Last year there were almost double the amount of cybersecurity incidents in companies compared to in 2017, with 159,000 data breaches driven by ransomware or new attack methods.
And the global cost of cybercrime is expected to exceed $2 trillion by 2019.
Gartner recommend organisations with a focus on security adopt Endpoint Detection and Response (EDR) solutions to increase cyber-resilience with hardening, investigation, incident detection, and incident response.
However, in their 2018 “Endpoint Protection and Response” survey the SANS Institute highlight, that only 50 percent of organisations had next-gen antivirus, and 37 percent of these had not activated the advanced capabilities due to its complexities.
Organisations are finding it hard to strike the balance between deploying the best possible network protection without becoming overwhelmed by false alerts which need investigating or simply the complexity of administration.
Advanced cybersecurity systems produce massive amounts of data—much more than any number of people could sort through and analyse – in a relevant time frame.
This is why Artificial Intelligence (AI) and its subset Machine Learning (ML) are applied within EDR solutions, where the software learns to solve problems and think by itself in a way that’s similar to humans. These technologies are able to sift through the vast amount of network data turning it into security intelligence able to detect threat events, traditional antivirus products would miss.
By learning what normal network activity consists such as programs used, user activity and traffic patterns, deviations from these norms show a greater threat potential and can be highlighted and dealt with in a faster fashion.
However, it is here where the threat of alert fatigue can kick in with too many false alerts requiring investigation mean that only a small percentage can be adequately dealt with. Should the security solution require administrator intervention shutting the user or process out this can seriously impact operations.
The EDR solution must be advanced enough so the AI and ML technologies handle routine tasks and first level security analysis, leaving security analysts free to focus on more critical or complex threats.
While not a “philosophers stone” AI and ML are useful tools in your security arsenal to shift the approach from reactive defense to proactive real-time threat hunting and detection.
A new cybersecurity paradigm is born.
Panda Security realised back in 2010 that existing endpoint protection techniques were limited and started from the ground up building a new single platform which is today known as Panda Adaptive Defense 360 providing 100% process attestation, meaning no process is allowed to run until actively classified as good and Threat Hunting included as standard.
This approach was only made possible through the development of a cloud-based automated detection service to classify every new Portable Executable (PE) process and identify and block fileless malware and other threats which ‘live off the land’ utilising legitimate tools – such as RDP, powershell, macros etc – repurposed for their nefarious ends, moving laterally on the network stealing credentials, browsing history, and data.
This concept was further developed into Panda Security’s Threat Hunting and Investigation service, where fed by hypotheses from the experts at PandaLabs Security Operations Center, these technologies can gather and analyze data, trace threats, search for vulnerabilities, respond to breaches, and thus reduce the IT team’s workload. This way we can focus on the really dangerous attacks.
For your free demonstration or trial of Panda Security solutions, contact your XMA Account Manager.