In my last article, I introduced you to deception networks. This is a next-generation tool that lets you alert on potential malicious activity while protecting your enterprise and capturing forensic evidence at the same time. Over the course of four articles, I’m going to help you deploy a next generation – true AI and machine learning – security stack that will let you do three really nice things. Remember that the specific tools I am using as examples may not be the only ones available. They simply are the staples in my lab and I have up to three years (depending upon the tool) working with them. Focus as much (or more if you wish) on the functionality as you do the specific tool.
First, the total cost of the toolset I am recommending will be less in many cases than a much larger set of tools of the type upon which we’ve learned over the years to depend. The story here is that you can spend more money but you likely won’t do the job any better or, in some cases, as well.
Second – and this is very important in today’s environment of not enough security specialists – once you’re up and running with these tools, their care and feeding is almost nil. These tools – especially the deception network from last time and the one we’re about to discuss – learn and configure themselves on the fly so you don’t have to. They also minimize false positives, the bane of most SOC engineers’ existence.
Last, as I mentioned last time we are rapidly approaching a time when humans cannot react fast enough to defend against the adversary’s next-generation weapons. It takes good AI to defend against an AI attacker. These are three very good reasons to think about cyber defense in next-generation terms: cost, manpower and competitive (with the adversary) power.
For this article, I will introduce you to a true AI system that can work closely with your deception network. If you haven’t got a deception network yet – perhaps you depend upon a SIEM and/or next-generation firewalls – this approach will be a real force multiplier for you. Remember that term: “force multiplier”. This occurs when the pieces of your toolset work well together to give you the answers and protection you need in whatever situation in which you find yourself; the result exceeding the sum of the parts. This is a military term and it certainly fits here; we all are fighting a cyber war and the adversary is skilled, well-funded and persistent.