The following is an excerpt from our recent whitepaper, “Why Traditional Cybersecurity Tools Cannot Defend Against Zero-Day and No Signature Attacks,” in which we dive into how traditional cybersecurity tools work, why this fundamentally limits them from being able to detect zero-day or previously unknown attacks, why the industry standard for breach detection is around six to eight months and how modern, contextually-aware AI overcomes the limitations of traditional cybersecurity solutions.
But I Have a Great (Expensive) SIEM Solution in Place…
SIEM has historically been referenced as an ideal, modern solution, but even the more robust market offerings are fundamentally limited. Here’s why.\
SIEM works by installing heavy forwarders on multiple locations to the system of record that is then sent in raw data format that is time-series dependent to a middle tier. When someone writes a query or a rule against that data, even in the best case scenarios, the SIEM performs data normalization. Then, it structures and organizes based on the information in that system to produce a result based on the specified questions.
Organizations are exclusively depending on selective information forwarded to the SIEM. The information that inevitably exists outside the system of record — information relevant for zero-day attacks — is ignored.
But What About My Next-generation Firewall?
Vendors promote the newest generation of firewall technology by focusing on a 30-second response time when it comes to identifying signatures. Many of these solutions can, indeed, manage this limited capability, but fall short in a fundamentally important way. They don’t tell organizations anything about coordinated or no-signature attacks. The only attacks visible are those based on minor modifications to existing signatures.
Vendors clarify this function by claiming that most attacks fall into this modified signature category. But do they?
There is a new generation of attack techniques and coordinated attack techniques, including adversarial AI specifically designed to negate and undermine the entire message being sold by these next generation firewalls and cybersecurity platforms. Attackers are well aware that organizations are expecting modified signature attacks, so they have moved away from them to new methods outside the scope of traditional solutions.
State-sponsored and adversarial AI attacks are prevalent, using never-before-seen signature-based detections or attacks that circumvent next generation firewalls, end points, and cybersecurity systems as a whole. “State sponsored hackers are well equipped, well funded, and know how legacy, rules-based systems operate,” Coulehan says. “There is now significant, demonstrable evidence that coordinated attacks can and will compromise a cybersecurity system’s rule set, a baseline, or thresholds within the tools themselves.” The approach has proven more effective, and far less detectable, than simple modification of existing signatures.
Download the whitepaper: