Cyber attackers are moving faster than ever before, which means defenders have less and less time to act decisively to stop a potential ransomware or data theft. Data from Crowdstrike show the average time it takes an attacker to move laterally, beyond the point of compromise, decreased from an average of 84 minutes in 2022 to 62 minutes in 2023. The fastest time Crowdstrike (a Zscaler partner) observed was two minutes and seven seconds.
Reactive breach response is no longer a practical strategy. Even when endpoint security software identifies issues, security analysts and incident response experts are often delayed or can’t mobilize quickly enough, giving attackers adequate time to cause damage and disruption.
The answer is to get ahead of the breach–’shifting left of boom’ in military parlance–to break the kill chain before it gets to the point of a system being compromised.
From reactive to proactive security
Effective breach prediction requires a structured understanding of threat actors and their behavior. The MITRE ATT&CK framework helps model cyber adversaries' tactics and techniques by mapping 14 steps an attacker can take as part of an intrusion and the techniques available to achieve each stage. It helps defenders identify opportunities to stop the attack.
Zscaler’s new Breach Predictor has a preemptive vision of security. AI is enabled to analyze vast amounts of data, such as security logs, network traffic, and user behaviors, to identify patterns human analysts would never spot. Using this data and combining it with intelligence about thousands of attackers and their tools, techniques and procedures (TTPs), we are able to predict how the early stages of attacker activity will likely evolve and gauge the likelihood of a damaging attack. This allows organizations to anticipate and neutralize threats before they cause harm.
Zscaler’s chief security officer, Deepen Desai, said “this is not a product that's just saying, ‘hey, there is a user that got infected with malware X.’”, but rather the idea is to show you symptoms of pre-breach activity across multiple users in different locations. The value comes from looking at similar types of activity across the user base.
“When we do clustering based on behavior that we're seeing in your environment, if you see five users at stage one and two users at stage two, we can do multidimensional clustering and then, looking at your policies, predict what's the likelihood of this scenario progressing further in that breach funnel” said Desai. “The further you are in that breach cycle, the more the product will light up.”
Harnessing the power of AI
Neelima Rustagi, vice president of product management at Zscaler said Breach Predictor, which will launch in the coming months, visualizes the attack path. “So not only are we mapping it to TTPs, we are going to take those and map it to an attack path, and then on the attack path also use predictive AI to show you what the prediction of a breach is based on what we are seeing in your environment.”
The product uses log data from ZIA and sandbox data, correlating it with over 10,000 multi-stage attack chains, which the Zscaler ThreatLabz team has documented. That data is fed into generative AI and predictive modeling to identify emerging attacks.
Rustagi said Beach Predictor will incorporate data from ZPA, deception logs, and third-party endpoint logs to improve confidence in the predictions further. Another powerful feature is the ability to provide real-time policy recommendations. Based on detected threats and predictive models, these recommendations enable organizations to quickly address and mitigate risks.
This proactive approach allows IT and security teams to stay ahead of potential threats, minimizing potential damage and enhancing overall security posture.
Transforming cybersecurity
Most CXOs accept that traditional approaches to cybersecurity no longer work. VPNs and firewalls had their day, but are now becoming a liability. Likewise, we can no longer accept reactive security. Responsible leaders in technology and security must proactively drive adoption of AI-powered predictive security that can neutralize threats before they cause harm.
Breach prediction is not just about staying ahead of threats—it's about fundamentally transforming the way the industry approaches cybersecurity. For those at the helm of IT and security functions, this proactive stance is essential for safeguarding organizations in an increasingly risky world.
What to read next
Navigating the Intersection of Cybersecurity and AI: Key Predictions for 2024
Zscaler Unveils Suite of Cyber Solutions Designed to Harness the Full Potential of Generative AI