Liran Tancman is the CEO of CyActive, a predictive cyber security company. In this interview he talks about fighting malware, emerging threats, artificial intelligence and the cloud.
Why is fighting malware today an expensive and time-consuming endeavor?
The current cyber security paradigm is a reactive cycle: if and when a threat is exposed, it is analyzed and a counter- solution is designed. Response times vary from weeks to years. Even if a solution is made available, attackers can easily modify the original code, evade the updated security measures, and continue from where they left off. Attackers keep adapting to the evolving defenses, despite the significant efforts exerted by cyber defenders in both enterprise and the cyber security vendor community.
This reactive paradigm creates an asymmetric relationship, whereby hackers have the unfair advantage: ‘recycling’ malware for reuse is quick and cheap, while fighting malware is time-consuming and expensive. The mind-boggling fact is that for every dollar spent by black-hat hackers, hundreds of dollars are spent by the IT security industry. This economic imbalance is the springboard from which cyber-crime, cyber-terrorism and cyber-warfare are launched. So we’re constantly dealing with more and more variants of more and more sophisticated malware, in more and more targets – hence it’s become an expensive, time-consuming, and clearly unsustainable endeavor.
As the infosec industry manages to mitigate certain threats, new ones emerge instantly. Will we ever be able to get ahead in this race?
As I noted before, one of the main reasons that threats are constantly and instantly emerging, is that they are quite easy and cost-effective to create by reusing components from other malware. Therefore, the first step needed to exit this cat and mouse race is to start thinking like attackers, and aim to proactively predict their actions, rather than just react to them.
Can we expect there to be a stronger artificial intelligence (AI) component in future computer security products?
Once the paradigm shifts from thinking like a defender to thinking like a hacker, a strong AI component comes into play, since the goal here is simulating the ways that hackers think and operate. It makes sense if you think about it: If the cyclical nature of the ecosystem is a given, and reinventing a whole attack chain is practically impossible, if only from an economical perspective, why not use that to our advantage?
Using these AI capabilities is good news for the industry, since it makes developing new malware much more complicated and expensive. By forcing attackers to reinvent themselves each time they plan to attack, defenders will have the opportunity to gain more control of the cyber field.
How is the cloud enabling the next generation of anti-malware solutions?
Cloud actually provides both an advantage and a disadvantage. On the one hand, the attack surface is reduced significantly when architecting the organization’s security around a centralized source; on the other, this centralized source becomes the prime asset for a targeted attack, facilitated by multi-location connections of varying security levels. Technically speaking, it is dependent on the technology of the cloud. In the case of virtual environments, leveraging the capabilities of the hypervisor for security can enable detection of rootkits, which is much harder when running inside the OS. The use of a template makes it easier to create a baseline, deploy security measures and return to the previous state of the machine. In addition, the constant comparison of different VM’s run on the same hardware base can easily detect anomalies in some of them. On the other hand there are security risks regarding the cloud, such as the identity of those who can access private information, which needs to be considered.