solutions to cover every kind of threat, or too many products that are too taxing to manage.
Then there’s the alert fatigue, which besieges organisations that haven’t embraced automation yet.
“There are so many alerts happening in customers’ environment, that it is humanly impossible to just get a handle of the whole situation. At some point, you have to automate it. And I would say, with all these algorithms out there, this is a perfect time for us to do it. If we are not doing it (automation), something is not right,” Singh remarked.
To respond to advanced threats, BlackBerry’s Cylance AI solution leverages artificial intelligence and machine learning to identify and prevent malware.
But how exactly does the company make use of such technology against cyberthreats? To begin with, the CTO enumerated four interconnected components:
- AI
- ML
- Neural networks
- Deep learning
Meanwhile, neural networks are composed of four parts:
- Input
- Weight
- Threshold
- Output
“The neural network is about understanding the relations between the data, so that a set of algorithms can train like a human brain, or how a human brain thinks about it, and come up with a solution or outcome,” Singh explained.
Meanwhile, deep learning, he added, is understanding based on certain thresholds, and how the thresholds can dynamically vary in order to focus on one problem, and finding a solution to that problem.
Diving deeper, Singh detailed how AI, ML, neural networks, and deep learning are utilised to strengthen an organisation’s defences.
“The first part of this puzzle is to get all the data in one place; that’s what I call a unified data lake architecture. We need to have the right architecture, where we can bring all these control points of the sensors, of the telemetry, so that we can analyse the data,” he said.
Meanwhile, the second part rests on having the right AI tools.
“The data in, is inexpensive. You can bring all the data in, and it doesn’t cost you much. But when you take the data out, that’s where you pay big money. You have to bring the AI tools and all the algorithms closer to the data,” the CTO noted.
For the third part, a differentiation between AI and neural networks takes place.
“The third part is creating the playbook, or training the human brain. You can have one senior analyst or the SOC (security operations centre) analyst who’s fantastic. But you can’t have many of those guys. So, how do we make sure I take his brain and replicate (it) into any other people? That’s what we talked about, the neural network— create that playbook, and automate, so that a junior analyst can take a weak signal, and based on the playbook, he can act as if he’s the most senior person giving you the outcome,” Singh clarified.
“The last part of the puzzle is, you have to make it easy for customers. Focus on the managed outcomes. Customers are looking for, ‘Okay, how many incidents have I got? How many threats have you stopped? What was the mean time to repair, what was the mean time for you to discover that I was impacted?’ And we have to manage efficiency, (by) making sure that we get 10 out of 10 (of threats). We can’t miss any of those incidents,” he said.
Changing the customer mindset
From what Singh has observed with most clients, the multitude of security solutions stacked one on top of the other is taking its toll, and businesses are growing weary.
“It’s not just about the endpoint. It’s also about the network, and it’s also about the cloud. You need to have the complete picture. Otherwise, you’re missing one side of the whole story,” he said.
“I talked to a lot of people, even for the high end of the enterprise. They get too many alerts, and that basically, they are just dropping a lot of the alerts, because they just can’t handle them, because they don’t have that many cybersecurity professionals who can understand (and respond to) the threat,” the CTO added.
As such, Singh suggested that businesses adopt extended detection and response (or XDR) to address these security flaws.
“I would say that the managed XDR is the right way of solving this problem, because customers, especially for the SMB market, should do what they’re good at. They should not be spending time (fending off cyberthreats). It’s not their core business,” he concluded.
