As cyber threats continue to grow in frequency and severity, traditional approaches to security have become less effective.
That's because the bots that facilitate incremental threat-levels are becoming smarter. They're now able to scour the internet for vulnerable applications and deceive even the most advanced of firewalls. Blocking all bots however, is not an option (even if it were possible), as they have become an integral component of the internet, improving customer experience by helping users achieve what they want to do. And with security strategies struggling to differentiate between the good bots and the bad bots, everyone is a target.
Newer technologies such as layered and endpoint security are coming forward as important ways to shore up defences and prevent headline-grabbing data leaks and ransomware attacks.
But what are organisations doing to combat the growing number and complexity of attacks? Here are four key strategies that are leading the battle for cyber threat detection and prevention.
AI and machine learning
Everyone is talking about AI and machine learning, and it can be hard to establish the practical applications around the buzz. Despite this, both AI and machine learning are emerging as a leading technology in security, with the potential to practically transform the landscape in the next few years.
Endpoint security technologies are beginning to use machine learning to ensure that applications are running securely by monitoring deviations from known good' code activity. Historically, this has been difficult to do due to the sheer quantity of data involved in various systems, but it is now getting easier to reliably and cost-effectively collect and analyse data in the cloud to spot patterns using machine learning.
Vendors are also incorporating artificial intelligence and machine learning into their security products to identify patterns of behaviour that are normal, as opposed to threatening.
Traffic management tools that employ machine learning, such as web application firewalls (WAF), can now quickly build and implement mitigations that help address new and evolving threats. Many even provide advanced bot management capabilities that can help alleviate security concerns by accurately distinguishing between human and machine users. While they are not entirely foolproof, WAFs provide enough of a barrier to dissuade bots from targeting your applications. Instead, the bots move on in search of weaker prey.
Technical integration
Some of the competing technologies in the market are consolidating, which will ultimately lead to more breadth and depth of protection from single products, and therefore more effective security suites.
Prevention-focused tools such as anti-malware and application integrity protection are beginning to pull in detection-focused capabilities such as endpoint visibility and control, user behaviour monitoring and analytics.
Technical integration from consolidation can only be beneficial to organisations looking to make their security tools easier to manage and more effective in detecting and preventing attacks.
Merging existing and new technologies
They may be increasingly seen as outdated, but anti-malware, patch management and secure configuration management are still widely adopted due to legislation such as the Data Protection Act (and its incoming replacement, GDPR) as well as industry regulations. Security buyers complain that these technologies are ineffective against advanced attacks, but are required nonetheless.
Merging old technologies with modern technologies such as machine learning and artificial intelligence provides the benefits of security automation and the prevention of new, unknown threats. Certainly when it comes to cyber security, there's no such thing as too much protection.
Passive inspection technology, which limits the impact on the application, is also available: signatures, DNS checks and browser capabilities can be equipped to form an intelligence-enabled, defense-in-depth strategy that goes a long way to enhancing security.
Automated browsing defenses can be deployed which enhance traditional security methods by including behavioural analytics and device 'fingerprints'. These help to initially identify and catalogue non-human browsers, even if IP information changes.
Flexible endpoint solutions
User and application behaviour monitoring have usually been performed in isolation by separate technologies, but the two are beginning to integrate in ways that are offering businesses more advanced insight into future solutions.
Cloud technology is helping with this, as endpoint protection platforms that consolidate security in the cloud make it much easier to prevent, investigate and search for potential threats and vulnerabilities through a common, cloud-delivered platform.
Some cloud security platforms are integrating artificial intelligence and predictive technologies, which is able to learn from normal endpoint activity patterns to quickly spot evolving attacks, and identify where they originated.
With these integrations, and the continuous use of intelligent automation via AI, future security suites will be able to automatically identify malicious user and application behaviour and contain it without the involvement of skilled security analysts.
