Cybersecurity’s Perception Problem
You see a man’s silhouette from a distance. He is medium height, average build and wearing a baseball cap. Is this person good or bad? A malicious actor or an average Joe?
Impossible to tell, right?
And yet this is exactly how cybersecurity tools view things today, and it is why so many attacks are missed while simultaneously throwing up innumerable false alerts that overwhelm cyber-operation centers. While many tools might purport to protect the enterprise, they all look at activity on a single device and look for patterns within that device, and this approach is failing more and more each year. Using historical patterns of activity, these options attempt to elucidate if that silhouette is good or bad by looking really hard at things in isolation.
Given that our brains are quantum computers and we cannot accomplish this task, how can cybersecurity ever succeed?
Behaviors, Not Profiles
Let’s revisit our mystery person and now watch for actions. If that person turns and breaks into a car, starts shouting obscenities or goes to beat somebody up, then he’s a bad guy. If, on the other hand, that person waves hello, helps an old lady across the street or asks how you are doing, then he’s a good guy.
The difference is communications, external actions or something that person does to denote good or bad intent. It is that intent that is the critical missing piece in cybersecurity and the lack of proper perception that is holding back the industry.