Research company Gartner, describes preemptive security is an emerging but increasingly critical approach that aims to prevent and deter cyber attacks before they can launch or succeed, instead of responding to attacks already underway.
The company advocates that preemptive cyber security solutions incorporate capabilities to first, deny attackers the opportunity to initiate attacks or access desired resources, second, to disrupt ongoing attacks as they occur and third to deceive attackers to divert them from critical assets.
Today’s attack surface has evolved from a perimeter-based concept to a global view of all possible entry points. The global attack surface grid comprises the complex network of physical and digital technology assets and resources that span the globe and represent all potential entry and pivot points where a threat actor might attempt to compromise, manipulate or control these assets and resources for malicious intent.
Gartner’s Managing Vice President, Carl Manion, urges product leaders to act to avoid the potential of damaging market-share losses if they fail to develop preemptive cyber security solutions. Manion says that AI puts cyber attacks in overdrive. Traditional detection-and-response cyber security methods can’t keep up with the surging threats from bad actors leveraging AI. Preemptive cyber security solutions defend more effectively within the emerging global attack-surface grid against these more sophisticated AI-enabled attackers.
Gartner has developed a unique collection of guidance for product leaders competing within and across the layers of the modern AI tech stack. Leveraging AI capabilities to defend against a rapidly expanding attack surface.
The active exploitation of a “zero-day vulnerability” is where attackers find and exploit previously unknown software vulnerabilities before software vendors and end-users have a chance to identify and patch them (giving them “zero days” to respond).
Preemptive cyber security technologies build resilience against such attacks by focusing on prevention, not reaction. And as the AI vendor race heats up, Gartner expects that by 2030, preemptive cyber security solutions will make up 50% of IT security spending, replacing traditional “stand-alone” detection-and-response solutions as the preferred defense against cyberthreats.
According to Gartner, these solutions must:
● Deny entry with a preemptive shield – Bar intruders from accessing emerging technology solutions within the global attack surface grid by using a combination of automated exposure management and advanced obfuscation technologies, which can continuously find and patch vulnerabilities while concealing code and sensitive data with advanced encryption techniques. This renders assets and resources invisible to attackers through cloaking and advanced segmentation enclaves.
Advanced obfuscation technologies align with zero-trust principles by assuming that threats can originate internally and externally, and requiring explicit verification for access. They don’t just deny unauthorised access; they identify potential threats more quickly and accurately.
These technologies represent a unique control point for accessing sensitive data in protected environments, offering real-time observability. They act as an early detection system for unauthorized access attempts or tampering. Advanced obfuscation is critical for organisations seeking resilience against ransomware, advanced persistent threats (APTs) and AI-driven cyberattacks.
● Deceive bad actors – Use decoys, misdirection and illusion to throw malicious actors off the scent. For example using, advanced cyber deception (ACD) solutions to leverage a variety of deceptive elements to lure attackers away from critical systems and essentially create a “cyber minefield” for attackers. These platforms create realistic decoys, such as fake servers, applications or files, that mimic production systems, enticing attackers to interact with them. By analysing attacker behavior on these decoys, organisations can then quickly gain valuable insights into attacker tactics and techniques and then use that information in real-time to immediately improve their overall security defenses.
Automated moving target defence (AMTD) solutions operate by constantly changing a system’s configuration, making it a “moving target” for attackers. This can involve randomising memory addresses, altering network configurations or modifying software components. AMTD leverages automation to dynamically adjust system configurations, ensuring a continuous and unpredictable environment. This often involves artificial intelligence and machine learning to adapt to intelligence collected on new emerging threats and optimise defense strategies. To further deceive attackers, AMTD is often combined with the use of advanced cyber deception to add even more layers of “moving targets”.
● Disrupt attacks – Anticipate and prepare for emerging threats rather than waiting for attacks and then doing damage control after the fact. For example using, predictive threat intelligence (PTI), platforms that continuously collect information from a wide variety of sources — like security alerts, public online discussions, the “dark web” and records of past cyber attacks. Then, using a combination of advanced analytics, AI and machine learning, PTI solutions sift through all that data to spot emerging threats, understand how hackers operate and find weaknesses before they can be exploited. PTI platforms can also predict which threats are most likely to target your specific organisation. They do this by considering things like what business you’re in, the technology you use, and how visible you are online. With these predictions, your organization can address vulnerabilities and exposures to boost your defenses before an attack even happens, keeping your digital assets much safer.
● Automated exposure management: These solutions offer capabilities for continually assessing attack surfaces and prioritizing vulnerabilities and exposures for remediation. In today’s complex technology environment — spanning multicloud, hybrid infrastructure and AI-enabled emerging technologies — managing vulnerabilities manually in a timely manner is impossible. Automated exposure management tools offer scalable, continuous monitoring across all parts of this environment. The automation assures real-time, contextualised insights into an organisation’s exposure landscape. This allows more informed threat hunting, more accurate risk prioritisation and more timely, actionable guidance for remediation.
Gartner urges product leaders to become fluent in preemptive cyber security capabilities and protocols to ensure products, and their pricing, deliver customer value and contribute to growth.
