Craig Harwood, Regional Director, Africa & Middle East at CyberArk.
South African organisations are favourite targets for cyber crime gangs. This revelation is not new: numerous reports and studies from insurance underwriters and cyber security firms underscore the concern.
Events on the ground echo their warnings: prominent exact examples include pharmacy retail giant Dischem losing 3.6 million records to a breach and criminals grabbing a staggering 54 million user records from TransUnion. There is no shortage of more local examples, and security, IT and business professionals are under mounting pressure to reduce these risks in a constantly shifting landscape.
We can glean important guidance to the most effective strategies by studying significant attacks. Specifically, the exact breach of Uber's systems provides an excellent case study of how one could slow down a cyber attack.
"It's becoming more and more accepted that you can't really avoid a breach," says Craig Harwood, CyberArk's regional director for Africa and Middle East. "The focus has shifted towards slowing down attacks. The security world calls this an 'assume breach' mindset. You still do everything in your capacity to prevent breaches, using tools such as multi-factor authentication and user training. But you also accept that cyber criminals work constantly to circumvent such safeguards. They will eventually get in. When they do, what is your plan?"
The Uber breach reveals how modern attackers behave and how we can stop them from doing any significant damage. The CyberArk Red Team analysed this event and drew several important conclusions. To understand their value, let's start with the chain of events:
We can draw several conclusions from the breach pattern, says Harwood: "Hard-coded credentials played a big role in this attack. Administrators routinely write scripts to automate processes, such as backups, and include credentials in such scripts. These credentials could be anything from privileged tokens and SSH keys to API tokens and other kinds of passwords. It's typical for developers to embed (or hard code) these credentials into the code to save time and to assure automation. This makes it difficult to manage and rotate the credentials because they are left open to everyone with access to the code."
Credential theft remains the most significant risk, and criminals are becoming more adept at getting around safeguards such as multi-factor authentication. In fact, the Uber story features multiple MFA compromises.
"Your staff members are your gatekeepers, so routinely teach them to recognise and report phishing to help avoid identity theft. As attacks continue to change, expect alertness but not absolute precision," Harwood advises. This breach also highlights the importance of ensuring least-privilege access, a fundamental part of zero-trust frameworks: "Consistently apply the principle of least privilege, beginning at the endpoint. Set up privileged access management programmes with the utmost care. Access to privileged accounts for administrators should only be granted when it is absolutely necessary. All privileged account access needs to be separated and validated."
The last major conclusion we can draw is the importance of a defence-in-depth (DiD) strategy, thoughtfully layering security controls to protect critical assets, such as important data, when other controls fail. Limiting lateral movement can also greatly help by removing standing access to sensitive infrastructure and online or cloud interfaces. Just-in-time elevation of privileges can significantly minimise the access of any compromised identity, reducing the blast radius of an attacker – especially when combined with robust authentication.
We all know by now that there is no security silver bullet. Even Uber, which had multiple layers of security, still fell victim to attackers. Few people still believe that attacks can be flat-out stopped anymore. But we can control how bad they become. Attacks such as the Uber breach can be mitigated with robust, layered defence-in-depth cyber security bolstered by continued and repeated staff education to help recognise potential sources of danger.
"Having these aspects in place makes it more difficult for attackers to gain a foothold, move, discover and achieve their objectives," says Harwood. "Just as importantly, they allow us to minimise the success and impact of attacks and get back to normal operations as quickly as possible. This is the meaningful learning we should take and apply to our own organisations."
In this article, we will discuss the 15 best cybersecurity stocks to buy heading into 2023. If you want to skip our detailed analysis of the cybersecurity industry and explore similar stocks, you can go directly to 5 Best Cybersecurity Stocks to Buy Heading into 2023.
The cybersecurity industry is experiencing rapid growth due to the increasing number of cyber-attacks and data breaches. As hackers become increasingly sophisticated in their attacks and technology becomes more pervasive, the need for effective cybersecurity solutions has grown. Companies and organizations of all sizes, from small businesses to large corporations, are investing heavily in cybersecurity solutions to protect their data and networks. The cybersecurity industry is a vital part of the modern economy, and its growth is expected to continue in the coming years. As organizations become increasingly reliant on digital technologies, the need for robust cybersecurity solutions will only increase.
According to a report by Grand View Research, the global cybersecurity market was worth $184.93 billion in 2021. The industry is expected to reach a value of $202.72 billion in 2022 and grow at a compound annual growth rate of 12% from 2022 to 2030, reaching a value of $500.70 billion by the end of the forecasted period. This growth is expected to be driven by the increase in cyber-attacks as businesses go digital and a surge in the usage of smart devices across the globe. In 2021, the defense/government segment held the dominant market share and the healthcare segment held the dominant revenue share of the global cybersecurity market. Region-wise, North America held the dominant market share in 2021, and Europe was the runner-up region. The APAC region is expected to grow at the fastest pace over the forecasted period, registering a CAGR of 15%.
Big tech companies such as Meta Platforms, Inc. (NASDAQ:META), Alphabet Inc. (NASDAQ:GOOG), Amazon.com, Inc. (NASDAQ:AMZN), and Microsoft Corporation (NASDAQ:MSFT) are pouring hefty investments into cybersecurity companies. According to a report by CB Insights, cybersecurity funding doubled year over year in 2021 and amounted to over $25 billion. In this piece, we will discuss some of the best cybersecurity stocks to buy now.
To determine the best cybersecurity stocks to buy now, we studied industry analysis reports and identified key players operating in the space. We studied these companies in detail and reviewed their product pipelines and business models. We then selected companies with robust product pipelines, strong fundamentals, and positive market sentiment. Along with each stock, we have included analyst ratings, the hedge fund sentiment, and salient features that make them viable investment options to consider. These stocks are ranked according to their popularity among elite money managers.
