Why are so many cyber attacks successful? Companies dedicate significant resources to cybersecurity—buying, deploying and managing an array of tools in a layered defense ostensibly designed to detect and thwart attacks. Despite all of the money and effort poured into cybersecurity, though, businesses around the world fall prey to cyber attacks every day. Why is that?
Armorblox thinks it can answer that question—and it believes it can help companies address the problem. According to Armorblox, it comes down to understanding. Firewalls, antimalware tools, intrusion detection systems and other cybersecurity point solutions are all relatively good at doing a specific task, but they have a narrow view of what is or is not a threat.
Not Everything Is a Nail
Abraham Maslow came up with a phrase in 1966 for his book “The Psychology of Science” that seems like a good way to characterize most cybersecurity tools. He explained, “I remember seeing an elaborate and complicated automatic washing machine for automobiles that did a beautiful job of washing them. But it could do only that, and everything else that got into its clutches was treated as if it were an automobile to be washed. I suppose it is tempting, if the only tool you have is a hammer, to treat everything as if it were a nail.”
A firewall is designed to enforce rules that define what traffic is—or is not—allowed into or out of a network or device. In its pure form, it does not understand exploits or viruses. Just the rules it is given. An antimalware solution is designed to monitor traffic and activity and compare what it sees against what it knows about existing threats to detect malware. It does not understand whether a given user is allowed to access a specific system or application. Each cybersecurity tool is a “hammer” that understands how to protect against a specific set of “nails”.
There Is No Spoon
When it comes to the threat landscape organizations face today, I prefer to quote The Matrix rather than Maslow: “Do not try and bend the spoon. That’s impossible. Instead, only try to realize the truth…there is no spoon.”
I have noted for years that there seems to be a disconnect between cybersecurity tools and actual security. The anecdote I frequently use is that my mother-in-law always makes sure her antimalware software is operational and up to date with all of the latest signatures—and yet somehow is frequently infected or compromised by malware threats. Meanwhile, I often don’t run any antimalware solution at all, and manage to never get infected.
In my mind, the difference comes down to understanding. She has a tool that is designed to do a specific thing, and she relies on that tool to protect her. That “hammer” only recognizes “nails”, though—and neither she nor the antimalware tool are capable of seeing beyond the proverbial nails. I, on the other hand, understand “there is no spoon.” I am not looking for specific threats or indicators or compromise, but instead view the computer and my interaction with it more holistically—with a broader understanding of what is, or may be, a threat.
Raising the Cybersecurity Bar with NLP
I don’t know if the people at Armorblox would agree with my Maslow and Matrix references, or how I’ve characterized understanding—but understanding is precisely what they are proposing to bring to the table for cybersecurity.
I had an opportunity to speak with Dhananjay Sampath, co-founder & CEO of Armorblox. He explained, that Armorblox uses natural language processing (NLP) to bring a new signal to the cybersecurity stack, which they have dubbed natural language understanding—or NLU. By using machine learning to analyze and recognize the way we communicate, Armorblox can ostensibly see beyond predefined rules, signatures, and indicators or compromise to inspect the text content of everything.
“Most organizations spend substantial sums of money each year on an assortment of products to help secure their networks and data,” said Garrett Bekker, Principal Analyst at 451 Research in an Armorblox press release. “Yet, the benefit of that spending can be neutralized by social engineering and phishing attacks that can bypass those network and data security products. However, new advances in analytics, such as natural language understanding, can supplement existing security techniques and capabilities by providing visibility into sensitive information flowing across communications, such as email, messages and documents, and thus provides a new layer of protection against common attacks.”
How do we get entire companies from Maslow to The Matrix, from “nails” to “spoons”? Understanding. Armorblox believes it has a solution that can bring that understanding to cybersecurity by using NLU. Time will tell if that approach raises the bar and provides better protection or not.