One effect of the improving ability of security defenses to detect malicious files has been the adversaries’ switch from malware to social engineering and fileless attacks. It is an example of ‘human reasoning’, the ability to change tactics to defeat new defenses.
Pleasanton, Calif-based SlashNext believes that only human reasoning defenses can keep up with human reasoning attackers. It has launched a new product based on cognitive computing rather than supervised machine-learning. Called the Internet Access Protection System (IAPS), it is, says SlashNext CEO and founder Atif Mushtaq, “the industry’s first security solution that uses the power of cognitive computing to detect advanced cyberattacks in the same way that humans do — except without human limits and without human errors.”
Rather than using malware signatures or sandboxes and behavioral analysis to detect malware, IAPS uses its own cognitive computing engine called Progressive Learning to detect attacks. It uses a protocol centric approach that works independent of OS or end-point device, and concentrates on the one single common factor for (almost) all cyberattacks: the internet access point. In this way, it is unconcerned whether it is phishing, or malware or fileless — it aims to detect all attacks.
Doing so requires a new approach. While machine learning proved effective against many new variants of malware, it cannot detect new malware with previously unseen behaviors that do not match its pre-coded algorithms. SlashNext’s new approach is to use cognitive computing — which is designed to use computer processing power in a manner that mimics human intelligence.
The cloud-based Progressive Learning technology is capable of analyzing gigabits of internet-bound traffic in real time to detect indicators of compromise (IOCs). The IOCs are passed to a set of reasoning engines that behave like human researchers to determine whether they are malicious or not malicious. The result is fed back into the system as part of the peer-to-peer learning process that gives the system its self-teaching capability.
Sensors are deployed at all network egress points. They are simply installed and require neither configuration nor tweaking since all the heavy-lifting is done by Progressive Learning in the cloud. IAPS blocks malicious activity in real-time, prevents data exfiltration and stops machines accessing malicious sites. The concept is similar to having a team of expert threat hunters watching all traffic and analyzing it in real time. Just as human experts get more proficient with experience, so does IAPS understand changing adversary tactics as they evolve.
“The last few years have seen an explosion of social engineering attacks that don’t rely on malware or exploits to penetrate defenses. That’s left businesses urgently in need of an innovative new approach to security that goes far beyond the sandbox,” said Gaurav Garg, Founding Partner of Wing Venture Capital. “By harnessing the power of cognitive computing in its IAPS, SlashNext is taking cyber defense to a completely new level.”
SlashNext was founded by Asif Mushtaq in 2014. Mushtaq previously spent 9 years as a senior scientist for FireEye, where he was the lead architect of FireEye’s core malware detection system. SlashNext received $9 million in Series A funding in April 2017 from Norwest Venture Partners and Wing Venture Capital. IAPS is available now as a subscription service either direct from SlashNext or via a VAR.
Related: Threat Hunting with Machine Learning, AI, and Cognitive Computing
Related: IBM’s Watson Aims its Power at Security Operations Centers