Atif Mushtaq Atif Mushtaq

Think Outside the Sandbox

November 7th 2017

Think Outside the Sandbox

Over the past decade, our industry has been plagued by a losing game of cat-and-mouse against street-smart hackers who continually find new ways to compromise Internet-connected devices. Enhanced security of modern browsers and automatic software updates are creating a shift in their strategy, so hackers are now paying attention to the most vulnerable and the least protected element: the human user.

Social engineering and phishing techniques are becoming really clever and hackers are also becoming increasingly more aggressive, as organizations battle against them with inadequate user education and training. Even if one out of 100 employees are tricked into giving up their credentials, the attack is considered 100% successful. It just takes one.

While working as a lead scientist at FireEye, I used to spend 80% of my time on manual threat investigation to supplement conventional computing methods based on signatures or sandboxes; not a scalable and efficient approach. I founded SlashNext to address those shortcomings, and over the last three years, we built a system that thinks like a researcher but leverages cognitive computing to process and detect complex and interlinked cyberattacks…so IT teams can spend 80% of their time running their business, not trying to stop attacks targeted at their employees.

We are proud to introduce the SlashNext Internet Access Protection System, the world’s first Internet access security solution that thinks, learns and adapts to new threats – and automatically detects and blocks all types of attacks on Internet users without requiring human intervention. We designed the system to replicate the steps of a team of human threat researchers who process raw data, compile evidence, analyze using cognition, discuss and then collectively reach a decision. The big difference: we do it within few seconds.

Unlike AVs and Sandboxes that are solely dependent on files or payload analysis, the SlashNext solution is built from the ground up to be protocol-centric. This approach provides a unique capability to detect both malware and malware-free Internet access attacks, including social engineering and phishing attacks.

The SlashNext system employs a patent-pending, cross platform protocol analysis engine which processes gigabits of Internet bound traffic in real-time to extract a complex set of artifacts. These artifacts are essentially the telltale signs of a malicious attack. The artifacts are further processed into clear Indicators of Compromise (IOCs). The IOCs are then handed over to hundreds of reasoning engines that behave like a team of decision-makers working together to reach a single verdict: “100% Malicious” or “Not Malicious.”

Once a decision is made, the final outcome is shared back with all the decision makers as part of a peer feedback mechanism that gives the system its unique self-learning capability. This process is a huge contrast to machine-learning based systems that need to be manually trained repeatedly by data scientists.

A few other important points:

  • Why we focused on Internet access: although hackers spread social engineering through multi-modal digital communication methodologies like email, social media and messaging apps, in most cases they still deliver the final payload via the Web. Therefore, the best way to protect against these cross-media attacks involves stopping them at the common Web delivery point.
  • Why current generation network security solutions aren’t working: most tools are known for their complexity, requiring a team of researchers for management, who regrettably cannot keep up with notifications, and consequently suffer from alert fatigue. The SlashNext solution is built for ease of use and rapid incident response.
  • Proof that we make a difference: in 90% of our customers’ deployments, our system will detect existing infected machines and covert hacking channels that were not caught by any of the other vendor tools they have running. In most cases, we identify social engineering attacks, phishing, malware, exploits, callbacks threats with pinpoint accuracy…in the first three hours!

I am most proud of our 20-to-1 promise. Deploy us – it will take twenty minutes or less – and then expect to see a single definitive verdict on the health of your network. No more end-point agents, probabilities, color coding, thresholds, whitelisting, blacklisting or false alerts – just one answer: “Malicious” or “Not Malicious.”

How are you protecting employees from making innocent mistakes that are the way “in?”

Follow me: