With government agencies under constant assault by nation-state and private hackers, along with the ongoing threats posed by insiders, it’s no wonder that federal CIOs spend a huge percentage of time looking for ways to root out the latest compromises in their networks. However, even though new cyber threats can pose tremendous risks to government systems and data, malware is still the largest attack vector, comprising more than 90 percent of all cyber-attacks, according to data presented in a webinar from Blackberry Cylance. Artificial Intelligence (AI) presents an opportunity to change the model from reactive to preventive.
John Wood, Director of Incident Response, and Brian Winkler, Sr. Federal Solutions Engineer for Blackberry Cylance, described the three main cybersecurity issues faced by government agencies:
- Mission Impact – Systems and data need to be protected, whether they support military intel or cancer research.
- Excessive alerts – Even after years of advancement and throwing people at the problem, there are still too many alerts for most IT staffs to handle effectively.
- Too many tools – Differing technology from separate manufacturers gets in the way of effective monitoring, management, and mitigation.
The risks to agencies are well-known, including loss or corruption of critical data and intellectual property, disruption of operations, and loss of public confidence in the government’s ability to protect personal data. But, with 40,000 new malicious binaries created each hour (not including code that is designed to mutate each time it installs) and five malware events per second, traditional anti-virus strategies are rendered useless.
If detection schemes no longer work, since they depend on knowing what to look for, CIOs and CISOs should a prevention strategy driven by AI, the panelists said.
In a Prevention-based Incident Containment model, Winkler said, every endpoint is assessed. AI is used to find malware, potentially unwanted programs (PUPs), and compromised credentials, allowing containment with a single click. “A large number of breaches start with malicious code. If we can stop execution, these attacks would be less of a burden so we can concentrate on more advanced threats,” he said. In contrast, traditional incident response (IR) is reactive and time consuming; it’s based on tools detecting “something,” alerting personnel who then have to chase down every alert. It can require hardware or appliances in the environment for additional visibility, and increases capital costs.
An AI solution, such as Cylance Protect and Cylance Optics, the panelists explained, predicts the emergence of malware and can block attacks months before they are first detected in the wild. This capacity makes them effective on more than 99% of malware before it can execute. These solutions, which Winkler described as simple to employ and lightweight, work with cloud, hybrid and on-prem environments, and are FedRAMP qualified for cloud and hybrid enterprises.
Still, Wood said, those tasked with cybersecurity for government systems need to use every resource at their disposal. Break-ins are inevitable, through phishing, inadvertent errors, misconfigurations, as well as malicious actors. He explained that intrusive code is “noisiest” when moving laterally through the network, making it the best time to catch an intruder.
Wood advocates a comprehensive approach utilizing multiple strategies and tools. “Everyone understands layered security. There is no panacea out there; you still need all of those other defenses.” An AI-driven suite of tools, the panelists said, offers a much more effective way to prevent intrusions, eliminate active threats, and protect against emerging ones.
Ready to learn more? You can do that here.