The “JEOPARDY” of Cyber Security
By Ravid Circus, Director of Presales, SecBI
One of my fondest childhood memories is sitting in the living room with my parents and siblings glued to the television watching the legendary gameshow host Alex Trebek announcing “For $300, the answer is “Sacramento”. Instantly, my family would jump up and down shouting, “What is the capital city of California?”.
Most readers of this blog recognize the name “Jeopardy!” as one of the most successful American game shows that has been running for some 36 years, and of course would remember its twist: The answers are given first, and the contestants supply the questions.
As I started to gain experience in detecting and hunting for advanced cyber threats, I always felt like I was playing Jeopardy. If one would have given me the answer, i.e. the specific tools and technique the next attacker will be using, I would definitely know to ask the right question and have the SIEM (Security Information and Event Management) detect it for me. Correlation rules, active lists, threat intelligence (TI) are all answers, but unlike the rules of a trivia game, these security techniques are mostly relevant for questions on cyberattacks that have already occurred, yet not for future “unknown” attacks.
SecBI’s XDR Platform is using unsupervised machine learning to detect advanced threats. Without any pre-knowledge of attack patterns or your network, it analyzes your web, mail and EDR logs and groups them into behaviors. These behaviors are then being analyzed for tracks of suspicious and malicious activity.
Future cyber security tools need to evolve from detecting only known attack patterns to identifying the next “unknown” suspicious behavior. If we fail to move on to unknown cyberattacks, then what we actually playing is “The Wheel of Fortune”, and that game can cost organizations way too much money.