Currently the cybersecurity is reactive. It reacts to the presence of certain signatures in the operating system, applications, middleware, protocols, frameworks and networks. When these signatures are detected, the appropriate patches are applied to plug the vulnerabilities represented by the signatures.
In this reactive approach, the initiative remains with the attacker. The defense is reactive to what the attacker does. And there is always a time lag between the initiative by the attacker and the construction of the corresponding signatures.
This is not a winning strategy.
Cybersecurity has taken many directions, trends, and new ideas. But this scenario has not changed, the strategy remain a strategy that is not a winning strategy.
In human based decision making, the law enforcement preempts the offender, and arrests the offender before the offence has taken place.
In cybersecurity, we need such a strategy. This would preempt the attacker. It would stop the attack before it begins.
Choudhary Associates in Bowie, MD, have a product that can accomplish this. That constitutes a winning strategy. The details and operations are proprietary. They cannot be disclosed. But the product can be demonstrated in operational scenarios.
Who do you think is a potential customer? How do you think the product can be marketed (currently there is no sales and marketing budget).
Would you be willing to invest in further development, marketing and sales? Who would be interested? Who could be a financier?
Salam Alaikum Professor Choudhary
Ramadhan Kareem incha Allah
Zin eddine
Cybersecurity based on signatures and patches is not a winning strategy
Cybersecurity based on signatures and patches is not a winning strategy. Signature-based detection only works when the threat actor is using known malware, which they often are not. In addition, patches are not always effective against zero-day threats. A better strategy is to use a layered approach to security, which includes monitoring and controlling network traffic, using multiple layers of defense such as firewalls, antivirus software, and intrusion detection systems, and educating users on safe computing practices
As you say, relying solely on patching and signatures is not a winning security strategy. But most competent IT shops know that already and implement the layers defenses mentioned by Wali Mohd Dar . In addition, many are looking to implement Zero trust based techniques and things like user entity behavior analytics that look for unusual
behavior rather than signatures. So if you want to sell your security product, it has to work better than the current state of the art of defense in depth, zero trust, and behavioral analytics. Better can mean cheaper, faster to detect, or less resource intensive. Also, you need to be able to overcome IT shop resistance to new vendor, as certifying a new security vendor can be long task. I would also note that signature based security and patching aren’t going away, they become part of the whole security strategy but not the only parts. My comments are from my interactions with our InfoSec department.
Thanks for the wonderful feedback. You are right, the prototype product that we have works far better than the existing products. It is primarily a smart and intelligent product for user authentication. It uses a detailed list of attributes, not just user id, password, CAC card. It uses Network conditions, geographical location, type of Mission etc. It can also include things like Situation Awareness and Common Operating Picture. As the situation changes, it can de-authenticate a previously authenticated user. It can de-authenticate a Edward Snowden type user in the middle of the operations.