SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image
Cyber security innovation has stagnated, and we need a new approach
Wed, 1st Jun 2022
FYI, this story is more than a year old

It is often said that the definition of insanity is doing the same thing over and over again and expecting a different result. If that is the case, the cyber security community suffers from collective insanity. In its efforts to protect IT systems and the organisations that use these systems from cyber attacks, the cyber security community has been taking the same approach: offering solutions that are slight improvements on, but not radically different from previous ones.

With each new product or supposed innovation, the industry has promised much but delivered little. The only way to remedy the situation is to adopt a radically different approach.

Today, software runs the world

Let's look at where we are today with software. It's ubiquitous, underpinning almost everything we do: how we buy things, how we work, how we communicate; how we entertain ourselves. It processes and holds our personal data, our payment details, and much more.

All these ways in which we rely on software present endless opportunities for attack. To make matters worse, the number and severity of those opportunities exploded with the onset of COVID-19. Many people started working remotely, and the attack surface increased exponentially. More importantly, so did the number of "lucrative" targets because sensitive company data was suddenly being accessed by remote workers no longer "protected" by their corporate networks.

Unsurprisingly, the COVID-19-driven explosion in connectivity produced an explosion in cyber-criminal activity. The criminals quickly developed new tools and techniques to exploit vulnerabilities and penetrate defences, and they were very successful.

Today's approaches are not working

The cyber security community has tried to respond as quickly as possible to these threats by ramping up investments in traditional tools like EPP and EDR tools and more advanced behavioural tools, to try and identify and block threats faster. However, these approaches only work for known threats, and we are still experiencing significant dwell times before these attacks are even detected, let alone responded to and remediated.

Some of these traditional tools now employ machine learning algorithms to try and pick out malicious activity, but they also produce many false positives. Furthermore, many minutes, hours and days can pass following an attack before an alarm is raised, by which time the damage is most likely done. This is of little help when malicious software can inflict damage in milliseconds.

Also, these tools are labour intensive. They require continuous tweaking and updating by experts. Cyber security skills were already in short supply before COVID-19. Not only did the pandemic ramp up demand for cybersecurity skills, but infections and quarantine requirements also reduced personnel availability. Today, some 60% of IT security professionals claim to be short-staffed.

Traditional tools also epitomise the paradigm of cyber security that has prevailed for years: detect a threat, respond and remediate. While these tools attempt to spot malicious activity before it can cause damage, they are never 100% successful because they rely on learning from previous successful attacks to anticipate how future attacks will play out.

The obvious problem here is that they require prior knowledge of an attack in order to provide effective protection, similar to the way vaccines learn to protect against a particular virus. This also means they frequently miss any unknown threats that target them, giving an adversary plenty of time to wreak havoc on an IT system before the alarm is raised.

Taking a new and better approach: protecting IT systems from the inside out

Every cyber-attack has one thing in common: code; whereby all attacks are executed by planting malicious code. So, if we focus on the code specifically and not the attacker, we have a better chance of blocking any cyber-attack. This is software protection from the inside out. It represents a brand-new approach to cyber security, which is different from the age-old notion of protecting the perimeter of an IT network and keeping attackers out of it.

So how do we protect from the inside out? Enter 'Deterministic' security tools. 'Deterministic' tools can analyse every piece of software an organisation has running on its network and determine precisely how each one should behave (and what its code should look like). If these tools detect any deviation from the norm, they immediately block execution. Deterministic tools do not rely on any prior knowledge of the threat. They don't require threat clouds, long learning periods or regular tuning and updates to be "secure". Nor do they notify an organisation after it's too late. These tools stop attackers from planting malicious code in real-time before they've had the chance to install malware or exfiltrate data.

Businesses are using an ever-increasing number of software applications; in-house developed applications, cloud-deployed applications, open source applications, third-party applications and more.

By focussing only on how software should be running and stopping it when it does something different, deterministic protection provides 100% protection against all known and unknown threats.