3 Layers Technologies have Partnered with CYBOWALL to Provide Their Clients AI-based Threat Detection to Combat Emerging Cyber-Attacks
Cyber-attacks and information security vulnerabilities have become one of the major threats facing organizations. On its website, the Philippine National Police (PNP) Anti-Cybercrime Group reported that there are 869 online scam cases from March to September 2020. This is higher by 37 percent compared to 633 in the same period in 2019.
The start-up company, CYBOWALL, is one of the few companies to utilize Artificial Intelligence (AI) in the fight against cyber-crime. Their unique technology autonomously learns new attack patterns, proactively prevents cyber breaches and optimizes overall SOC handling ROI.
Using its “Attack Hunter” engine, CYBOWALL analyzes massive amounts of data and allows ongoing monitoring of customers’ existing systems and software in an appropriate way to monitor and detect potential cyber-attacks on time and reduce their risks and impacts.
As of early 2021, 3 Layers Technologies, a value-add service provider focusing on Network Security, Optimization, and Cybersecurity, started marketing and reselling CYBOWALL to clients in the Philippines region.
Ziv Simhon, VP Business Development & Sales at CYBOWALL, said: “We see the collaboration with 3 Layers Technologies as a vital asset in our partnership ecosystem. It serves as an entry point into the Philippines and as a steppingstone for CYBOWALL to enter the South Asian market. `We are certain that using 3 Layers Technologies’ expertise will enable security and IT teams in the Philippines marketplace, to enhance cyber-attacks detection, with our unique CYBOWALL product accompanied by our powerful Autonomous Machine Learning & Multi-Step Attack Hunting Engine (known as the Attack Hunter).
Reggie Waje, Chief Technology Officer of 3 Layers Technologies said, “We see CYBOWALL as a great fit to our current offering. It is perfectly aligned with our solutions and completes the story of our cybersecurity offering: identity, protect, detect, respond, recover and continuous monitoring. Above all, we value the platform’s ability to manage many security engines from one dashboard and believe it can be a game-changer in the Philippine market, especially in the SMB/SME sector.
CYBOWALLis a non-intrusive, agentless solution that continuously monitors your network across all protocols and extends to all endpoints. It combines multiple cybersecurity tools and capabilities in one solution to monitor and protect IT networks in real-time, detecting and reacting to threats as they arise, providing a unified defense platform against a continuously evolving threat landscape.
About 3 Layers Technologies
3 Layers Technologies is a preeminent value-add distribution company in the Philippines focusing on Network Security, Optimization and Cybersecurity which is its core strength. They offer advance cyber security solution that is not yet heard or have no presence in the Philippines.
Utilizing SOC Automation to Enhance Threat Detection
Cybercrime has gradually evolved into a thriving industry and is expected to inflict over $5 trillion worth of damages annually by 2021, making the prevention and detection of cyber vulnerabilities paramount. Persistent efforts by enterprises to combat and mitigate the risks arising out of cyberattacks have led to the convergence of AI (Artificial Intelligence) and ML (Machine Learning), across the cybersecurity landscape, triggering the onset of automation practices. Cybersecurity automation is being hailed as the next big step in information security, attributed especially to the cumbersome endeavors required for manually managing cybersecurity policies.
Reports from cybersecurity experts and industry research have consistently highlighted the shortage of skilled IT security personnel. In 2019, it was estimated that over 40% of organizations lacked the required cybersecurity skills to improve their security posture. Ironically, this is also one of the biggest challenges while implementing cybersecurity automation, with only 30% of organizations featuring an in-house team capable enough to use security automation.
ABOUT CYBERSECURY AUTOMATION
Today, there are numerous cybersecurity products designed to automate processes. For instance, vulnerability management products such as anti-malware may be set up to scan and automatically detect BYODs (bring your own device) on an organization’s system. These products identify cyber threats and eliminate identified defects based on the security protocols outlined by the organization. When talking about adopting new best practices in automation, gurus in this industry refer to security equipment like Robotic Process Automation (RPA), and Security Operations Center (SOC) automation are used when a security operations center automates aspects of their cybersecurity defense such as detection, investigation, and response. One of the more common types of SOC automation is via SOAR (Security Orchestration Automation and Response).
