I still remember buying Norton antivirus CD for $19.99 waiting in line at CompUSA store back in those days asking the tech whether the virus scan will improve my x.486 PC’s performance. Six months ago, I oversaw the development of machine learning algorithm that applies predictive analytics on cybersecurity threats based on the patterns in network spoofing. While I notice a shift in the mindset on how to cope up with the never-ending race against cybersecurity, the innovation is moving at a blazing speed in this area. In this following article, I would love to take you through the journey of cybersecurity evolving from reactive to proactive and now to predictive nature.
The original Anti-Virus scanning (AV) used to be a reactive way of addressing the problem of cybersecurity by adding more libraries based on the newly discovered viruses. We used to connect Norton center downloading latest virus updates. Later the AV evolved as next generation AV, where the threats are analyzed with AI/ML predictive analytics algorithms. In the meantime, there were several other techniques introduced like App containerization, that allows monitoring of applications in a sandbox environment and apply necessary fixes in that environment to mitigate the risk. The introduction of Threat Intelligence made a significant impact in the cybersecurity maturity where the programs track the Operating System (OS) events, check the file names, commands and continuously look at patterns.
The Threat Intelligence brought the Behavior Based analysis to further augment the predictive analysis where the programs or agents check the processes, network connections, file/registry changes and overall patterns in malicious activities. Threat Intelligence with Behavior Based analysis is proven to be the most promising organizational readiness activity for cybersecurity preparedness. The In Memory Analysis is another advanced technique where it looks at the processes running in memory for insider attacks, new malware and file less states. This evolution from Anti-Virus scanning which was a signature based reactive scanning to Behavior Based predictive analysis took more than two decades and I travelled with it in my professional career.
Unfortunately, the amount of innovation in the good world is dominated by the bad world and threat actors come with multi vector attacks by taking systems as hostages causing so much pain to all of us. For a major corporation to recover from a cyber-attack may take more than six months and some may not even survive based on the magnitude of the attack.