This post is also available in: עברית (Hebrew)
It’s time to blow the whistle on a well-known secret shared among the cyber security researchers’ community: The digital world security has reached The Tipping Point at which modern cyber defense vendors are practically abandoning the battlefield against low level attackers while adopting a loser’s strategy of damage control.
“We believe that everyone deserves to enjoy the power of sharing and yet feel secure in her/his privacy” says Carmit Gilon Halev, CEO at Cymdall, “but today, sharing comes with a price.” Carmit adds “Modern cyber defenders are fighting a losing battle trying to protect hundreds of scattered endpoints, with little to no visibility, surrounded by protection products which are getting more and more complex to operate and control, against adversaries who always enjoy the upper hand, leaving us no option but to fortify ourselves behind crippling walls of rules and abnormal behavior which threaten to bring free sharing, and the progress which it fuels, to the brim of halt.”
The cyber security researcher’s community had long foreseen the reality Carmit is talking about. They call it: The Tipping Point of the digital world security, at which defense products could no longer allocate the required resources to mitigate low level attacks that become the standard mode of operation for attackers today.
Modern endpoint defenders completely or partially coexist with the attackers inside the host they are supposed to protect, hopelessly balancing performance, visibility, and usability. “Writing and running a malicious low-level piece of code in the Windows kernel becomes common knowledge for attackers today” says Pavel Yosifovich, Chief R&D Officer at Cymdall, co-author of Windows Internals, author of Windows Kernel Programming and Windows 10 System Programming and a trainer of the Windows internal series of courses “There is no way to completely defend against such attacks without significantly affecting the protected host performance, and even then your defenses come with inherent expiration date which become shorter and shorter as attackers win the race and present undefendable attacks faster than defenders can react”.
The inability to effectively defend against low-level attacks, as Pavel explains, forced the hand of most of today’s cyber defense product vendors to abandon the objective of automatic detection and mitigation of attacks in favor of producing never ending flood of telemetry expecting a human professional to find the malicious needle in the complex overwhelming information haystack.
According to a recent evaluation conducted by MITRE ATT@CK, between 50% and 73% of the detections performed by the top 5 EDR products today are manually generated. And it’s getting much worse.
The huge migration to the cloud allegedly was the solution offered by most experts. Enterprises no longer needed to hire these expensive rare talents and they could rely on the big brother in the cloud to protect their vulnerable data. Billions of dollars invested in data storage, compartmentalization, restoration, and other innovative ideas with a leap of faith that once the data is in the cloud, it is secured and there is no need to truly protect the endpoints left behind.
Unfortunately, this trend was a step too far over The Tipping Point.
“As a chess player, I was always taught to look for the space left behind” says Amichai Yifrach, co-founder and CTO at Cymdall “in chess, one must always look for the weaknesses in the space that was left behind by pieces movement on the board, both the adversary’s and your own” Amichai explains “The migration to the cloud, combined with the endpoint defense vendors’ inability to effectively defend against low-level attacks, had left behind most of the world’s most valuable digital assets vulnerable to attacks and exploitation, jeopardizing our privacy and even our safety”.
Among the digital assets Amichai is talking about we can find endpoints and digital entities that cannot be migrated or these will never be trusted to the big brother in the cloud. Assets such as critical infrastructure, fintech & insurance internal operations, smart transportation, industry 4.0 (OT), small/medium businesses, mobile phones & devices, and eventually our individual privacy, which is surrounded and exposed to hundreds of off-the-cloud smart devices.
“The Tipping Point is here, and unless we change the way we think about endpoint protection, it will become more and more irrecoverable” says Uriel Kosayev, co-founder and Chief Scientific Officer at Cymdall, senior cyber security researcher and the author of Antivirus Bypass Techniques “The more I dig into the endpoint protection products the more I see the severity of the impact The Tipping Point will have on our lives. And this is exactly why we had founded Cymdall – the last frontier of true endpoint protection”
According to the company’s publications, Cymdall’s patent pending hybrid technology enables every smart device to have separate internal resources completely dedicated to monitor, analyze, and detect malicious intents as they try to plant roots into the endpoint, and mitigate them long before they become a real threat. Giving endpoint defenders the upper hand for the first and decisive time.
“Cymdall’s vision is to embed our technology in every smart device” Carmit concludes “enabling transparent effortless cyber security at the very low level as the bedrock for borderless unrestricted sharing towards accelerated progress and a better and more secure world”.
Prepared to dive into the world of futuristic technology? Attend INNOTECH 2023, the international convention and exhibition for cyber, HLS and innovation at Expo, Tel Aviv, on March 29th-30th
Interested in sponsoring / a display booth at the 2023 INNOTECH exhibition? Click here for details!