Number of Hedge Fund Holders: 25
Qualys, Inc. (NASDAQ:QLYS) is a leading provider of cloud-based security and compliance solutions. Qualys, Inc. (NASDAQ:QLYS) is a trusted security and compliance partner for some of the world’s largest enterprises, including Fortune 500 companies, government agencies, and national healthcare institutions among others. The company is profitable and cash-rich and is one of the best cybersecurity stocks to buy heading into 2023. According to the company’s balance sheet, Qualys, Inc. (NASDAQ:QLYS) has free cash flows of $177.8 million, a trailing twelve-month operating margin of 27.51%, and an ROE of 26.77%.
On November 3, Wedbush analyst Daniel Ives updated his price target on Qualys, Inc. (NASDAQ:QLYS) to $140 from $150 and reiterated an Outperform rating on the shares.
At the close of Q3 2022, 25 hedge funds were long Qualys, Inc. (NASDAQ:QLYS) and disclosed stakes worth $295.5 million. Of those, Fundsmith LLP was the most prominent investor in the company and disclosed a position worth $92.19 million.
Here is what Headwaters Capital had to say about Qualys, Inc. (NASDAQ:QLYS) in its second-quarter 2022 investor letter:
“Qualys, Inc. (NASDAQ:QLYS) was founded in 1999 and provides vulnerability management software to both SMBs and enterprise customers. Vulnerability management software provides a continuous view of security and compliance across all of a company’s assets including on-premise, end-points, cloud and mobile. The easiest way to think about QLYS’s original VM solution is that it provided a dashboard that monitored all potential threats to a network and helped IT departments prioritize which vulnerabilities were the highest risk. QLYS was a pioneer in the industry as they were one of the first companies to offer a cloud-based software as a service (SaaS) solution as opposed to the traditional license offerings that proliferated at the time. While QLYS’ VM software has always provided an industry leading dashboard to monitor weaknesses, it provided limited functionality to respond to these vulnerabilities. More recently, QLYS has increased the functionality of its software through the rollout of Detection and Response capabilities (VMDR) and extended detection and response (XDR) capabilities in late 2021.
The cybersecurity space has been marked by a preference of customers for point solution expertise as opposed to a winner take all solution. This market structure is driven by the complex nature of assets that need protection, the dynamic nature of security threats and the critical nature of cybersecurity, which leads to a customer preference for quality over cost. Historically, cybersecurity was best served by firewalls, which provided a ring fence around assets that were physically located on a network. Firewalls are increasingly becoming obsolete in the cybersecurity world as the network perimeter has effectively disappeared due to the growing adoption of SaaS solutions and new connected devices that connect to the network from multiple new endpoints. This trend has only accelerated following COVID. As more devices and software tools connect from outside of the traditional firewall perimeter, the importance of security monitoring tools such as VM, VMDR and XDR has increased. In many ways, vulnerability management is the foundation of cybersecurity as it provides the dashboard for monitoring all potential security gaps. QLYS’ software can provide critical data about which assets are exposed to specific threats and can increasingly help IT departments prioritize and remediate these vulnerabilities.
Understanding QLYS’s history is important to gaining confidence in QLYS’ ability to maintain revenue growth going forward. QLYS was almost perfectly positioned earlier this decade to take advantage of both the transition in the software market from license to SaaS solutions as well as the cybersecurity trend away from firewalls as devices increasingly moved beyond a physical perimeter. Given the large TAM, industry tailwinds and a market leading product, QLYS was able to growth revenues at a +20% CAGR from 2012-2018. Even more impressive, QLYS was able to accomplish this growth with limited investment in R&D or its sales force. R&D as a percentage of revenues declined from 22% in 2012 to 16% in 2018 while S&M declined from 40% in 2012 to 22% in 2018. Consequently, QLYS operates with one of the highest EBITDA margins in the industry at 45%. The ability for QLYS to post such consistent revenue growth despite under-investing in product development and sales is evidence of the strong competitive positioning of QLYS’ software and the critical nature of the product…” (Click here to read more)
Big tech companies that are heavily investing in cybersecurity include Meta Platforms, Inc. (NASDAQ:META), Alphabet Inc. (NASDAQ:GOOG), Amazon.com, Inc. (NASDAQ:AMZN), and Microsoft Corporation (NASDAQ:MSFT).
Number of Hedge Fund Holders: 27
Tenable Holdings, Inc. (NASDAQ:TENB) is a leading provider of security solutions that help organizations reduce their cyber risk. On October 25, the company posted market-beating earnings for the fiscal third quarter of 2022. The company reported earnings per share of $0.15 and outperformed consensus by $0.12. The company generated a revenue of $174.85 million, up 26.10% year over year, and beat Wall Street expectations by $4.65 million. Tenable Holdings, Inc. (NASDAQ:TENB) has free cash flows of $104.5 million and is placed on our list of the best cybersecurity stocks to buy now.
On October 26, DA Davidson analyst Rudy Kessinger revised his price target on Tenable Holdings, Inc. (NASDAQ:TENB) to $47 from $53 and maintained a Buy rating on the shares.
At the end of the third quarter of 2022, 27 hedge funds held stakes in Tenable Holdings, Inc. (NASDAQ:TENB). The total value of these stakes amounted to $444.8 million. As of September 30, Greenvale Capital is the most prominent shareholder in the company and holds a position worth $135.7 million.
Number of Hedge Fund Holders: 30
SentinelOne, Inc. (NYSE:S) is a cutting-edge cybersecurity company that provides comprehensive endpoint protection for organizations of all sizes. The company’s platform offers a complete security suite that includes automated threat detection and response, endpoint protection, vulnerability management, cloud security, and advanced analytics. The stock is ranked among the best cybersecurity stocks to buy now and is worth $4.22 billion on the open market, as of December 2.
On November 22, Morgan Stanley analyst Hamza Fodderwala updated his price target on SentinelOne, Inc. (NYSE:S) to $30 from $40 and reiterated an Overweight rating on the shares. This November, BTIG analyst Gray Powell revised his price target on SentinelOne, Inc. (NYSE:S) to $25 from $38 and maintained a Buy rating on the shares.