SOC AUTOMATION – USE CASES
The goal of SOC automation is to augment the SOC team to speed up the time from detection to remediation. Most SOCs face a lack of manpower which makes it overwhelming, if not impossible, to handle the number of alerts the SOC sees each day. By automating aspects of the SOC, the SOC team can focus on complex threats and not waste time on benign alerts or known threats. Known threats can be quickly resolved by automating the response process.
Research has identified the following seven unique use cases for SOC automation.
1. Incident analysis
Various AI techniques are used to mine data on security incidents, parse them based on parameters, cluster them for commonalities and assign risk scores. The core role of SOC analysts is to monitor for threats, but historically, this has required tedious and repetitive triage for them. This could result in misidentified threats, inefficient use of highly skilled analysts, staff burnout and turnover. AI helps scale analysis efficiently by casting a wide net that continues to grow wider and wider.
2. Landscape analysis
AI is harnessed to defend widening topologies. Companies are digitizing more and more of their operations. This includes updating old and developing new internal, often hybrid, platforms and networks. As more employees use cloud apps and mobile devices for work, not to mention increase IoT configurations, the enterprise security perimeter spans far beyond the organization’s traditional “four walls.” Extensive network and endpoint security resources are required to manage all communications, transactions, connections, applications, and policies. These resources are often disconnected, thus limiting visibility and details of the risk profile. AI can support, reach and scale across these heterogeneous topologies while correlating threats and assessing how one threat may impact another resource.
3. Incident detection
This SOC automation use case helps differentiate and prioritize different classes of threats and distributes notifications or prevention activities accordingly. This could take many forms, from automating ticket creation and adding pertinent remediation information to detecting the presence of malware before malicious files are opened. AI-powered incident detection is obviously crucial for preventing attacks as it reduces dwell time and accelerates time to repair, but it is also enabled preemptive and proactive measures.
4. Incident response
AI is used to preempt malicious attacks by automating containment actions; orchestration of software, devices or networks; or the deployment of other specific safeguards. Incorporating AI’s predictive capabilities helps complete the shift from reactive cybersecurity mitigation to a proactive cybersecurity strategy in an enterprise’s fight against hackers. The use of AI-powered incident response applications in organizations today remains incremental, but a proactive approach to the never-ending cybersecurity storm is critical for enterprise security.
5. Emergent threat mitigation
SOC automation is used to learn about novel threats by recognizing patterns or clusters and then providing feedback. Some companies are training machine learning algorithms to recognize attacks perpetrated by other machine learning algorithms, such as smart malware or artificial hackers and bots that personalize attacks tailored to specific victims.
These emerging, AI-based threat mitigation techniques will prove useful as attack tactics, such as malware, botnets, and ransomware, continue to mutate along with the pernicious ways AI is used to target and manipulate user and business vulnerabilities.
6. Gamification of security training
AI can also be used to simulate diverse types of attacks and make the education process more fun, engaging and competitive for security analysts. Microsoft’s Into the Breach exercise is one example in which the company divided SOC analysts into different teams. The teams were challenged to defend against AI-generated threats, which were developed based on data and techniques derived from real-world attacks.
While nascent, this SOC automation application has the potential to scale a culture of security far beyond the SOC. Not only will it make security training more accessible, personalized and fun, but it can also arm the front line of cybersecurity with essential awareness and security workflow best practices.
