How to stand out in Cybersecurity? Put a human in the loop

Today’s global cybersecurity market is vast and crowded with thousands of vendors arrayed across more than 280 product categories. If we limit our discussion to only anti-virus / endpoint security, there are still 74 suppliers vying for your attention and dollars in your IT security budget.  

This still substantial cadre of companies can be further segmented into two camps:

• “legacy” solutions, that scan media and memory for known malware and try to quarantine it, and 
• newer “next-generation” or “legacy replacement” solutions that variously attempt to pre-empt the ingress and execution of malware known and unknown (zero day), increasingly employing AI and ML along the way.

It amazes me how even a US $7B market can withstand this level of fragmentation. It bewilders me even more how CISOs and enterprise IT teams can make meaningful decisions to commit to such a business-critical security function from a field populated by myriad work-alikes and legacy tech. Surely, consolidation and attrition lurk in coming quarters; nonetheless every year the ES / AV space sees new entrants and new spins on essentially the same approach to cybersecurity, with very limited ROI, for VCs that back new cybersecurity ventures, and for those companies’ customers. The world is still rife with malware, and despite the best efforts of most of the IT security industry, black hat code is still infecting, attacking and costing companies millions to billions of dollars annually.

Here at Comodo, we don’t just want to stand out; our goal is to stop all malware in its tracks, on the desktop, in the data center, across corporate networks, on the web and in the cloud. And we are succeeding, not by depending on emerging AI and ML (which we also employ, to great effect) but by (re)introducing human intelligence into the equation.

What does it mean to “put a human in the loop”?  

First, we don’t force our users to choose between default-deny or default-allow policies. When executables come onto machines and networks, our cloud-based Valkyrie renders a verdict on the status of apps and scripts, 95% of the time within 45 seconds. Whitelisted apps and scripts run unencumbered. Everything else is contained – users can still run unknown software (and if they choose, even known malware) safely, without risk to their machines, company networks and data assets.

Second, even as we deploy AI and ML to improve accurate verdicting, we also acknowledge the limitations of machine intelligence. Turing’s Halt Problem and other proofs tell us that an algorithm cannot predict the behavior of another algorithm; ES / AV, even with AI, cannot reliably judge whether novel code is malware or benign.  

Finally, for that 5% of the time that Valkyrie declines to verdict, what do we do?  We put a human in the loop. Actually, a whole team of really smart humans, who take over the verdicting process to deliver results you can trust, in a timely fashion, under an SLA your lawyers will love.

So stop relying on twenty-year-old AV technology. And stop worrying if your “next generation” AV / ES solution is smart enough to face today’s malware onslaught. Instead, put a human in the loop, with Comodo.