MSSPs and A.I. - The only hope in protecting from Zero-Day Threats

By Spencer Starkey, VP EMEA Sales - SonicWall.

  • Monday, 16th October 2023 Posted 1 year ago in by Phil Alsop

Leading threat data has shown that in 2022, there were an astonishing 465,501 never-before-seen malware variants — more than in any other year since the technology was introduced.

The most well-known of these is the zero-day attack, made infamous by its connection to high-profile breaches. These attacks terrify businesses as they are completely new and unknown and specifically target a zero-day vulnerability that doesn’t have any, as of yet, existing protections such as patches and updates from the vendor or company side.

For the channel, the main issue is, of course, these threats are unknown. Outside of one’s own historical experience, it is nigh on impossible to predict the next vulnerability that is likely to be exploited. This makes it challenging when examining what aspects of your cybersecurity layer require more weight and firepower. Ultimately, this creates a forecasting costing dilemma, where future cost avoidance is top of mind.

But due to the unknown nature, technical experience is also called into question. The cybersecurity skills gap continues to grow, and for smaller-sized businesses, staffing a security operations centre with enough highly skilled professionals only becomes profitable with economies of scale that a large customer base allows. This is where artificial intelligence (AI) has the power to level the playing field.

Machines can learn too

The concept of machine learning has grown exponentially in the past year, with the rise of Large Language Models (LLM) and generative AI becoming part of our daily lexicon. There’s a lot of hype about how it can benefit our work life, and a lot of it is inflated - but in cybersecurity, the hype comes for a good reason, it works.

LLM is a necessary tool in cybersecurity to spot the behaviours, and anomalies in the cyber web, that humans would most of the time, fail to catch. When delivered as a layered security approach, AI has now become the only true way to protect against modern cyber warfare. However, not all of AI is that conclusive in its benefits, and there can lie the hidden cost to one’s bottom line.

AI-based analysis tools that provide forensics are helpful but often applied too late. In the sense that it is great when it comes to retrospective audits, but what about the initial cleanup cost? Using behavioural analysis AI solely for forensic purposes is not MSSP-friendly as the key element is protection. Instead, one must examine the possibilities of automated, real-time breach detection and prevention.

The difficulty lies in building a long-term effective prevention strategy. Security layers to filter the malware noise, so that each can be more efficient in detecting. and preventing the last. The first later; signature-based solutions, are of course still necessary as they filter out the greatest aspect of the content. A record total of 26,448 Common Vulnerabilities and Exposures (CVEs) were published in 2022, according to NIST meaning that your average network faces an ever-growing bombardment of attacks. This means that with

millions of active firewalls across the world, it is not practical or time-conscious to perform a deep analysis of every issue. Going forward, efforts must be focused on efficiently fingerprinting and filtering everything that has gone before.

The ever-lasting appeal of the sandbox

Cybersecurity is centred around trying as often as possible without failing. Only by studying and understanding the behaviour of the application are you then able to better uncover malicious intent. The sandbox is still the most efficient environment to do this in, but a lack of IT staff can often get in the way of that.

AI can understand the large swathes of data that come from behavioural analysis. It is incredibly adaptable and able to better uncover threats that hide beneath the attack surface. The AI is then able to fingerprint the payload, via signature, turning a zero-day threat into a known one. Speed is the key element here and putting out a known signature to the protection appliances in the mesh protection network helps drive the inefficiencies to better discover more threats. The scalability of AI is beneficial as well, being able to watch and learn from the large sample size of the mesh network catchment area and its data.

AI will continue to dominate headlines for the foreseeable, as many try to grasp its best future use cases. In cybersecurity, it has been proven to help automate the real-time breach detection and prevention of a business. It’s up to partners to ensure they drive these advancements in their security environments. Only by working together, via connected solutions and shared intelligence, can you be protected against all unknown cyber threats.