7. Human SOC analyst augmentation
This is the AI market’s parlance for how AI is used to optimize humans’ threat intelligence and mitigating actions. Although automated techniques are better at managing the volume of potential threat vectors, AI is not equipped for complex problem-solving. Human analysts remain the essential arbiters to develop controls, explain threat techniques and uncover attackers’ motives. Tests show that the highest performance and accuracy of machine learning are often achieved due to a combination of human and AI intelligence. Thus, AI is unlikely to completely displace SOC analysts but rather supplement the team’s efforts and talents.
CYBOWALL / CYBOSOC – AN AUTOMATION-MANUAL HYBRID SOLUTION
CyboWall is a next-gen cybersecurity solution that utilizes Artificial Intelligence & Machine Learning to reduce the complexity of cybersecurity and provide an integrated platform with uniﬁed visibility and management.
CyboSOC is a cloud-based management application tailored to manage many CyboWall through one management dashboard console. CyboSOC has been created to allow MSP / MSSP organizations that are servicing end customers using their analysts, to manage and monitor several CyboWall entities within one management application.
CyboSOC Superior management platform allows MSPs and MSSP to connect to all CyboWall entities that are spread across end customers’ sites and multisite organizations, whether they are deployed on-premise (Agentless), or operational through a cloud (agent-based).
CyboSOC main features:
- Remote monitoring and management over different end-customers’ entities which operate CyboWall under one management platform.
- Clear vision on ongoing breach attempts in every CyboWall (which is assigned to an end-user site).
- Remote analysis of ongoing alerts and events of every remotely monitored CyboWall, including visibility on Cyber-attacks over these entities.
- Centralized management of every CyboWall, (end-user), with assignment of new tenants, billing and invoicing procedures.
To learn more and to book a demo click here.
Written by: Ziv Simhon, VP of Sales at CYBOWALL
Can AI Solve the Lack of Manpower & Expertise in Cybersecurity?
There are several factors why organizations today lack in house AI & cybersecurity expertise:
- Cybersecurity and AI professionals are in high demand, but not enough supply exists.
- According to a research carried out in the UK cyber security labor market, on behalf of the Department for Digital, Culture, Media and Sport (DCMS), approximately 680,000 businesses (50%) have a basic skills gap in cybersecurity.
- The responsibility for cybersecurity handling in small-medium companies usually placed on the IT Manager who has limited time and resources to stay current with new and innovative technologies and releases.
The problem is made worse by the fact that it takes human analysts to comb through the security alerts and other “noise” to identify possible threats to the organization. This is not possible with a small IT team. Even when a company has a full complement of specialized cybersecurity teams, systems, and other resources, this still can occur.
The use of Artificial Intelligent (AI), and Machine Learning (ML), can significantly improve security by increasing the amount of data that can be analyzed – a particularly important aspect of threat detection. There is no doubt This would reduce the likelihood and impact of cyber events. AI and ML can uncover more security vulnerabilities and identify real threats faster than humans can. Despite this, due to a lack of well-trained AI/cybersecurity team members, the burden of cybersecurity threat detection often falls on unqualified and inexperienced IT staff, which subsequently increases an organization’s risk of becoming a target.
Consider the overwhelming volume of threat alerts that cybersecurity teams are exposed to each that could easily reach more than 5,000 per day. In this case, AI can feed these alerts through powerful threat models to assign severity profiles, so that busy security teams can quickly investigate them and present the higher-risk ones, rather than others that are just “noise.” This drastically helps to reduce the number of alerts that must be dealt with each day.
The use of artificial intelligence in cybersecurity tools like CYBOWALL becomes a win-win: Not only do they help find real threats, but they do it much faster than past methods. For instance, where human teams may have once required days (or even weeks) for exploration and understanding the nature of cyber threats in their network, these AI capabilities can complete the analysis in just a matter of seconds.
An effective threat detection solution must work across the entire organization – overall physical sites, remote users, data centers, and cloud environments. If security teams need an extensive stack of tools to do this, it adds extra effort and complexity, which equals lost time and risk to properly detect, verify, and stop attacks.
