Our Top 5 Cybersecurity Insights from 2019

Loknath Das

Can you believe it? The end of the decade. And what an amazing decade of technological advancements it was!

But with every advancement in tech, threat actors were there to hack it. The plight of cybersecurity professionals became front-page news this year as attackers monetized unprotected datasets at scale.

This year alone the data breach costs were $3.92 million on average with 25,000 records breached per attack.

It’s become a war of innovation with security tools becoming more sophisticated every day due in large part to advancements in Artificial Intelligence. But for every advancement, the cybercriminals are never far behind.

This year on the MixMode blog, we have covered headline stories, analyzed every pain point within network security, and shared what we believe to be some of the most innovative solutions to help you analyze network traffic, surface threats and anomalies, and stop attacks using autonomous AI.

Here is a roundup of what we believe are our top 5 cybersecurity articles from 2019 – and the key insights from each.

1. Unsupervised AI as a Service: Predictive Intelligence for Cybersecurity

In this blog, MixMode CEO, John Keister shares why the cybersecurity industry is in need of a massive shakeup and how AI in Network Security is ripe for disruption in this article from September.

There are two leading problems in security today:

  1. With the proliferation of rules-based software platforms and point solutions, there has come an exponential increase in false positive security alerts.
  2. Zero-day threats are on the rise and can only be caught with predictive intelligence.

So how has MixMode set out to reduce the noise and deliver predictive intelligence to the industry? Read more here to find out.

2. How to Leverage AWS Cloudtrail for Cybersecurity

In July, improperly secured Amazon cloud storage was at the heart of the brazen theft of 30 GB of credit application data by a single suspect. About 100 million people in the US and 6 million in Canada were affected when the attackers allegedly gained unauthorized access to a rented cloud data server.

Among the data exposed in the course of the data theft were some 140,000 Social Security numbers, 80,000 bank account numbers, and 1 million Canadian Social Insurance Numbers.

In this article from October, MixMode Director of Client Success, Russell Gray, explains that the challenge with utilizing CloudTrail for cybersecurity is twofold.

First, the tool logs every call into your AWS accounts so logging can be quite voluminous. In fact, one resource places the signal to noise ratio of CloudTrail event to be about 1:25,000.

Second, the logs produced are not susceptible to traditional security detection via intelligence feeds, attack signatures or hash values. As such it can be difficult to know parse potential threats from normal behaviors.

Russell goes into detail on why CloudTrail matters for security and MixMode’s approach to CloudTrail security monitoring and detection here.

3. How Creating A Network Baseline Improves Your Security Posture

We closed out 2019 with a three-part series on creating baselines of network behavior to improve your security stance. MixMode CTO and Chief Scientist, Igor Mezic, shared his AI knowledge on:

  1. What are network baselines and why do they matter?
  2. How to create a baseline for your network
  3. How to use your baseline for network security

What is a real network baseline? How does it work? And, why is it vital to stopping zero-day attacks? These questions can help you choose the right security provider, by properly vetting their system for true baseline development through Unsupervised Learning, not just empty words touting Artificial Intelligence-enabled monitoring.

Bonus: if you are super into geeking out about computational capacity and Unsupervised AI decision making, also check out this blog on how MixMode uses heatmaps to build network baselines.

MixMode Whitepaper

4. Unsupervised AI – AI for Complex Network Security

In October we were honored to have Dr. Peter Stephenson, technical editor for SC Magazine and digital forensics expert, take a deep dive into the most recent progress in Wave-3 (Unsupervised) AI, detail its strengths in cybersecurity, and how MixMode utilizes Unsupervised AI to protect against zero-day attacks.

Companies seeking to advance their technological defenses beyond the level of their adversaries can still keep a safe distance ahead by training their systems with Wave-3 AI, according to Dr. Stephenson. He states that, “For now and for the future – which is coming rapidly – Wave 3 unsupervised learning AI is a necessity.”

5. Solving Industry Problems with Autonomous AI

While we shared research, thought leadership, and trends that shaped the cybersecurity industry this year, we also dug in and partnered with existing clients to share case studies on how MixMode is making predictive threat detection, zero-day attack identification, and alert reduction possible.

Check out any one of these pieces for detailed case studies on how MixMode is solving industry problems with Autonomous AI:

MixMode AI Detects Attack not Found on Threat Intel

In October, 2019 a MixMode customer experienced an incident where an external entity attacked a web server located in their DMZ, compromised it, and then pivoted internally through the DMZ to attempt access of a customer database. While the attacker was successful in penetrating the customer’s network, MixMode was able to detect the event before they were successful in penetrating the customer database.

The Evolution of “Next-Generation” Manufacturing and the Need for Network Security

A comprehensive look at how third-wave AI is improving modern network security across connected manufacturing networks and beyond.

Featured MixMode Client Success Story: HighCastle Cybersecurity

Using MixMode as its continuous monitoring tool, HighCastle keeps its fingers on the pulse of what’s happening across the client’s entire infrastructure. The company has largely eliminated chasing false positives–it no longer spends hours and days trying to understand the client’s vulnerabilities to determine the best course of action.

[“source=securityboulevard”]