Gordon Gekko, lead baddie in the movies “Wall Street” and “Money Never Sleeps”, would surely feel tune with today’s cybercriminals. Virtual villainy doesn’t sleep either. Whether it’s a zero-day threat or some other app or software vulnerability, there’s always a hacker out there somewhere that’s ready to exploit a security defect, day or night.
Sleep has been taken out of the exploit equation. Cybercriminals now understand the power of software, not only to put threats into action, but also to relentlessly accelerate the mutations of threats that make life so hard for conventional defenses.
What’s the answer? Some security teams are scrambling to hire the best talent they can find. They’re paying top dollar for security experts on the market capable (they hope) of stemming the flow of mutated malware. They believe that humans can outsmart malware robots. In one sense, they’re right. Security strategy and posture must always be defined and driven by people who understand the hacker mindset and know about the tools that are available to cybercriminals.
However, in three other key respects, this hiring approach falls flat on its face. First, there isn’t enough talent to go around: demand is far greater than supply. As a result, companies pay exorbitant salaries or hire unqualified personnel (or even both). Second, a human being checking for new versions of malware cannot keep up with the software that produces them. Where humans may take days, software takes just seconds. The human solution simply isn’t scalable. Third, human beings must sleep – otherwise they go insane, which makes your security problems even worse.
It’s time to fight fire with fire. Only smart software that recognizes and calls out malware mutants can allow the good guys (people like you) to effectively defend against the evil hacking hordes. That also means that the software to save your enterprise from bad actors, rogue apps, and wicked websites must constantly adapt to changes in the threat landscape.
Machine learning (ML for short) is the secret sauce in an effective and adaptive security testing system. It allows the system to spot new variants of malware, catalog them, test against them, and continually expand its knowledge base. All without human intervention and at blindingly fast speeds, a vast improvement over outdated static virus signature approaches. ML is like having your own virtual, private army of experts, alert and active round the clock.
So, if cybercriminals and their mutating software don’t sleep, it’s no longer a problem. Machine learning, properly designed, means your security test software and the algorithms that drive it won’t sleep either, but will simply keep getting better and better.
All of which means, finally, that you personally can sleep soundly, confident in the knowledge that machine learning has got your back and will filter out bad actors and their apps, software components, and malware farms long before they have any chance to do any damage. If you doubt it, take a moment, and ask yourself: What would Gordon Gekko say..?