How has the cloud changed the threat landscape?

Chuck Everette, Director of cybersecurity advocacy at Deep Instinct, spoke to Cyber Magazine about the clouds impact on cyber security

Can you tell me about Deep Instinct? 

Deep Instinct was founded in 2015 and applies end-to-end deep learning technology to cybersecurity. It means we take a radically different approach when it comes to dealing with cyberattacks by preventing and predicting them, rather than mitigating them.

Deep learning is an advanced subset of artificial intelligence (AI) and only recently came into the mainstream due to the advancements in processing power. Global tech giants such as Google, Netflix, Amazon and Tesla have now started to use deep learning to support functions such as autonomous driving, recommendation systems and image recognition.

Deep Instinct is one of only six companies to have built their own deep learning framework, with ours being the world’s first and only purpose-built deep learning framework for cybersecurity. 

Our framework is able to stop ransomware and other malware pre-execution, 750 times faster than the fastest known ransomware or malware is able to infect and cause any damage.  This is a major shift from other security vendors that traditionally use machine learning and review the actions of malicious threats after they’ve been executed and are running on an infected system.  Our deep learning brain can also go one step further by stopping unknown, and zero-day threats, with both a superior accuracy and speed compared to other endpoint protection platforms (EPP). 

What is your role and responsibilities at the company? 

I have been in the cybersecurity industry for over 20 years, and have worked at Deep Instinct since 2017. My current role is Director of Cybersecurity Advocacy. Before moving into the cybersecurity space, I worked in IT leadership and consultation roles for six of the Fortune 10 companies and several government agencies.

My responsibility at Deep Instinct is to educate different sectors including SMB, enterprises, governments and the public sector about cybersecurity and the ever-changing cyber landscape. The role has really helped ignite my passion for protecting businesses from cyber attacks. 

How has cloud migration changed the threat landscape?

The transition towards the cloud has completely changed the threat landscape. Previously, organisations could only access data and applications on-premise within the four walls of their own datacentres. However, the migration to the cloud has resulted in data and applications now being accessed and stored in multiple locations. This has given security teams the ultimate test when it comes to ensuring that all assets are protected and has resulted in even the most resilient of businesses being exposed to new threats as organisations’ attack surface expands into the cloud.

Cyber criminals are now utilising the cloud to launch attacks and they can take different forms, with attacks even starting by simply infecting a single system with an open vulnerability. Once threat actors have access to one system, which is connected to the cloud, they then have the freedom to move laterally across cloud environments and cause significant damage to an organisation’s environment.

Additionally, with organisations using cloud service providers, they are assuming the cloud service providers have robust security controls and monitoring in place.  Cloud providers that are breached could put a clients’ data or infrastructure at risk, potentially exposing other organisations to cyberattacks and incurring fines themselves. For example, Capital One were given an $80 million penalty after a cloud data breach exposed the personal information of 100 million individuals in the US and 6 million people in Canada.

As well as an increased attack surface, threat actors are using new techniques in order to bypass organisations’ defences. Cyber attackers are known to be patient and move stealthily around environments for weeks or months before executing a final, devastating attack. We are now seeing some of the biggest attacks on cloud infrastructures happening very quickly due to the ease of access into these vulnerable environments. Add to that the combination of short dwell time needed for advanced attacks and the swiftness in which ransomware can encrypt environments and we’re seeing encryption processes starting in as little as 15 seconds after executing. Unfortunately, once a machine is infected, the impact can be felt almost immediately. 

What can organisations do to protect their cloud environments against cyberattacks? 

Many organisations are content that their Endpoint Detection Response (EDR) solution can protect them, however with the development of new threats EDR is no longer enough due to the fatal flaw of EDR systems responding post execution, and their lack of effectiveness to stop or even detect this new breed of sophisticated unknown or zero day attacks. Research by Deep Instinct highlighted that between 2019 and 2020, there was an 800% increase in ransomware attacks, and we found that 80% of successful breaches came from previously unknown malware and zero-day attacks. If EDR was the best possible solution against cyberattacks, why have we seen an increase in the number of attacks? 

EDR solutions monitor malware as it executes and looks for triggers in risky behaviour. They then use cloud machine learning to determine if the threat or behaviour seen is risky enough to alert. This means malware has to execute before it can be picked up and determined as malicious or benign. This process can take between 30 seconds to minutes or even hours, by which point a threat actor could have already deeply entrenched an organisation’s environment and stolen and/or encrypted the organisation’s critical files and data. 

Organisations need to implement solutions such as deep learning, an advanced subset of AI, which can prevent and predict cyberattacks. Designed to mimic the human brain, deep learning can detect and prevent a cyberattack pre-execution in less than 20 milliseconds, which means malware does not execute and infect an organisation’s environments. The technology is independently trained on millions of raw data files, meaning it is able to prevent the most sophisticated and advanced threats, whether they are unknown or zero-day.

With this revolutionary approach to cybersecurity, organisations no longer have to assume that a breach is inevitable. Security teams will be able to proactively stop threats before they happen and gain complete control over their environments. Organisations that implement deep learning won’t just be ready for present-day cloud attacks but future attacks as well, regardless if it’s in the cloud or in a data centre.

What can we expect from Deep Instinct in 2022? 

Throughout 2022 we are going to see more and more organisations implementing deep learning as a cybersecurity solution. Deep learning has evolved rapidly across all technology sectors over the last 10 years and cybersecurity is a critical and natural evolution of the technology. It is the most advanced technology available to combat cyber threats today, and Deep Instinct is leading the charge.

 

Share

Featured Articles

ICYMI: New Age of the CISO and cybersecurity trends for 2023

A week is a long time in cybersecurity, so here’s a round-up of the Cyber Magazine articles that have been starting conversations around the world

Kingfisher chooses Google Cloud as catalyst for growth

Google Cloud will support Kingfisher's digital ambitions with a range of solutions, from infrastructure to data analytics.

ICYMI: Cyber predictions for 2023 and trouble in paradise

A week is a long time in cybersecurity, so here’s a round-up of the Cyber Magazine articles that have been starting conversations around the world

Osirium shares its cyber predictions for 2023

Cyber Security

ICYMI: Unloved emails and cybersecurity worth $500bn by 2030

Cyber Security

Cyber security market anticipated to reach $500bn by 2030

Cyber Security