At the end of Q3 2022, 30 hedge funds were bullish on SentinelOne, Inc. (NYSE:S) and disclosed positions worth $1.33 billion. This is compared to 26 positions in the previous quarter with stakes worth $1.23 billion. The hedge fund sentiment for the stock is positive. As of September 30, Third Point is the largest investor in the company and has stakes worth $485.6 million.
Number of Hedge Fund Holders: 29
CACI International Inc. (NYSE:CACI) is an American provider of information technology services and professional services, primarily to the United States federal government. The company is headquartered in Arlington, Virginia. CACI International Inc. (NYSE:CACI) has a long history of providing cybersecurity solutions and services to the U.S. government and is placed among the best cybersecurity stocks to buy now. As of December 2, the stock has gained 15.86% year to date.
On August 31, William Blair analyst Louie DiPalma reiterated an Outperform rating on CACI International Inc. (NYSE:CACI). On October 26, the company announced earnings for the first quarter of fiscal 2023. CACI International Inc. (NYSE:CACI) reported an EPS of $4.36 and beat estimates by $0.11. The company’s revenue for the quarter amounted to $1.61 billion, up 7.70% year over year and ahead of Wall Street estimates by $20.28 million.
At the close of the third quarter of 2022, 29 hedge funds were bullish on CACI International Inc. (NYSE:CACI) and disclosed stakes of $393 million. This is compared to 22 hedge funds in the preceding quarter with stakes worth $393.8 million. As of September 30, Horizon Asset Management is the most prominent shareholder in the company and has a position worth $118.27 million.
Here is what Upslope Capital had to say about CACI International Inc (NYSE:CACI) in its third-quarter 2022 investor letter:
“CACI International Inc (NYSE:CACI) provides specialized technology and consulting services, primarily to U.S. defense and intelligence agencies. The U.S. Army is CACI’s single largest customer. This position replaces BWXT in Upslope’s “defense basket” (articulated in Q1 on p. 4). CACI’s business is mostly split across Expertise (providing talent to government agencies – e.g. software engineers) and Technology (design and delivery of specific technology-oriented services and products, including for example, battlefield hardware). The company offers its services and products in support of both day-to-day agency operations and specific missions.
At a high-level, CACI reminds me of another Upslope long in an unrelated sector: Silgan Holdings (packaging/dispensing and food can business). Both are truly sleepy value stocks that trade for low doubledigit earnings multiples, but have a strong history of steady value creation and free cash flow per share growth. Both the stocks and underlying businesses appear very well-positioned for the uncertain macro (or geopolitical, in CACI’s case) environment we’re likely to face in the years ahead. Other notable thesis points for CACI specifically:
Long-term Geopolitical & Other Tailwinds – like other components of Upslope’s defense basket, CACI should benefit from an attractive defense spending environment for years to come. CACI should also benefit from IT modernization efforts in U.S. government agencies, as well as its strength in cyber/electronic warfare offerings…” (Click here to read the full text)
Number of Hedge Fund Holders: 32
Check Point Software Technologies Ltd. (NASDAQ:CHKP) is a leading international provider of cybersecurity and cyber intelligence solutions. Founded in 1993, Check Point Software Technologies Ltd. (NASDAQ:CHKP) has grown to become one of the world’s largest cybersecurity providers and is one of the best cybersecurity stocks to buy now. The company provides a comprehensive portfolio of products and services that enable organizations to protect their networks, data, and applications against cyber threats. In addition, the company also offers cloud-based security services and endpoint protection.
Wall Street analysts are bullish on Check Point Software Technologies Ltd. (NASDAQ:CHKP). This October, Truist analyst Joel Fishbein updated his price target on Check Point Software Technologies Ltd. (NASDAQ:CHKP) to $130 from $145 and reiterated a Buy rating on the shares. On October 28, Mizuho analyst Gregg Moskowitz raised his price target on Check Point Software Technologies Ltd. (NASDAQ:CHKP) to $135 from $130 and maintained a Neutral rating on the shares.
At the end of the third quarter of 2022, 32 hedge funds were long Check Point Software Technologies Ltd. (NASDAQ:CHKP) and disclosed a position worth $680.4 million in the company. Of those, D E Shaw was the top investor in the company and held a position worth $105.28 million.
Number of Hedge Fund Holders: 32
CyberArk Software Ltd (NASDAQ:CYBR) is a leading global cybersecurity company that specializes in Privileged Access Management (PAM). The company provides solutions to help organizations protect their privileged accounts, networks, systems, and other sensitive data from malicious cyberattacks. The company’s solutions are used by Fortune 500 companies, government agencies, and other organizations across the globe. CyberArk Software Ltd (NASDAQ:CYBR) is a leader in the development of PAM technology and is ranked among the best cybersecurity stocks to buy now. As of December 2, the company has free cash flows of $6.06 billion on the open market and has free cash flows of over $39 million.
This October, Barclays analyst Saket Kalia raised his price target on CyberArk Software Ltd (NASDAQ:CYBR) to $180 from $175 and maintained an Overweight rating on the shares. On October 19, Baird analyst Shrenik Kothari took coverage of CyberArk Software Ltd (NASDAQ:CYBR) with an Outperform rating and a $182 price target.
At the end of the third quarter of 2022, 32 hedge funds were eager on CyberArk Software Ltd (NASDAQ:CYBR) and held collective positions of $775.3 million. This is compared to 29 hedge funds in the previous quarter with stakes worth $569.3 million. The hedge fund sentiment for the stock is positive. As of September 30, RGM Capital is the largest investor in CyberArk Software Ltd (NASDAQ:CYBR) and has a position worth $166.6 million.
