Fighting Cybercrime with Machine LearningBy Jan Hogewoning | Thu, 10/29/2020 - 09:41
Q: You offer solutions for internal and external threats. Why is this distinction needed?
A: This is a conceptual separation that allows us to explain what different solutions do and what mediums are used to carry them out. On the one side, there is the internal threat. This has to do with cybersecurity threats related to the internal workings of the company, which can be either against an employee or carried out by an employee. The second is the external threat, which are attacks on channels outside the company, primarily e-commerce channels, online bank channels or a physical company branch, like a shop or an ATM.
Q: How do your solutions employ artificial intelligence to prevent or react to a cyberattack?
A: From the beginning, we have distributed security software that offers more than the traditional solution. In general, we are distributors of existing software but we also have certain solutions of which we are the owners. Our slogan is “cognitive security,” because all our solutions are based on analysis of digital behavior of employees or clients, whether individual or group, to see if there are anomalies compared to a set of parameters that establish normal behavior. The information used can be classified in two types: sensitive information, which basically reveals the person’s identity, and nonsensitive information, which is metadata of activity. We have solutions that use both but we prefer to manage metadata because it causes fewer difficulties when implementing a system, especially in the regulatory area. Metadata is enough in most situations.
Q: Can you provide an example of how you study behavior using metadata?
A: Let us say an employee receives a phishing email. It has a link but also an attachment. First, our software can see what laptop the individual is using, what operating system, the language and the serial number of different components in the device. It can see when the person logged in, when the email was opened, the title and sender of the email and the language of the email. If the person clicks on the link, the software can read the title of the new page that is opened. If a document is downloaded, the software can see if any programs start running and what type of program it is, in addition to any other lateral activity. In real time, our software is registering and creating a record of the activity, what we call a “life line.” If we detect abnormalities in an early phase of this life line, action can be taken to stop any damage from being done.
Q: How do your solutions see whether an employee is trying to steal information?
A: By having visibility over time, we can detect a pattern that indicates fraudulent or negligent behavior. This includes employees aiming to steal confidential information. They normally prepare for this over days, weeks or months and our software can intercept signs that this will happen. For example, if the employee starts opening directories with confidential information or manages volumes of data larger than their daily or monthly average, we will know about it. They may be converting the info to images or PDF documents. The pattern of events is detected by our software, allowing us to identify the culprit.
Q: What machine learning models are you using for cognitive solutions?
A: Most are deep learning models that do not need prior training to perform detection. The model will start with certain parameters of behavior and over time it actually learns and will update the parameters to better detect cyberattacks. The parameters also depend on the employee profiles. What they do in the company impacts how their behavior is evaluated.
Q: What extra challenge has the widespread shift to remote work meant for your solutions?
A: It is definitely harder for companies to assure safe remote connections. They are more exposed and have less control. Companies have to discover new ways to implement controls and ensure security. Our solutions, however, are equally effective whether the users are working in the office or outside, although they do require different configurations that are more complex in the case of remote work.
One solution we are promoting is to ensure a safe VPN connection. VPNs are traditionally very insecure, because both authentication and access control are in the same place. If someone gets the credentials for your VPN, they can have access to your company. Our solution offers two caps that separate authentication and access based on a zero-trust model.
Q: How important are good employee practices in countering cyberthreats?
A: Good practices are fundamental. If an employee opens a phishing link, any perimeter will be useless to stop the malware. This is why employees are the last line of defense for companies. This is why awareness is vital, not just about phishing but also malware, safe passwords, use of public Wi-Fi, and standards such as PCI and GDPR. Raising awareness among employees is not costly for a company but it offers a high return on investment. Unfortunately, it is still the most neglected factor in cybersecurity. The best approach is to have several talks a year in combination with simulations of social engineering, phishing and other types of attacks that will allow you to see if employees fall for it.
Q: How do clients get access to your analyses?
A: Every client has a console where they can access the activity in real time. This is also important for forensic purposes. Our solutions save the security analyst a lot of work because they no longer need to reconstruct histories themselves. Our software reduces false positive cases significantly. Often it goes down to zero.
Q: Where do you see an opportunity for attracting new clients?
A: The financial sector has always invested the most in cybersecurity. Most of our clients are there. However, the pandemic has led to many companies becoming more aware of cyberthreats. We also have clients in retail, e-commerce and energy. E-commerce has grown a great deal in the last few months and with it the incidence of fraud. We ask e-commerce companies to tell us how many accounts get created on their platforms that are not actually humans but bots or individuals using data from stolen bank cards. In most cases, they do not know. That is where our cognitive solutions can be very effective.
Kiara Tech is a cybersecurity company that specializes in offering solutions that use machine learning to detect cybercrime. Its primary clients are in the financial sector, followed by retail and e-commerce