CYBOWALL allows its users to automatically process no less than 8 security engines through a unified management platform that includes asset management protection, vulnerability assessment, intrusion detection, anomalies, malware hunter, honeypot, file integrity monitoring, and SIEM. These are orchestrated by a powerful AI Attack Hunter, an autonomous machine learning & multi-step g and multi-step attack hunting.
This innovative approach enables the IT security teams to monitor larger volumes of suspicious behavior while reducing the false positives, giving the teams a load of work that can handle. The fact that the results from all these security engines are collated into one easily managed dashboard means that the IT security teams don’t have to toggle from one solution to the next, saving them precious time while increasing productivity.
So to answer the question of whether AI can solve the lack of manpower and expertise in cybersecurity, the answer is a resounding yes.
To learn more and to book a demo click here.
Written by: Ziv Simhon, VP of Sales at CYBOWALL
User & Entity Behavior Analytics (UEBA), Explained
User and Entity Behavior Analytics, or UBEA, uses large datasets to model typical and atypical behaviors of humans and machines within a network. This means that UEBA can detect non-malware-based attacks because it analyzes various behavioral patterns. UEBA also uses these models to assess the threat level, creating a risk score that can help guide the appropriate response. Increasingly, UEBA uses machine learning to identify normal behavior and alert to anomalies and risky deviations that suggest insider threats, lateral movement, compromised accounts, and attacks.
Baselining is key to a UEBA system, as it makes it possible to detect potential threats. The UEBA system compares the established baseline with current user behavior, calculates a risk score, and determines if deviations are acceptable. If the risk score exceeds a certain threshold, the system alerts security analysts in real-time. By defining such baselines, UEBA can identify suspicious behavior, potential threats, and attacks that traditional antivirus may not detect.
The 3 Pillars of UEBA
- Use cases: UEBA solutions report the behavior of entities and users in a network, to detect, monitor, and alert on anomalies. UEBA solutions need to be relevant and support multiple use cases.
Gartner sees UEBA being applied to use cases where finer-tuned analytics and gathering more context is essential, including:
– Malicious Insiders
– APT groups leveraging zero-day vulnerabilities
– Data exfiltration involving novel channels
– User Account access monitoring
- Data sources: UEBA solutions can ingest data from a general data repository. Such repositories include:
– Data warehouse
– Data lake
– Security Information and Event Management (SIEM)
- Analytics: UEBA solutions isolate anomalies using analytic methods, including machine learning, statistical models, rules, and threat signatures.
UEBA vs. SIEM
Security information and event management (SIEM) is the use of a complex set of tools and technologies that give organizations a comprehensive view of their IT security system. It makes use of data and event information, allowing visibility into normal patterns, and delivering alerts when there are unusual circumstances and events. SIEM is similar to UEBA in the sense of using user and entity behavior information to define what is considered a normal behavior and what is not.
SIEMs are good security management tools but are less sophisticated when it comes to more advanced threat detection and response. SIEMs can handle real-time threats rather easily, but they may be unable to detect sophisticated cyberattacks. This is because sophisticated cyberattacks avoid simple one-off threats and instead engage in an extended attack that can go undetected by traditional threat management tools for several weeks or even months.
On the other hand, UEBA solutions can detect more sophisticated threats, such as those that might be undetectable today but over time display a surprising pattern. Malvertising is an example of this, a seemingly harmless advertising applet downloaded to a browser that collects user data or infects a user’s device.
By stacking UEBA and SIEM tools together, enterprises are better able to defend themselves against a wide range of threats. By focusing less on system events and more on specific user or entity activities, UEBA builds a profile of an employee or entity based on usage patterns and sends out an alert if it sees unusual or suspicious user behavior.