Number of Hedge Fund Holders: 32
Akamai Technologies, Inc. (NASDAQ:AKAM) is a leading American content delivery network, cybersecurity, and cloud service company, providing web and internet security services across the globe. The company has a strong cash position and is profitable. According to the company’s balance sheet, Akamai Technologies, Inc. (NASDAQ:AKAM) has free cash flows of over $862.8 million and a trailing twelve-month operating margin of 20.99%. The stock is one of the best cybersecurity stocks to buy now.
Wall Street is bullish on Akamai Technologies, Inc. (NASDAQ:AKAM). On November 9, KeyBanc analyst Thomas Blakey revised his price target on Akamai Technologies, Inc. (NASDAQ:AKAM) to $110 from $116 and reiterated an Overweight rating on the shares. This November, Evercore ISI analyst Amit Daryanani updated his price target on Akamai Technologies, Inc. (NASDAQ:AKAM) to $105 from $110 and maintained an Outperform rating on the shares.
At the end of Q3 2022, 32 hedge funds were long Akamai Technologies, Inc. (NASDAQ:AKAM) and held positions worth $266.4 million in the company. Of those, Arrowstreet Capital was the top investor in the company and disclosed a position of $57.1 million.
Number of Hedge Fund Holders: 35
Palantir Technologies Inc. (NYSE:PLTR) is a leader in the cybersecurity market that is leveraging big data analytics to build and deploy software platforms for the intelligence community in the United States to assist in counterterrorism investigations and operations. On November 7, the company posted earnings for the fiscal third quarter of 2022. The company reported an EPS of $0.01 and generated a revenue of $477.8 million, up 21.86% year over year and ahead of Wall Street estimates by $2.92 million. Palantir Technologies Inc. (NYSE:PLTR) is placed high among the best cybersecurity stocks to buy now.
On October 8, Raymond James analyst Brian Gesuale updated his price target on Palantir Technologies Inc. (NYSE:PLTR) to $15 from $20 and maintained a Strong Buy rating on the shares.
At the close of Q3 2022, 35 hedge funds were bullish on Palantir Technologies Inc. (NYSE:PLTR) and disclosed positions worth $431.9 million in the company. Of those, Renaissance Technologies was the top investor in the company and held a position worth $269.3 million.
Number of Hedge Fund Holders: 46
Splunk Inc. (NASDAQ:SPLK) is a technology and software company that specializes in IT operations analytics and big-data intelligence. It helps customers monitor, investigate, and act on their data in real-time. The company also provides cybersecurity software through Splunk Solutions which enables cybersecurity teams to streamline the security operations workflow, accelerate threat detection and response, enhance threat visibility, and scale resources to increase analyst productivity through machine learning and automation. The company’s products are used by customers in various industries, including finance, health care, retail, media, security, and government. Splunk Inc. (NASDAQ:SPLK) is one of the best cybersecurity stocks to buy now.
On December 1, Barclays analyst Raimo Lenschow raised his price target on Splunk Inc. (NASDAQ:SPLK) to $110 from $100 and maintained an Overweight rating on the shares. This December, RBC Capital analyst Matthew Hedberg raised his price target on Splunk Inc. (NASDAQ:SPLK) to $110 from $105 and reiterated an Outperform rating on the shares.
At the close of the third quarter of 2022, 46 hedge funds held stakes in Splunk Inc. (NASDAQ:SPLK). The total value of these stakes amounted to $828 million. As of September 30, Whale Rock Capital Management is the largest investor in Splunk Inc. (NASDAQ:SPLK) and has a position worth $176.7 million.
Here is what Carillon Tower Advisers had to say about Splunk Inc. (NASDAQ:SPLK) in its second-quarter 2022 investor letter:
“Splunk Inc. (NASDAQ:SPLK), a leader in artificial intelligence solutions for corporate data logs and security, fell in a weak tech group. The company has been transitioning to more of a software-as-a service (SaaS) business model that has, we believe, temporarily depressed earnings and cash flow. We like Splunk’s leadership position in the industry and the company has installed a new CEO and is rolling out new features and products.”
Number of Hedge Fund Holders: 47
Fortinet, Inc. (NASDAQ:FTNT) is one of the world’s leading providers of cybersecurity solutions. Founded in 2000, Fortinet, Inc. (NASDAQ:FTNT) has become a leader in the industry by providing innovative and comprehensive security solutions for businesses and governments across the world. Fortinet, Inc. (NASDAQ:FTNT) has a strong cash position and is ranked among the best cybersecurity stocks to buy now. According to the company’s balance sheet, Fortinet, Inc. (NASDAQ:FTNT) has free cash flows of $1.16 billion.
On November 3, Raymond James analyst Adam Tindle revised his price target on Fortinet, Inc. (NASDAQ:FTNT) to $60 from $70 and maintained an Outperform rating on the shares. This November, Oppenheimer analyst Ittai Kidron updated his price target on Fortinet, Inc. (NASDAQ:FTNT) to $70 from $80 and reiterated an Outperform rating on the shares.
At the end of the third quarter of 2022, 47 hedge funds disclosed ownership of stakes in Fortinet, Inc. (NASDAQ:FTNT). The total value of these stakes amounted to $1.74 billion. This is compared to 43 positions in the previous quarter with stakes worth $1.38 billion. The hedge fund sentiment for the stock is positive. As of September 30, Marshall Wace LLP is the largest investor in Fortinet, Inc. (NASDAQ:FTNT) and has a position worth $238.3 million.
Governments and businesses across the globe are putting billions of dollars into cybersecurity technology. Some of the most notable investors include Meta Platforms, Inc. (NASDAQ:META), Alphabet Inc. (NASDAQ:GOOG), Amazon.com, Inc. (NASDAQ:AMZN), and Microsoft Corporation (NASDAQ:MSFT).
Click to continue memorizing and see 5 Best Cybersecurity Stocks to Buy Heading into 2023.
Disclosure: None. 15 Best Cybersecurity Stocks to Buy Heading into 2023 is originally published on Insider Monkey.
