Intelligent CISO Issue 11 | Page 74

USING DEEP LEARNING TO IMPROVE YOUR SECURITY POSTURE With new cyberthreats constantly emerging, CISOs and their teams need to utilise all the tools available to keep their enterprises secure. Harish Chib, Vice President – Middle East and Africa, Sophos, explains why organisations need an additional layer of Deep Learning enabled endpoint detection and response (EDR) tools to improve their security posture. C ybercrime is big business and hackers are continually looking for new attack vectors. The SophosLabs team sees 400,000 new malicious samples every day; this does not mean 400,000 programmers writing code. It means heavily automated systems. The result is bespoke malware – a virus written just for you. With that reality, the best line of defence is to use a multi- layered security strategy to work to protect organisations against both known and unknown threats. The best endpoint technologies will protect organisations against the majority of malware and threats impacting their organisation. But as the threat landscape evolves and cybercriminals continue to morph 74 attacks and work to find new security holes to access organisations, the unknown minority becomes important. Endpoint detection and response tools are about detecting that minority. EDR tools are built to supplement endpoint security with increased detection, investigation and response capabilities. Harish Chib, Vice President – Middle East and Africa, Sophos EDR helps in generating a clear view of an organisation’s security posture However, EDR tools can make it difficult to understand how exactly they can be used and why they are needed. Making matters worse, today’s EDR solutions often struggle to provide value for many organisations as they can be difficult to use, lack sufficient protection capabilities and are resource intensive. The hardest question for most IT and security teams is ‘are we secure right now?’ This is because most networks have sizable blind spots that make IT and security teams struggle to see what is going on inside their environments. Lack of visibility is the primary reason why organisations struggle to understand the scope and impact of attacks. The good news is Deep Learning enabled EDR tools provide the easiest way for organisations to answer the tough questions about security incidents. Here are the ways that Deep Learning enabled EDR tools help organisations to add an additional layer to their security posture. This often manifests itself when an incident occurs and the team assumes they are safe because that incident was detected. Deep Learning enabled EDR provides this additional insight as well as determines if other machines were impacted. Issue 11 | www.intelligentciso.com