USING DEEP LEARNING
TO IMPROVE YOUR
SECURITY POSTURE
With new cyberthreats constantly emerging, CISOs and their
teams need to utilise all the tools available to keep their
enterprises secure. Harish Chib, Vice President – Middle
East and Africa, Sophos, explains why organisations need an
additional layer of Deep Learning enabled endpoint detection
and response (EDR) tools to improve their security posture.
C
ybercrime is big
business and
hackers are
continually looking
for new attack
vectors. The
SophosLabs team
sees 400,000 new malicious samples
every day; this does not mean 400,000
programmers writing code.
It means heavily automated systems.
The result is bespoke malware – a virus
written just for you. With that reality, the
best line of defence is to use a multi-
layered security strategy to work to
protect organisations against both known
and unknown threats.
The best endpoint technologies
will protect organisations against
the majority of malware and threats
impacting their organisation. But as
the threat landscape evolves and
cybercriminals continue to morph
74
attacks and work to find new security
holes to access organisations, the
unknown minority becomes important.
Endpoint detection and response tools
are about detecting that minority. EDR
tools are built to supplement endpoint
security with increased detection,
investigation and response capabilities.
Harish Chib, Vice President – Middle East
and Africa, Sophos
EDR helps in generating a
clear view of an organisation’s
security posture
However, EDR tools can make it difficult
to understand how exactly they can
be used and why they are needed.
Making matters worse, today’s EDR
solutions often struggle to provide value
for many organisations as they can be
difficult to use, lack sufficient protection
capabilities and are resource intensive. The hardest question for most IT
and security teams is ‘are we secure
right now?’ This is because most
networks have sizable blind spots that
make IT and security teams struggle
to see what is going on inside their
environments. Lack of visibility is the
primary reason why organisations
struggle to understand the scope and
impact of attacks.
The good news is Deep Learning enabled
EDR tools provide the easiest way
for organisations to answer the tough
questions about security incidents. Here
are the ways that Deep Learning enabled
EDR tools help organisations to add an
additional layer to their security posture. This often manifests itself when
an incident occurs and the team
assumes they are safe because that
incident was detected. Deep Learning
enabled EDR provides this additional
insight as well as determines if other
machines were impacted.
Issue 11
|
www.intelligentciso.com