By Kumar Ritesh, Founder and CEO, CYFIRMA
Cyberattacks are expected to increase exponentially in volume and sophistication, yet defences remain rudimentary. Overwhelmingly, security efforts by most organizations focus on building strong defensive walls designed to keep malicious actors, viruses and programs out; the reality is that these defensive walls will only last until the attackers find a way to jump over the wall.
Organizations must move towards ensuring their systems, networks, environment and data are resilient and capable of self-defence.
Drawing references from biology
The battle between the virus and its target (in biological terms, the “host”) has been going on in biological organisms for millions of years. Through evolution, human beings have developed sophisticated defence systems that block external viruses and bacteria and at the same time monitor and attack internal threats. Just like the COVID-19 pandemic the world is witnessing right now, new virus strains will develop, and over time, the human physiology will develop antibodies to fend off attacks.
Our skin is the first layer of defence, acting as a sophisticated barrier much like a firewall. Skin prevents external threats and can repair itself after an attack. Its capabilities are complemented by the work of the immune system, which acts as a second layer of defence.
Our immune system is like a self-policing, machine-learning mechanism. It monitors the internal environment of the body; defines and learns what is considered normal cell behaviour; and when an anomaly occurs, reacts to it in real time.
The future of cyber security lies in self-defence systems
While the human body is unable to win every battle against viruses and foreign elements, its self-monitoring, learning and healing capabilities provide insight into how future cyber security solutions should work.
The self-defence system should be able to identify abnormal foreign elements, activities, programmes and mal-codes using adaptive machine learning based on an understanding of normal system, application and data flow behaviour.
The system should also be able to independently restore normal functionality by making foreign elements and malicious programs dysfunctional.
Self-Defence Systems Framework
I see four key elements as fundamental components of self-defence systems. These core elements are essentially the refining of an automated set of rules designed to monitor system behaviour, diagnose potential abnormalities, reactivate the system by removing malicious components and, finally, incorporate new normal / abnormal behavioural patterns into the system.
These capabilities are made possible by increasing the core elements of artificial intelligence, machine learning and predictive analytical technologies.
Continuously check against baseline, enrich the decision engine with ‘inside-out’ and ‘outside-in’ intelligence to identify new threats
Identification of the abnormal attribute and correlation of situations
Revitalization with state-based revival model by making bad functions, unknown programs and foreign executables dysfunctional
Acclimatize and immunize by embedding new normal/abnormal patterns in decision-making engines
Technology that augments the four core elements
Using historical behaviour mapping and analysis, self-defence systems should make real-time recommendations for action to be taken in response to an external ‘abnormal’ event. This is also commonly defined as adaptive machine learning, which would involve:
In addition, artificial intelligence should enable autonomous system remediation and acclimatizing of new patterns by:
In summary, the next frontier of cyber security solutions will most probably be self-defence systems that continuously find, respond to and recover from new threats. This type of system will reduce the risk of attack significantly; more important, it will reduce the attractiveness of an organization as a hacking target for threat actors.