The Internet provides access to various pieces of information, applications, services, and the like for publishing information. Today, the Internet has significantly changed the way we access and use information. The Internet allows users to quickly and easily access services such as banking, e-commerce, e-trading, and other services people access in their daily lives.
In order to access such services, a user often shares his personal information such as name; contact details; highly confidential information such as usernames, passwords, bank account numbers, and credit card details; and so on with service providers. Similarly, confidential information of companies such as trade secrets, financial details, employee details, company strategies, and the like are also stored on servers that are connected to the Internet. There is a threat that confidential and/or personal information will be accessed by hackers using unauthorized access methods. Specifically, such methods include, for example, using malware, viruses, spyware, key loggers, compromised remote desktop services, and the like.
Recently, the frequency and complexity level of attacks has increased with respect to attacks performed against all organizations including, but not limited to, cloud providers, enterprise organizations, and network carriers. Some complex attacks, known as multi-vector attack campaigns, utilize different types of attack techniques to identify weaknesses in the target network and/or application resources. Identified weaknesses can be exploited to achieve the attack's goals, thereby compromising the entire security framework of the network.
One example for a relatively new type of multi-vector attack campaign is an advanced persistent threat (APT). An APT is an attack in which an unauthorized hacker gains access to a network and remains undetected for a long period of time. Due to the complexity of multi-vector attack campaigns, such attacks are frequently successful and are not detected by current security solutions. This is due to the fact that current security solutions are not sufficiently agile and adaptive with respect to detection, investigation, and mitigation of resources needed to meet such evolving threats. Specifically, this is due to the fact that current security solutions cannot easily and promptly adapt to detect and mitigate new attack behavior or attacks that change their behavior in a significant manner in order to bypass the security.
In addition, security solutions and, in particular, solutions for APT attacks, do not provide reliable automatic decision-making capabilities. Typically, security solutions are not designed for both detection and automatic decision-making. In addition, system administrators do not trust currently available security solutions' designs to mitigate complex attacks due, in part, to the high level of false positive alerts generated by such systems because of inaccurate mitigation control. As a result of such false positive alerts, system administrators often manually perform decision-making processes rather than permit automatic decision-making, which usually increases the time needed to mitigate attacks.
Moreover, current solutions cannot predict potential risks such as future activities that are associated with pre-attack intelligence gathering, malware propagation, data breach, and exfiltration of data. Current solutions also suffer from a lack of situational awareness of the main risks and loss potential that attacks can impose on a business. Furthermore, due to the lack of automatic decision-making, investigation, remediation and/or mitigation actions are not well defined and prioritized, thereby resulting in inefficient utilization of security resources such as investigation resources and mitigation resources.
It would therefore be advantageous to provide a security solution that would overcome the deficiencies of the prior art.