Can security teams finally regain the advantage over cyber attackers?

Cyber security has often been described as a game of cat and mouse, with both sides constantly seeking to outmanoeuvre each other and gain the advantage.

But in this analogy, the cyber attackers are always the cats, and the defenders are doomed to be the mice. The threat actors are the predators on the hunt – they always start the chase, so they always have the initiative. On the other hand, security teams and the organisations they protect are forced to be on the defensive, scrambling to be a step away from disaster.

Worst of all, a single mistake could cost the defenders everything, while the attackers only need to win once. And even if they don’t catch the mouse, there’s always another one to chase.

Alongside the advantage of being the aggressor, the cyber criminal community has also proven time and time again that it is a dangerously agile and innovative foe. While many cyber attackers are opportunistic criminals looking for the easiest path to an illicit paycheque, there are extremely skilled individuals continually discovering zero-day vulnerabilities and pioneering new malware and attack techniques. These innovations eventually trickle down to common criminals until they are a standard part of the attacker toolkit.

Why are cyber attackers always a step ahead? 

Over the last couple of years, we have seen some of the most dangerous advances in the cybercrime domain. Prominent trends include the exploitation of supply chain connections, and a move towards fast acting, high-impact attacks.

And crucially, whenever the security industry adopts a new strategy or technology to bolster their defences, the adversaries never take long to counter or undermine them.

AI technology is one of the most prominent examples. Machine learning (ML), the most common practical subset of AI, now plays an increasingly central role in threat detection and analytics. Many organisations consider it to be something of a secret weapon against cyber threats. Adversaries, however, have shown they are not only able to keep ahead of ML technology, but can even subvert it to their advantage.

Why even machine learning is being outpaced

ML technology is highly valued for its ability to identify patterns and links in data that indicate a potential attack. These solutions are trained with manually inputted datasets to distinguish between benign and malicious behaviour. The end result can crunch through data and discover threats far faster than a human security professional.

However, there are limitations to what traditional ML can achieve, particularly as it is fundamentally tied to known threats. Previously unseen tactics such as zero-day vulnerabilities and new malware strains will have a high chance of evading detection, leaving the business exposed.

Why the complexity of the cloud is an advantage for attackers

In addition, threat actors have a perpetual advantage over organisations amid digital transformation and cloud migration efforts.

IT estates have become increasingly large and complex as firms pursue their digital agenda, with most organisations employing both multi-cloud and hybrid strategies. While this provides the agility and cost-effectiveness necessary to stay competitive, it also results in a larger attack surface that is harder to manage and protect effectively.

This highlights a critical failing of reactive solutions like machine learning—powered defences. While much faster and more efficient than any human, these tools must still wait for a threat to be present within the environment. In a complex IT environment full of potential attack paths and blind spots, it is often all too easy for an adversary to deploy a rapid ransomware attack that inflicts serious disruption before the defensive solutions can act.

Why deep learning is the key to regaining the initiative

If they are ever going to regain the advantage over their attackers, defences must identify and block threats before they ever have a chance to execute. One of the best options here is to go beyond machine learning and take it to the next level with deep learning.

Deep learning (DL) is the most advanced subset of AI that currently exists. While it appears similar, the technology differs significantly from its ML cousin because its automated capabilities allow it to choose the features that are part of its dictionary, rather than have a dictionary comprised of features selected by humans. As a result, DL can accurately predict and identify dangers such as zero-day threats.

The intricacy of the training method also makes DL solutions resilient to the threat of adversarial AI as the process is too complex to be poisoned with false datasets. Furthermore, it can do so with blistering speed and near-perfect accuracy. DL tools can identify and block incoming malware in less than 20 milliseconds, and pinpoint threats with more than 99 percent accuracy. Even the fastest acting ransomware is neutralised before it even has a chance to execute within the environment.

Armed with the speed, accuracy and the power of deep learning, security teams can finally stop playing the mouse, and start taking proactive measures against today’s aggressive cyber threats. Threat actors that are used to always being in a position of power will find their attacks are over before they begin. DL enables organisations to regain the advantage at last, keeping a step ahead of their adversaries and blocking attacks before they can ever truly become a threat.

Bar Block is a threat intelligence researcher at Deep Instinct