Pick your publication – industry, business or mainstream media – and you’ll see article after article on cyberattacks from just the past 30 days. Annual analysis from groups as varied as tech giant Cisco to the non-profit Identity Theft Resource Center (ITRC) all tell the same tale: successful cyberattacks are increasing in severity and sheer volume.
Just this past week, WIRED magazine published a report on a new form of super-stealthy attacks – so called “fileless” malware – that are difficult to detect and even more difficult to defend against.
The common element in all of these news items and research reports is the fact we continue to rely almost exclusively on heuristics to defend against malicious attacks. And the common (often fatal) flaw with all heuristics-based security approaches is false positives.
By definition, heuristics are inaccurate. The term literally means to discover through a means not guaranteed to be optimal or perfect. In other words, an educated guess – but a still a guess.
Wonder why so many cyberattacks are successful?
By and large, it’s because we rely too much on heuristics since that was generally the only approach available. No more.
Moving cybersecurity into an application’s runtime and using virtualization techniques produces no false positives. Instead of guessing if a transaction is an attack using heuristics, virtualization allows you to see each transaction in real-time and determine if it is a legitimate transaction. Without code changes, tuning or performance degrading instruments.
There’s a much longer technical explanation available as to why it’s possible, but suffice it to say, no false positives is a bold claim – one backed-up by science and more than 18 months of production at scale. It’s also a claim that now comes with a guarantee.
The idea for the guarantee came from a conversation with an analyst who asked, rather matter-of-factly, something to the effect “Wouldn’t it be great if an application security company guaranteed their work – but none do.”
From that germ of an idea comes the Waratek $10,000 No False Positive Guarantee. If a customer experiences a false positive, we will credit them $10,000 per unique event.
The Ponemon Institute reports that the average enterprise spends $25,000 (USD) each week to investigate just four percent (4%) of the false alarms generated by cybersecurity tools. Ending false positives not only protects your applications, it protects your bottom line.
James E. Lee is the Executive Vice President and Chief Marketing Officer of Waratek Inc. He’s a former Chairman of the Board of the ITRC and two ANSI projects related to data protection and privacy. He’s at the 2017 RSA this week. Go see him in the North Hall, Booth #3015.