Although most people assume that retailers and financial services companies are at the largest risk of breach – and they certainly are some of the biggest targets for cyberattacks – the federal government is also in the crosshairs of both privately funded and nation-state backed malicious actors. In addition to those seeking to extract citizen data from the federal agencies that are privy to it, the military and intelligence communities are also under constant attack.
One of the key questions facing CISOs, CIOs, and information security managers in the federal government is if the cyber defenses they currently use are capable of defeating cyber threats, both today and in the future. While there’s always a case to be made for tried and trusted solutions, with the scale and sophistication of the threats being levied against the federal government, there’s a case for federal agencies to explore next generation solutions based on artificial intelligence (AI) and machine learning (ML)
To find out more about these next-gen tools we caught up with Finn Ramsland, Cylance’s Director of DoD and Special Programs at CSRA’s Emerging Tech Day. At the event he showcased how AI and ML are revolutionizing information security for federal agencies and what he shared is something our readers need to know more about.
Here is what Finn had to say:
Ryan Schradin (RS): Can you discuss the current state of the threat landscape facing federal agencies? Are the threats facing the government and military different than those facing private enterprise?
Finn Ramsland (FR): Many of the threat actors targeting the federal government share significant commonality with those targeting segments of the commercial sector.
Having said that, the US government has a significant set of high value systems and networks. This makes it a given that specialized or advanced adversaries will always endeavor to compromise and maintain a foot hold within these target sets. Unique threat actors and tools, techniques and procedures are common in these areas, within the government.
RS: How has the threat landscape facing government organizations evolved over the past few years?
FR: Much like the rest of the cyber security industry, the government has seen threats increase in sophistication and has seen the number of capable adversaries increase. We are also seeing much more prolific use of polymorphic malware and of the post-breach use of windows utilities like PowerShell and WMI.
RS: What network and technology trends are making the threat landscape and network defense more daunting and dangerous?
FR: The increasingly ubiquitous use of SSL encryption on networks is making defense more difficult for network based sensors. Additionally, rapidly increasing use of multi-part content delivery in browsers makes it much more difficult to re-assemble and analyze threats on the wire.
RS: What separates Cylance’s solutions from others on the market today?
FR: Cylance offers a new and much more advanced form of Anti-Malware technology. Put simply, Cylance emulates the way a human reverse engineer analyzes potential threats and implements that technique at machine speed and as an active defense and prevention component.
Unique value includes:
- Significantly decreased cadence for detection/content updates (6+ months)
- Minimal footprint (1-3% CPU)
- DoD tested and proven efficacy rates exceeding 99%+
- Works fully disconnected/air-gapped from the internet or even in headless operational modes
RS: How do AI and machine learning defeat malware?
FR: We apply our machine learning methods to static analysis of executables within Windows, Linux and Mac based operating environments. Essentially, Cylance is able to conduct a full bytecode analysis of every file we encounter, in a customer’s environment. Based on the structure and makeup of the executables, Cylance will take operational actions to protect the systems we are tasked with guarding.
Want to learn more about emerging threats? Download the latest Enterprise Strategy Group Survey to get a comprehensive view of top of mind threats and their impact on endpoint security.