Using an internally developed machine learning model trained on log data, the information security team for a French bank found it could detect three new types of data exfiltration that rules-based security appliances did not catch.
Carole Boijaud, a cybersecurity engineer with Credit Agricole Group Infrastructure Platform (CA-GIP), will take the stage at next week's Black Hat Europe 2022 conference to detail the research into the technique, in a session entitled, "Thresholds Are for Old Threats: Demystifying AI and Machine Learning to Enhance SOC Detection." The team took daily summary data from log files, extracted interesting features from the data, and used that to find anomalies in the bank's Web traffic.
The research focused on how to better detect data exfiltration by attackers, and resulted in identification of attacks that the company's previous system failed to detect, she says.
"We implemented our own simulation of threats, of what we wanted to see, so we were able to see what could identify in our own traffic," she says. "When we didn't detect [a specific threat], we tried to figure out what is different, and we tried to understand what was going on."
As machine learning has become a buzzword in the cybersecurity industry, some companies and academic researchers are still making headway in experimenting with their own data to find threats that might otherwise hide in the noise. Microsoft, for example, used data collected from the telemetry of 400,000 customers to identify specific attack groups and, using those classifications, predict future actions of the attackers. Other firms are using machine learning techniques, such as genetic algorithms, to help detect accounts on cloud computing platforms that have too many permissions.
There are a variety of benefits from analyzing your own data with a homegrown system, says Boijaud. Security operation centers (SOCs) gain a better understanding of their network traffic and user activity, and security analysts can gain more insight into the threats attacking their systems. While Credit Agricole has its own platform group to manage infrastructure, handle security, and conduct research, even smaller enterprises can benefit from applying machine learning and data analysis, Boijaud says.
"Developing your own model is not that expensive and I'm convinced that everyone can do it," she says. "If you have access to the data, and you have people who know the logs, they can create their own pipeline, at least in the beginning."
The cybersecurity engineering team used a data-analysis technique known as clustering to identify the most important features to track in their analysis. Among the features that were deemed most significant included the popularity of domains, the number of times systems reached out to specific domains, and whether the request used an IP address or a standard domain name.
"Based on the representation of the data and the fact that we have been monitoring the daily behavior of the machines, we have been able to identify those features," says Boijaud. "Machine learning is about mathematics and models, but one of the important facts is how you choose to represent the data and that requires understanding the data and that means we need people, like cybersecurity engineers, who understand this field."
After selecting the features that are most significant in classifications, the team used a technique known as "isolation forest" to find the outliers in the data. The isolation forest algorithm organizes data into several logical trees based on their values, and then analyzes the trees to determine the characteristics of outliers. The approach scales easily to handle a large number of features and is relatively light, processing-wise.
The initial efforts resulted in the model learning to detect three types of exfiltration attacks that the company would not otherwise have detected with existing security appliances. Overall, about half the exfiltration attacks could be detected with a low false-positive rate, Boijaud says.
The engineers also had to find ways to determine what anomalies indicated malicious attacks and what may be nonhuman — but benign — traffic. Advertising tags and requests sent to third-party tracking servers were also caught by the system, as they tend to match the definitions of anomalies, but could be filtered out of the final results.
Automating the initial analysis of security events can help companies more quickly triage and identify potential attacks. By doing the research themselves, security teams gain additional insight into their data and can more easily determine what is an attack and what may be benign, Boijaud says.
CA-GIP plans to expand the analysis approach to use cases beyond detecting exfiltration using Web attacks, she says.
Second question: How can we decide?
Allow me to offer my humble opinions, starting with question No. 2.
Second, the trouble still comes when comparing high school teams from different decades, different regions of the country and from different size schools.
So third, my best answer, is to look at where the players on the team ended up years later. For example, did any of the players go to the NBA?
Here’s an excerpt from the second article:
“Their accomplishments seemed impossible and unattainable even as they occurred. However, the legacy of the 1981–1982 and 1982–1983 Paul Laurence Dunbar High School boys basketball teams continued to grow after their incredible seasons. The 1981–1982 team finished its season undefeated.
"The 1982–1983 team followed with a 31–0 campaign and a No. 1 national ranking. This group of young men became widely known as the best high school basketball team of all time, and many of them went on to even greater basketball fame. Nineteen eighty-two Dunbar graduate Gary Graham played college basketball at the University of Nevada, Las Vegas (UNLV), which was then a powerhouse. David Wingate, another 1982 grad, won an NCAA championship with Georgetown University before embarking on a productive thirteen-year NBA career. Nineteen eighty-three graduates Tyrone “Muggsy” Bogues, Reggie Lewis and Reggie Williams — the latter teamed with Wingate on Georgetown’s 1984 national championship team — enjoyed lengthy and notable NBA careers. Tim Dawson, Keith James and Mike Brown went on to star at the University of Miami, UNLV and Syracuse University, respectively. The 1982–1983 team was so talented that Reggie Lewis, who became Northeastern University’s fourth all-time leading scorer, a two-time conference player of the year, a first-round NBA draft pick, a NBA All-Star, and the captain of the Boston Celtics, could not even crack the Dunbar starting lineup.”
In short, why were they the best ever? There were four NBA players on one high school basketball team. ESPN called them the “Baltimore Boys” in a documentary that came out in 2017: “Coach Bob Wade's talented team played flawlessly with a number of standouts — Tyrone "Muggsy" Bogues, Reggie Lewis, Reggie Williams and David Wingate — making their way to the NBA.”
"During their run, Reggie Williams grew to be one of the best high school players in the country, and USA Today named him the High School Player of the Year. Muggsy was the spark that made the whole team go, and his infectious energy led their fast-paced attack. That year, Muggsy averaged eight points, eight assists and eight steals per game as the offensive initiator and the defensive disruptor.
"Finishing 59-0 over two seasons, those Dunbar teams were a force. In total, 12 Poets players went on to Division I basketball programs in college. Williams headed to Georgetown, Reggie Lewis went to play for Northeastern and Muggsy attended Wake Forest.
