Written by Richard Li, Senior Sales Engineer at Carbon Black
I love watching movies because I can relate almost anything that happens in real life back to the movies I’ve watched. Let me give you an example. Last week, I did a presentation at “Security Days Tokyo 2018,” and I used a series of Star Wars analogies to describe a series of cyber-attacks ranging from targeted attacks to non-malware attacks to AI-based attacks and even to describe Next Generation Antivirus (NGAV). I have to say, the Star Wars analogies were well received.
Today, attackers are becoming smarter; they are very targeted, and they hide well and deep within an organisation. To the point where it is almost impossible for most of the legacy AV security solutions to detect malicious behaviour and some malware is so sophisticated that it will not operate if the security solution tries to detonate it in a sandbox; it will only function when it lands on a certain endpoint in a certain environment.
Attackers have also learned that if they manipulate the known legitimate applications, such as PowerShell, they will have a better chance of achieving their goals without being detected and blocked. These attacks, known as non-malware attacks, are increasing rapidly in their proliferation.
Now back to Star Wars and my analogies. Let’s first think about the senator Palpatine (also known as Darth Sidious and The Emperor, and for any fans of the film you will know that he was one of the primary antagonists in Star Wars). After watching the full series of movies, we know who he really was, however, he was hiding so successfully and deeply in the system that even the Jedi failed to detect his true character. Palpatine was also very targeted, when he sensed the vulnerability of the young Darth Vader, Anakin Skywalker, he started to manipulate and exploit Skywalker while not triggering any alerts.
In this case, Skywalker is PowerShell, the known-good application. We see the whole process of his fall, and we know that even the “known-good” can be manipulated and used by the bad and the damage it can cause.
We are hearing more frequently about artificial intelligence (AI) in many industries. AI sounds like a magical word, as the solution to every problem. Although AI might solve many problems in the future, we know it’s not the cure-all yet, especially when fighting the quickly evolving “darkside.”
Robots, C-3PO and R2D2, in Star Wars are a perfect example of the AI. They might be very loyal, smart and helpful, but can you count on them to fight the darkside? I mean, even Master Yoda failed to stop the Sith lords(i.e. the badies) given how sly these bad guys were.
After my presentation which I hasten to add, as well as having a lot of Star Wars analogies also talked about Carbon Black’s streaming prevention technology, a prospect approached me and asked “So who do you think is doing the streaming prevention in Star Wars then?”
Hmmm, that got me thinking and is a really good question.
For those less familiar, Carbon Black uses streaming prevention to detect and prevent attacks. The sensor monitors and collects all of the data about processes running on the endpoint. Its big-data analytics engine will then correlate the processes and analyse. Streaming prevention does not only analyse files, but the behaviour and relationships of all the processes. That’s how we connect the dots and get a better understanding of what’s happening on the endpoint, and that’s why we can more accurately detect and prevent the attacks than other solutions.
So back to the question. My response was that it is the audience who’s watching the movie, who have the visibility into the actions (and even the psychological state) of all the characters in the movie. We get to know who’s good, who’s bad, and what’s about to happen while following the story and this translates almost perfectly into “monitoring and analysing the stream” in streaming prevention. Hopefully you get where I am coming from and you can see how streaming prevention helps organisations to defend against the darkside.
So all that is left for me to say is ‘May the Force be with you’. And for those readers who are not Star Wars fans this phrase was often used as individuals parted ways and went off to face an impending challenge!