With the heavy stresses currently befalling the cybersecurity industry, many are looking to both human and machine-driven responses. Perception Point – a prevention-as-a-service company – recently launched their Web Security Solution, staking their stance on the resolution.
The company’s CTO, Tal Zamir, shared his insight with SDxCentral on how their service uses both ML and incident response teams to alleviate the workforce’s fatigue while still ensuring secure responses to increasing threats.
While machine learning (ML) has become an apt tool in cyberattack detection and remediation, Zamir says hackers are adapting quickly to navigate around ML’s current abilities.
“Cybercriminals are becoming more sophisticated in their tactics and generating ever more complex and advanced offensive capabilities,” he said.
“The stark reality of the cybersecurity industry is the offense-defense imbalance – attackers will always aim to stay ahead of defense solutions, and at its current level, ML-based technology alone is unable to handle some of the more sophisticated cyberattacks,” Zamir explained.
This is when incident response teams are needed to remediate breaches slipping past ML detection. Zamir believes to fully service SOC teams, the defense technology must “be constantly refreshing its capabilities and to be trained in as wide a range of offensive techniques as possible.”
Post-Pandemic Prevention
Since the pandemic gave businesses an extra push into the online work epoch, the increase of vulnerable information going digital has not gone unseen, with cyberattacks doubling in the last year.
“The hybrid work era has driven enterprises to adopt a range of modern SaaS tools – many of which are cloud-based – including email, collaboration tools, and storage to solve various issues that come with the decentralized workspace,” Zamir explained.
Perception Point’s threat prevention service is cloud-native, designed to interoperate with cloud-based apps via APIs so that “advanced security can be embedded into web browsers commonly used by enterprises,” he said.
While Zamir touts Perception Point’s free, around-the-clock incident response team to manage and remedy incidents beyond ML detection, he believes the service complements overworked cybersecurity teams – even reducing the needed mitigation time for web-borne attacks “by up to 75%,” according to their release.
Layers of Threat Prevention, Remediation
“Our platform recursively unpacks every piece of content and rapidly scans all text, files and URLs with multiple advanced detection engines,” Zamir said.
Using AI-based image recognition capabilities, the service identifies impersonation techniques, scanning logos inside emails, QR code information, and applying optical character recognition (OCR) — including the option to record login pages to protect against phishing attempts.
Another one of Perception Point’s detection capabilities comes in the form of its Hardware-assisted Platform (HAP).
“This is a next-gen sandbox engine that is composed of software algorithms using CPU-level data to access the entire execution flow, right from the processor, to deterministically intercept any type of advanced attack on both Windows and macOS environments,” Zamir explained.
This provides detection against “malicious code execution in scripts and executable files, zero-day and N-day vulnerabilities, logical bugs, next-gen exploitations, ATO [Authorization to Operate] and more,” he continued.
“Bad actors take advantage of crisis and uncertainty, and it is likely that threat actors may exploit cutbacks and the vulnerabilities that these will present,” Zamir said. “In the long run, solutions that harness the potential of ML to reduce SOC workload will be the most cost effective for organizations.”
This article first appeared in SDxCentral on July 28, 2022.