"After college, Wingate, Williams, Lewis and Bogues were all drafted and migrated to the NBA."
But for now, I will leave you with these related quotes on learning from history:
“Life is divided into three terms — that which was, which is, and which will be. Let us learn from the past to profit by the present, and from the present, to live better in the future.” William Wordsworth
And: “The only real mistake is the one from which we learn nothing.” Henry Ford
New Wexford company Cyberschool.ie is looking to revolutionise the way subjects such as cyber safety, coding, programming and computer science are delivered to both primary and secondary students.
ounder and CEO Trevor Murphy said that the idea for Cyberschool.ie was conceived in 2015 while he was doing a master’s that looked at the use of computer science within the Irish educational sector. Since then, he has written over 200 bespoke lessons and the company now has over 5,000 students working with its programmes. It also offers TY programmes.
“We’ve done pre-recorded lessons and created a simple pause and play system where we become the live, virtual teacher and we allow the physical teacher to facilitate the lesson. It’s based around a Scandinavian education model,” he said.
According to Trevor, the company is aiming to become the No 1 provide of such programmes in Ireland.
“We deliver the programme and the teacher has the comfort of upskilling and closing the gap that they have within the areas of computing and coding. Not only are they delivering but they’re learning as well on site. They have this programme for an entire year and can use it as many times as they want.”
As well as this, parents can also upskill by doing the programmes at their leisure.
“We’re looking to change the culture of training methodologies. The teacher doesn’t need to be alone anymore. We’re using 21st century technologies to ensure education and training rises up following best practices,” he said.
The company, which now employs seven people and has received support from LEO Wexford, has just launched Cyberschooldirect.ie, an extracurricular activity for students (aged 7 to 18) and parents to become educated in the world of coding, computer science, cyber safety and digital citizenship.
For more details, see cyberschool.ie and cyberschooldirect.ie.
Check out all the on-demand sessions from the Intelligent Security Summit here.
Faced with an onslaught of malware-less attacks that are increasingly hard to identify and stop, CISOs are contending with a threatscape where bad actors innovate faster than security and IT teams can keep up. However, artificial intelligence (AI) and machine learning (ML) are proving effective in strengthening cybersecurity by scaling data analysis volume while increasing response speeds and securing digital transformation projects under construction.
“AI is incredibly, incredibly effective in processing large amounts of data and classifying this data to determine what is good and what’s bad. At Microsoft, we process 24 trillion signals every single day, and that’s across identities and endpoints and devices and collaboration tools, and much more. And without AI, we simply could not tackle this,” Vasu Jakkal, corporate vice president for Microsoft security, compliance, identity, and privacy, told her keynotes’ audience at the RSA Conference earlier this year.
2022 is a breakout year for AI and ML in cybersecurity. Both technologies enable cybersecurity and IT teams to Improve the insights, productivity and economies of scale they can achieve with smaller teams. 93% of IT executives are already using or considering implementing AI and ML to strengthen their cybersecurity tech stacks. Of those, 64% of IT executives have implemented AI for security in at least one of their security life cycle processes, and 29% are evaluating vendors.
CISOs tell VentureBeat that one of the primary factors driving adoption is the need to get more revenue-related projects done with fewer people. In addition, AI and ML-based apps and platforms are helping solve the cybersecurity skills shortages that put organizations at a higher risk of breaches. According to the (ISC)² Cybersecurity Workforce Study, “3.4 million more cybersecurity workers are needed to secure assets effectively.”
Intelligent Security Summit On-Demand
Learn the critical role of AI & ML in cybersecurity and industry specific case studies. Watch on-demand sessions today.
CISOs also need the real-time data insights that AI- and ML-based systems provide to fine-tune predictive models, gain a holistic view of their networks and continue implementing their zero-trust security framework and strategy. As a result, enterprise spending on AI- and ML-based cybersecurity solutions are projected to attain a 24% compound annual growth rate (CAGR) through 2027 and reach a market value of $46 billion.
It’s common to find enterprises not tracking up to 40% of their endpoints, making it more challenging because many IT teams aren’t sure how many endpoints their internal processes are creating in a given year. Over a third, or 35%, of enterprises using AI today to strengthen their tech stacks say that endpoint discovery and asset management is their leading use case. Enterprises plan to increase their use of endpoint discovery and asset management by 15% in three years, eventually installed in nearly half of all enterprises.
It’s understandable why endpoint recovery and asset management are highly prioritized due to how loosely managed their digital certificates are. For example, Keyfactor found that 40% of enterprises use spreadsheets to track digital certificates manually, and 57% do not have an accurate inventory of SSH keys.
Additional use cases revolve around cybersecurity investments related to zero-trust initiatives, including vulnerability and patch management, access management and identity access management (IAM). For example, 34% of enterprises are using AI-based vulnerability and patch management systems today, which is expected to jump to over 40% in three years.
Over 11,700 companies in Crunchbase are affiliated with cybersecurity, with over 1,200 mentioning AI and ML as core tech stacks and products and service strategies. As a result, there’s an abundance of cybersecurity vendors to consider, and over a thousand can use AL, ML or both to solve security problems.
CISOs look to AI and ML cybersecurity vendors who can most help consolidate their tech stacks first. They’re also looking for AI and ML applications, systems and platforms that deliver measurable business value while being feasible to implement, given their organizations’ limited resources. CISOs are getting quick wins using this approach.
The most common use cases are AI- and ML-based cybersecurity implementations of transaction-fraud detection, file-based malware detection, process behavior analysis, and web domain and reputation assessment. CISOs want AI and Ml systems that can identify false positives and differentiate between attackers and admins. That’s because they meet the requirement of securing threat vectors while delivering operational efficiency and being technically feasible.