With UEBA suspicious user behavior can be detected in the cloud, on-premises, and inside business applications – with an unparalleled time-to-value. Other benefits include:
- The primary pro of UEBA is that it allows you to automatically detect a wide range of cyber-attacks
- Because UEBA allows fewer security analysts to do more, it can also significantly reduce your cybersecurity budget
- UEBA can drastically reduce the detection time of malware outbreaks by using algorithm-driven analytics to detect beaconing, lateral movement, or weaponization
- Outputs from the UEBA module can be correlated with SIEM events, making the original events more insightful than ever
- Discover suspicious user behavior by statically or dynamically enriching the original log data using the information from machine learning
- Incidents can be visualized using dashboards and search templates for faster threat hunting
UEBA + SIEM
With CYBOWALL you don’t have to settle for either as it offers both SIEM and UEBA technologies. In addition to those, CYBOWALL offers 7 other security engines that help protects the organization from ongoing threats and cover:
- Asset Management
- Vulnerability Assessment
- File Integrity Monitor (FIM)
- Intrusion Detection (IDS)
- Malicious Traffic Detection
- Malware Hunter
The above security solutions are orchestrated by UEBA as well, and by a powerful Attack HunterTM; an Autonomous Machine Learning and Multi-step Attack Hunting Engine. Together, they allow organizations to manage all security threats from one unified platform, offering more protection than any other solution in the market.
To learn more and to book a demo click here.
Written by: Moshe Amiel, Cyber & AI Expert, Advisory Board Member at CYBOWALL
Top 10 Innovations in Cybersecurity
Technology is evolving rapidly and changing the way businesses operate.
Emerging technologies such as cloud computing, Artificial Intelligence (AI), automation, and the Internet of Things (IoT) are creating unprecedented opportunities for businesses to unlock new value.
However, this value is not assured. As technology evolves, so does the cyber threat landscape that organizations must navigate. In fact, it is estimated that the cyber threat globally slows the pace of technology innovation by as much as USD 3 trillion in lost economic value in 2020.
The shortage of skilled security personnel, complex compliance requirements, incessantly evolution of cyberattacks, and perilous insider threats continue to be the most prominent ongoing cybersecurity challenges. In this article, we will discuss the recent innovations that aim to solve these challenges.
1. Unsupervised Machine Learning
Even though Artificial Intelligence (AI) and Machine Learning (ML) have changed the name of the game, they are certainly not new concepts, utilizing them to enhance cybersecurity posture however is. Unsupervised AI & ML, actively hunt for new attacks and automatically adapt to new cyber threats in the market. They also can continuously learn and improve with every attack, making it a powerful tool when facing cyber threats. Not only do they warn about upcoming threats, but they also provide valuable insights on remediation and avoidance of such incidents.
One solution which provides a hybrid model of supervised and unsupervised information is CYBOWALL, an emerging cybersecurity startup with several security engines for enhanced threat detection on small and large sets of data.
2. Behavioral fuzz testing
A method that focuses on attacking one’s enviorment, by onloading the fuzzy algorithm (random unclear data) to confuse the system and ultimately making it crash. This allows DevSocOps teams to examine the possible effects of an unknown attack.
3. Attack Surface Discovery
when COVID-19 hit in early 2020, it captured the world by surprise and the cybersecurity arena was no different. Adaptation to the new remote work routine caught organizations unprepared for new potential cyber risks. An innovation that sprung to life, is the idea of continuous attack service discovery and testing to minimize the gap between growth and development. This new type of approach doesn’t rest on its laurels, i.e. focusing on current attacks, but proactively maps and organizes all organizational assets and endpoints that are exposed to the Internet. By doing so, it allows companies to explore their own weaknesses or paths of last resistance and stay ahead of cybercriminals who are constantly finding new ways to breach various systems.
4. Secure Access Service Edge (SASE)
The pandemic has triggered remote working culture, cloud adoption, and online collaboration which is only set to grow in the future. That is why organizations’ network security is transforming from LAN-based appliance models to cloud-native security service models, including SASE. SASE technology enables organizations to robustly secure remote workforce and cloud applications by routing the network traffic through a cloud-based security stack.
