Insider Risk, User Behavior Analytics

The Rise of Predictive Threat Detection

By Dr. Christine Izuakor

Once upon a time, threat detection was based on delayed and reactive notifications associated with rudimentary alerting processes: A system failed, a database of your customer information was found for sale on the dark web, an employee admits to wrongdoing, and more. Addressing these threats was a completely reactive process. Today, we have systems generating tons of information on systems and users that can now be used in combination with artificial intelligence to predict what threats are potentially coming. These technological advancements within the cyber security space, are driving a critical shift from antiquated and reactive threat detection to modern predictive threat detection.

How has threat detection evolved?

Initially, threats were detected based on the realization and aftermath of a problem. Once something failed, an alarm went off, and finally, the monitoring technology knew something was wrong. This approach alerted staff far too late to adequately mitigate the damage that could stem from a cyber attack or potential data breach. The industry eventually began to mature in this space by embracing automation and creating signature-based methods for detecting attacks. Essentially, instead of waiting for something really bad to impact the organization, companies-built lists of what could be considered an adverse event and then assigned an identifying signature. Companies could then “proactively” check for those items in the environment before real damage could be done. This was the start in the shift from reactive threat detection to somewhat of a proactive threat detection approach.

It’s important to note that there is a difference between proactive and predictive threat detection. Proactive threat detection was a step in the right direction, but still was not enough to address continually maturing cyber attackers. The signature-based methods presented several challenges – the most significant being that the effectiveness of the technology was completely dependent on how up to date the signatures were. In order to work, consistent, near-immediate, and frequent additions of attack signatures were required. This made it difficult to account for zero-day attacks in which a signature has not yet been assigned and deployed across the tools.

Attackers would take advantage of the fact that this approach is unable to detect an attack that has never been seen before in the past. Even when attacks were discovered, they could slightly modify their content in order to evade known threat signatures and slip under traditional threat detection radars.

What is predictive threat detection?

According to a Converge tech report, predictive analytics can discover a data breach before it happens. Comparing the concept to a radar that shows the enemy approaching, the capabilities delivered by this technology can show companies when and where attacks may occur. Using this information, organizations then have time to ring alarms, deploy defense mechanisms, and even prepare for war against hackers instead of just waiting for a breach to happen.

The cyber security industry saw extreme value in not only identifying threats before they became a problem but also in making intelligent predictions about what might happen before the threat becomes active. This is a process that is nearly impossible to manage by human beings alone and is often compared to finding a needle in a haystack. For example, employee sentiment can be evaluated based on a series of aggregate behaviors such as exporting raw data, online job application activity, key job-hunting words in emails, and more. Using this insight, the technology can predict potential resignations, data theft, and other undesirable activities.

What value can predictive threat detection provide?

Thanks to this evolution, not only are companies able to predict threats before they become a problem, but they also cut down investigation times when it matters the most. When an incident or attack occurs, AI-based solutions can more quickly and accurately answer questions that can sometimes take weeks or months for a human being to uncover and understand. These advanced investigation tools can help organizations understand who, what, when, where, and possibly even why a breach happened. By mining a variety of data sources, including prior alerts, network traffic information, asset inventories, security logging data, and other relevant points – clusters, associations, and patterns can be discovered. Those are then shared with human investigators who can leverage the insight to make informed decisions. These advantages can also apply to the incident response process. Artificial intelligence-based techniques, such as knowledge engineering and case-based reasoning, can be used to create incident response playbooks that dynamically help incident responders navigate actions required in the event of an incident. By considering prior events and codified insight from cyber professionals, the technology can modify or generate new branches in the central playbook as it learns from new incidents.

What are some challenges associated with predictive threat detection?

One challenge companies are facing with predictive threat detection is that this is still an evolving and maturing space, and tools that can provide such capabilities reliably are limited. While many vendors are currently researching how to deliver on these capabilities, Veriato has already been recognized as a company to watch in this space based on its advancements in intelligent monitoring technology.

Another challenge is that cyber attackers also create attack methods that are based on artificial intelligence. There is a concern that as we leverage AI and work to predict threats, the cyber attackers will continually leverage the same artificial intelligence technology to adapt their attacks and dynamically circumvent detection methods.

Conclusion

Relying on reactive threat detection is no longer an acceptable cyber security strategy. Threats continue to advance and evolve, and in response, companies must do a better job of not just proactively identifying threats – but increasing the ability to predict what will happen next.

How to Rebrand
“Bossware”at Your
Company

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Quis ipsum suspendisse ultrices gravida. Risus

About the author

Dr. Christine Izuakor
Dr. Izuakor is the Senior Manager of Global Security Strategy and Awareness at United Airlines where she plays a critical part in embedding cyber security in United’s culture. She is an adjunct professor of cyber security at Robert Morris University, and independently helps corporations solve a diverse range of strategic cybersecurity challenges.

Employee Monitoring Resources

The Myths and Truths of Employee Monitoring

The Myths and Truths of Employee Monitoring

Early in the pandemic, searches related to “how to monitor employees working from home” increased by 1,705%. Without the oversight of managers in an office setting, many companies are concerned that their employees are less productive, and that there is an increase...

When To be Suspicious About Work-From-Home Employees (or Not)

When To be Suspicious About Work-From-Home Employees (or Not)

Perhaps someone doesn’t answer a Slack message as quickly as they should, or they have long hours blocked on their calendar. Maybe someone doesn’t seem motivated during team meetings or they are slow to complete work. While research has shown that overall,...

Avoid These Employee Monitoring Blunders

Avoid These Employee Monitoring Blunders

In September 2021, 45% of full-time employees were still working remotely, and the trend is hard to reverse. People like the freedom of working from home. Without a commute, they save time. Without a boss looming in the background, they can multi-task at home. And,...