VentureBeat’s conversations with CISOs at industry events, including RSA, BlackHat 2022, CrowdStrike’s Fal.Con and others, found several core areas where AI and ML adoption continue to get funded despite budget pressures being felt across IT and security teams. These areas include behavioral analytics (now a core part of many cybersecurity platforms), bot-based patch management, compliance, identity access management (IAM), identifying and securing machine identities, and privileged access management (PAM), where AI is used for scoring risk and validating identities.
In addition, the following are areas where AI and ML are delivering value to enterprises today:
Using AL and ML to Improve behavioral analytics, improving authentication accuracy. Endpoint protection platform (EPP), endpoint detection and response (EDR) unified endpoint management (UEM), and a few public cloud providers, including Amazon AWS, Microsoft Azure, and others, are combining AI techniques and ML models to Improve security personalization while enforcing least-privileged access. Leading cybersecurity providers are integrating predictive AI and ML to adapt security policies and roles to each user in real time based on the patterns of where and when they attempt to log in, their device type, device configuration and several other classes of variables.
Leading providers include Blackberry Persona, Broadcom, CrowdStrike, CyberArk, Cybereason, Ivanti, SentinelOne, Microsoft, McAfee, Sophos, VMware Carbon Black and others. Enterprises say this approach to using AI-based endpoint management decreases the risk of lost or stolen devices, protecting against device and app cloning and user impersonation.
Discovering and securing endpoints by combining ML and natural language processing (NLP). Attack surface management (ASM) is comprised of external attack surface management (EASM), cyberasset attack surface management (CAASM), and digital risk protection services (DRPS), according to Gartner’s 2022 Innovation Insight for Attack Surface Management report (preprint courtesy of Palo Alto Networks). Gartner predicts that by 2026, 20% of companies will have more than 95% visibility of all their assets, which will be prioritized by risk and control coverage by implementing CAASM functionality, up from less than 1% in 2022.
Leading vendors in this area are combining ML algorithms and NLP techniques to discover, map and define endpoint security plans to protect every endpoint in an organization. Leading vendors include Axonius, Brinqa, Cyberpion, CyCognito, FireCompass, JupiterOne, LookingGlass Cyber, Noetic Cyber, Palo Alto Networks (via its acquisition of Expanse), Randori and others.
Using AI and ML to automate indicators of attack (IOAs), thwarting intrusion and breach attempts. AI-based IOAs fortify existing defenses using cloud-based ML and real-time threat intelligence to analyze events at runtime and dynamically issue IOAs to the sensor. The sensor then correlates the AI-generated IOAs (behavioral event data) with local events and file data to assess maliciousness. CrowdStrike says AI-powered IOAs operate asynchronously alongside existing layers of sensor defense, including sensor-based ML and existing IOAs. Its AI-based IOAs combine cloud-native ML and human expertise on a common platform invented by the company more than a decade ago. Since their introduction, AI-based IOAs have proven effective in identifying and thwarting intrusion and breach attempts while defeating them in real time based on actual adversary behavior.
AI-powered IOAs rely on cloud-native ML models trained using telemetry data from CrowdStrike Security Cloud combined with expertise from the company’s threat-hunting teams. IOAs are analyzed at machine speed using AI and ML, providing the accuracy, speed and scale enterprises need to thwart breaches.
“CrowdStrike leads the way in stopping the most sophisticated attacks with our industry-leading indicators of attack capability, which revolutionized how security teams prevent threats based on adversary behavior, not easily changed indicators,” said Amol Kulkarni, chief product and engineering officer at CrowdStrike.
“Now, we are changing the game again with the addition of AI-powered indicators of ttack, which enable organizations to harness the power of the CrowdStrike Security Cloud to examine adversary behavior at machine speed and scale to stop breaches in the most effective way possible.” AI-powered IOAs have identified over 20 never-before-seen adversary patterns, which experts have validated and enforced on the Falcon platform for automated detection and prevention.
AI and ML techniques enrich bot-based patch management with contextual intelligence. One of the most innovative areas of cybersecurity today is how the leading cybersecurity providers rely on a combination of AI and ML techniques to locate, inventory and patch endpoints that need updates. Vendors aim to Improve bots’ predictive accuracy and ability to identify which endpoints, machines and systems need patching when evaluating the need to take an inventory-based approach to patch management.
Ivanti’s exact survey on patch management found that 71% of IT and security professionals found patching overly complex and time-consuming, and 53% said that organizing and prioritizing critical vulnerabilities takes up most of their time.
Patch management needs to be more automated if it’s going to be an effective deterrent against ransomware. Taking a data-driven approach to ransomware helps. Nayaki Nayyar, president and chief product officer at Ivanti, is a leading thought leader in this area and has often presented how the most common software errors can lead to ransomware attacks. During RSA, her presentation on how Ivanti Neurons for Risk-Based Patch Management provides contextual intelligence that includes visibility into all endpoints, including those that are cloud- and on-premises based, all from a unified interface, reflects how advanced bot-based match management is coming using AI as a technology foundation.
Using AI and ML to Improve UEM for every device and machine identity. UEM platforms vary in how advanced they are in capitalizing on AI and Ml technologies when protecting them with least-privileged access. The most advanced UEM platforms can integrate with and help enable enterprise-wide microsegmentation, IAM and PAM. AI and ML adoption across enterprises happens fastest with these technologies embedded in platforms and, in the case of Absolute Software, in the firmware of the endpoint devices.
The same holds true for UEM for machine identities. By taking a direct, firmware-based approach to managing machine-based endpoints to enable real-time OS, patch and application updates that are needed to keep each endpoint secure, CISOs gain the visibility and control of endpoints they need. Absolute Software’s Resilience, the industry’s first self-healing zero-trust platform, is noteworthy for its asset management, device and application control, endpoint intelligence, incident reporting and compliance, according to G2 Crowds’ crowdsourced ratings.
Ivanti Neurons for UEM relies on AI-enabled bots to seek out machine identities and endpoints and automatically update them unprompted. Ivanti’s approach to self-healing endpoints is also worth noting for how well its UEM platform approach combines AI, ML and bot technologies to deliver unified endpoint and patch management at scale across a global enterprise customer base.
