Is there any doubt that cyber crooks will soon use artificial intelligence (AI) to design more sophisticated and malevolent social engineering assaults?
For a growing number of cybersecurity developers, preparations have begun to fight fire with fire, mounting defenses against AI-based malware and network intrusions with AI-inspired solutions.
Simply put, it's time for business risk management to meet security predictive analytics.
One route to repel future attacks leverages sophisticated AI algorithms built on data from prior break-ins. A new path, which banks on predictive analytics to determine how or where a breach is most likely to hit, describes startup Balbix.
Balbix: Sensors, Machine Learning Measure Enterprise Risk
The company has just emerged from stealth mode with $8.6 million from Mayfield’s venture capital fund, sporting a predictive breach-risk platform that uses sensors and a machine learning model to measure an enterprise's risk and resilience across devices, users and apps in its extended network along with prescribing mitigations.
Balbix has tailored the platform for CISOs and CIOs and hasn’t yet indicated if security-centric channel partners are in its sales mix, but the platform obviously presents an attractive concept for MSSPs.
“The thesis behind Balbix is simple— the attack surface of the enterprise is massive and growing, with hundreds of ways that the network can be compromised,” said company founder and CEO Gaurav Banga in a blog post.
Banga previously co-founded and served as endpoint security company Bromium’s CEO from 2010 to 2015, beginning work on Balbix 18 months ago with this in mind:
“If only we could proactively and comprehensively understand the enterprise attack surface, measure it, then we could validate our defenses, prioritize and pick mitigations, and limit the impact of attacks. We might even get ahead of the adversary."
Balbix: A Closer Look
Here's how Balbix’s technology works:
- A network of specialized sensors is deployed across an enterprise that continuously monitors all devices, apps and users to assess attack methods and the business impact. A machine-learning model subsequently analyzes the resulting data to predict breach risk, the enterprise’s cyber-resilience--its ability to limit the impact of security incidents--and prioritizes mitigations.
Specific features include:
- Comprehensive risk heat-map that automatically monitors and analyzes the enterprise network 24/7/365 across hundreds of attack vectors.
- Predictive risk analytics to predict breach scenarios by analyzing risk factors such as user clickthrough behavior that can indicated a high phishing risk.
- Measurements to calculate the effectiveness of security mitigations already implemented and help prioritize planned security projects.
Balbix made three additional points to support its business proposition. First, it called attention to its recent study of 600 business respondents in which almost all said they worry about the rapidly expanding attack surface and 520 said they fret about lateral movement by attackers. Both of those responses are in Balbix’s wheelhouse.
Secondly, the company said that proactively identifying risk and thwarting an attack's spread makes good business sense because it delivers high value for a company’s security spend.
And, thirdly, it referenced a March, 2017 Gartner report in which the researcher forecast that the market for integrated risk management solutions will nearly double to $7.3 billion in the next three years.