Cyber-attacks have been in the headlines nearly every week since the attack on Target Corporation in 2013. Attacks on Anthem, U.S. Office of Personnel Management and countless others have ensured awareness of cyber-attacks by people of all walks of life.
Even though business leaders and government officials have prioritized cybersecurity, it seems diametrically opposed with most citizens’ increasing desire for more privacy. The US public is well aware of Patriot Act section 215, which made headlines earlier this year, as well as other surveillance programs designed to protect while also providing access to the content citizens read on the Web or send via text message and email.
Are cybersecurity and privacy mutually exclusive, or is it possible to have both?
A quick analysis of the commercial solutions available from well-known cybersecurity suppliers provides valuable insight.
- Next-generation firewalls require access to the unencrypted contents of network messages going to and from the Internet to find exploits and malware used by cyber-attackers.
- Intrusion Detection Systems (IDS) and Intrusion Protection Systems (IPS) devices need to inspect the unencrypted contents of network messages to match bytes of data with signatures of exploits and malware, as well as match Internet addresses and Web URLs with reputation lists to detect cyber- attacks
- Antivirus software performs in much the same manner as IDS/IPS, but on an endpoint computer rather than on a network device at the Internet boundary.
- Malware sandboxes must be able to open unencrypted files (e.g., PDF, MS Office) and run unencrypted executable files to find active threats and malware.
The market will spend more than $14 billion dollars on these systems that can only protect by prying. This begs the question of whether it is technically possible to “protect without prying?”
The answer is yes when utilizing data science, machine learning and behavioral analysis of raw network traffic to identify cyber attacks