Additional vendors rated highly by G2 Crowd include CrowdStrike Falcon, VMware Workspace ONE and others.
Every enterprise’s zero-trust security roadmap will be as unique as its business model and approach. A zero-trust network access (ZTNA) framework needs to be able to flex and change quickly as the business it’s supporting changes direction. Longstanding tech stacks that sought security using interdomain controllers and implicit trust proved too slow to react and be responsive to changing business requirements.
Relying on implicit trust to connect domains was also an open invitation to a breach.
What’s needed are cloud-based security platforms that can interpret and act on network telemetry data in real time. CrowdStrike’s Falcon platform, Ivanti’s approach to integrating AI and ML across their product lines, and Microsoft’s approach on Defender365 and their build-out of the functionality on Azure, are examples of what the future of cybersecurity looks like in a zero-trust world. Gaining AI and ML-based insights at machine speed, as CrowdStrike’s new AI-powered IOA does, is what enterprises need to stay secure while pivoting to new business opportunities in the future.
VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Discover our Briefings.
Opinions expressed by Entrepreneur contributors are their own.
The working world is changing all the time, but one thing that seems here to stay in some capacity is flexible work. With so many people adopting digital nomad lifestyles, there has never been a better time to indulge your wanderlust. And if you want to travel, it makes sense to learn a new language.
Babbel is the world's top-grossing language-learning app, with more than ten million users worldwide, and you can currently get it for 60% off, no coupon needed. But that's coming to an end when the extended Cyber Monday offer closes at 11:59 p.m. Pacific on November 30—and the overall cost of Babbel is increasing, including the usual sale price. That means this is your last chance to get a lifetime of Babbel at one of the lowest prices we've ever seen.
Developed by more than 100 expert linguists, Babbel uses a straightforward, conversation-focused curriculum to help you learn to speak a new language in as little as one month. Through bite-sized lessons you can take in 10 to 15 minutes, you'll be able to converse confidently about practical syllabus like transportation, shopping, dining, and more. Speech recognition technology helps you Improve your pronunciation while personalized review sessions allow you to target improvement areas, whether you're a complete beginner or already a somewhat advanced speaker. Plus, you can always sync your progress to study offline.
Babbel has earned 4.5/5 stars on the Google Play Store and 4.6/5 stars on the App Store because customers love it, and critics agree. Babbel was named Fast Company's "most innovative company in education," and The Next Web calls it "one of the stalwarts of the online language-learning sphere."
Since Cyber Monday has been extended, it's your last chance to save $300 on lifetime access to all 14 languages in the Babbel library. But act fast because this deal ends tonight—and could sell out before then. Grab Babbel Language Learning for just $199 (reg. $499) for one last time.
Prices subject to change.
A cyber attack has disabled online learning and left telephone and email services down, Durham District School Board said Sunday.
Literacy tests have been cancelled for Monday and most student chromebooks will not work, the board said.
In a letter to parents and guardians, the school board said it was first made aware of the "cyber-incident" on Friday and that IT teams have been working throughout the weekend to restore the services affected.
"We have notified law enforcement and are working to investigate and understand the full impact of this incident," the board said in the letter.
The board says with computer systems down, attendance will be taken manually. It says parents have been notified that staff may not have access to emergency contact information.
Meanwhile, the board says it appreciates that this incident "raises a significant privacy concern," and it will be providing updates and sharing more information when it's available
KnowBe4 empowers end users by introducing security awareness and compliance training on the go at no additional cost
TAMPA, Fla., Nov. 28, 2022 /PRNewswire/ -- KnowBe4, the provider of the world's largest security awareness training and simulated phishing platform, today announced it is launching the new KnowBe4 Mobile Learner App to empower end users by introducing security awareness and compliance training on the go at no additional cost to customers, improving user engagement and strengthening security culture.
With a large majority of the world's population using smartphones today, mobile training revolutionizes the way people learn. This new app will enable end users to complete their security awareness and compliance training conveniently from their tablets or smartphones, giving them 24/7/365 access.
"The KnowBe4 Mobile Learner App is the first of its kind to launch in the security awareness and compliance training space, making it easier than ever to train users while subsequently strengthening an organization's security culture," said Stu Sjouwerman, CEO, KnowBe4. "This new app will enable IT and security teams to Improve engagement and completion rates for required training thanks to a seamless user experience. This will also help users to associate security with their personal devices, keeping it top of mind all the time rather than only when they are at work on their computers. We are making this substantial new capability available at no additional cost to all subscription levels as a show of our commitment to supporting our customers' security and human risk management objectives."
Based on subscription levels, KnowBe4 offers 100+ Mobile-First training modules that were designed specifically for mobile. The KnowBe4 Learner App supports push notifications for custom announcements, updates on assigned training as well as KnowBe4 newsletters.
The app is available for iOS and Android, and free to all KnowBe4 customers with a KnowBe4 training platform subscription. For more information, visit https://www.knowbe4.com/mobile-learner-app.About KnowBe4
KnowBe4, the provider of the world's largest security awareness training and simulated phishing platform, is used by more than 54,000 organizations around the globe. Founded by IT and data security specialist Stu Sjouwerman, KnowBe4 helps organizations address the human element of security by raising awareness about ransomware, CEO fraud and other social engineering tactics through a new-school approach to awareness training on security. Kevin Mitnick, an internationally recognized cybersecurity specialist and KnowBe4's Chief Hacking Officer, helped design the KnowBe4 training based on his well-documented social engineering tactics. Tens of thousands of organizations rely on KnowBe4 to mobilize their end users as their last line of defense.
Contact: Amanda Tarantino, firstname.lastname@example.org
View original content to obtain multimedia:https://www.prnewswire.com/news-releases/knowbe4-launches-new-mobile-learner-app-for-anytime-anywhere-cybersecurity-learning-301686458.html