5. Zero-Trust Network Access (ZTNA)
Yet another pandemic-related innovation that has recently surfaced is ZTNA. IT departments used to rely on Virtual Private Networks (VPNs) to facilitate access to the corporate network for the remote workforce. As COVID-19 pushed almost all employees to remote working, VPNs proved woefully inadequate. ZTNA has emerged as a more secure option for organizations to control remote access to specific applications. It is a technology that provides controlled access to resources, reducing the surface area for attack. The isolation afforded by ZTNA improves connectivity, removing the need to directly expose applications to the internet (Source: Gartner).
6. Encryption Technology
Encryption technology has been used for hundreds of years, but it has recently become more advanced than ever before. We see new encryption methods appearing every month, and there are plenty more on the horizon – like quantum key distribution (QKD) systems that use quantum mechanics to encrypt data.
Quantum key distribution offers greater security than other encryption methods because quantum mechanics used to encode data cannot be cracked using traditional methods. Apart from QKD, different new types of encryption are being developed as well. They include homomorphic encryption, Blowfish, Rivest-Shamir-Adleman (RSA) encryption, and more.
7. AI Attack Huner
IT and security teams are often overwhelmed by the number of SIEM alerts triggered by different solutions – typically, organizations can see a peak of hundreds of thousands alerts a day, overwhelming their Security Information and Event Management (SIEM) system. With so many alerts to review, a security team can end up with alert fatigue, causing them to potentially ignore a high number of alerts and even miss cyberattack attempts. In addition, the alerts related information by itself, does not always lead you to the true understanding of the specific attack scenario that is happening, hence detection, mitigation, and response may take longer than expected. The Attack Hunter provides high efficiency in event filtering and attack pattern identification, which adds much-needed precision and saves a lot of time and manpower in the SOC.
An emerging Israeli startup by the name of CYBOWALL addresses the problem with an AI ‘Attack Hunter’, an Autonomous Machine Learning and Multi-Step Attack Hunting Engine, that dramatically reduces the false plosives while increasing the true positive. It does that by using machine learning to detect and autonomously learn new attacks by clustering together a series of IOCs into a static super-class event – GIOC. That allows the Attack Hunter to filter and correlate massive amounts of alerts into few designated cyber-attacks. Attack Hunter uses consistent datasets that are better suited for machine learning and AI algorithms to detect and learn new attack.
8. Security Process Automation
The lack of experienced security staff is set to promote organizations to increasingly rely on security process automation. Security automation tools eliminate repetitive security operations by automating them based on pre-established rules and procedures. Thus, the security tasks can be performed quickly, effectively and with fewer errors.
9. Cryptography Verification
Cryptographic tools let companies confirm they’re talking about the same person without having to actually share any data with cybersecurity solutions or even with each other, meaning fewer opportunities for data breaches or privacy violations.
10. Advanced Biometrics
New biometrics technology enables agile authentication and fraud prevention across voice and digital channels. The underlying technology leverages 4th generation of Deep Learning AI algorithms that reliably identify individuals by voice, behavior, and other human characteristics.
Next Up With Cyber Security Trends
These cybersecurity innovations in 2021 are bound to present more opportunities for organizations to stack their security measures. It is expected that organizations will spend more than ever with $100+ billion on protecting their assets alone this year.
With infrastructure security a significant part of almost every organization today, it would be an excellent choice to start their learning curve in cybersecurity today to become experts for tomorrow. Skilled and experienced cybersecurity employees are among the highest-paid professionals in the IT industry.
Gearing up your security game and keeping pace with these cybersecurity innovations is the best call today, and we can help. Cybowall will equip you with the solution you need to stay ahead of the curve of innovation. You will learn comprehensive approaches to protecting your infrastructure, including securing data and information, running risk analysis and mitigation, architecting cloud-based security, achieving compliance, and much more with this best-in-class program.
To learn more and to book a demo click here.
Written by Vadim Latsman, Software Engineer at Cybowall