Cybercrime, as everyone knows, is expanding exponentially and has become the greatest threat to business continuity making it everyone’s top priority. Roughly a trillion dollars has been invested in cybercrime solutions, yet breaches happen every 39 seconds. Private equity firm Thoma Bravo alone has reportedly invested 100 billion dollars into cybersecurity companies. Try to imagine a market with more investment and less success.

Cybercrime has doubled yearly for the past 5 years and has reportedly grown 349% this year alone, despite two thousand cybersecurity solutions in the market. With every breach that has occurred, firewall technology has been in place and failed.

President Joe Biden recently said, “Cyber threats can affect every American, every business regardless of size, and every community. That’s why my administration is marshalling a whole-of-nation effort to confront cyber threats.”

While I applaud his interest, our government cannot not stop cybercrime. And as you know it is not just a US problem but affects all businesses in all nations.

I left my position as CIO and cyber czar for the federal government determined to eradicate cybercrime so businesses can operate safely on the Internet. I believe the answer is to develop and implement a radically new approach that doesn’t replace existing firewalls – it enhances them so they can monitor and control ALL dangerous incoming and outgoing network traffic and deliver an unprecedented level of network protection that meets Zero Trust Architecture requirements.

The failures of all cybersecurity solutions to stop SolarWinds and thousands of other recent successful cyber breaches is obvious and getting worse every day.

I began my career as an IBM engineer on the first security solution for a mainframe, RACF. Later I worked on IBM’s first firewall. My education continued through many technology leadership roles, including multiple CTO and CEO positions at successful companies. During the Obama presidency, I was pulled out of retirement and appointed CIO and successfully defended a very huge agency for four years against 50,000 cyberattacks per day by implementing a new 10-layer cybersecurity architecture.

Because it was very complex and very expensive to operate and maintain, three things became apparent:

  1. Businesses can’t afford to pay the millions of dollars that the government was spends annually on cybersecurity.
  2. Stopping cybercrime will require real-time AI.
  3. Successful training and use of the new AI system will require having the correct data set of all Internet IPs to train the AI.

Zero Trust Architecture - The Right Approach

A recent MIT study reported that the number of Zero Day cyber-attacks doubled in 2020 and now accounts for more than sixty percent of successful cyberattacks in 2021. Relying on current endpoint and perimeter systems only results in understanding the critical need for a new technology to eradicate these threats.

The growing recognition of the importance of Zero Trust concepts led the National Institute of Standards and Technology (NIST) to publish an excellent paper in 2020 that includes a current, clear definition:

“Zero trust (ZT) provides a collection of concepts and ideas designed to minimize uncertainty in enforcing accurate, least privilege per-request access decisions in information systems and services in the face of a network viewed as compromised.” And thus, NIST endorses and promotes the use of Zero Trust for all businesses.

Traditional cybersecurity protections, whether client-based or perimeter-based, fail because they cannot identify and stop Zero Day and Malware-free attacks that represent the large majority of successful breaches in 2021. Cybercrime today is successfully executed by nation states like China, Russia, North Korea, and others who employ top PhDs who use supercomputers to develop and execute rapidly evolving and actively adapting attacks.

The core challenge of implementing a next-generation Zero Trust architecture is locking down access to critical resources without bringing the dynamic and constantly changing business workflows to a grinding halt. Success requires leveraging existing infrastructure, firewalls, that can be quickly enhanced to create the Zero Trust environment required for success.

Firewalls Have Insufficient Data

Why is data that documents every Internet site so vital?

In the 1990s, Stephen Paul Marsh at the University of Stirling wrote his doctoral thesis on computational security. It described a zero-trust security design at a time when the Internet was still in its infancy. No one foresaw trillions of Internet connections, all communicating dynamically with each other, which makes traditional zero-trust ineffective. With the almost unlimited number of IP addresses enabled by the deployment of IPv6 (2128 nodes), crawling the Internet to build a comprehensive mapping of trusted and untrusted sites is an overwhelming task and one thought to be impossible.

The hallmark of zero trust is simplicity. When every user, packet, network interface, and device is untrusted, protecting assets becomes simple.”  — John Kindervag recently in the WSJ 2021.

Yet no one has achieved this goal! While the concept may be simple the implementation is very complex, costly and difficult to achieve and cannot be done without AI.

Virtually all client and perimeter cyber protection solutions use a known list of addresses of bad actors. There are over 9 billion “active” IP addresses on the Internet today, and the number grows every second. Whether a vendor’s list contains a million or ten million bad IPs, it doesn’t begin to encompass the billions of bad IPs used by bad actors to attack businesses daily. Although every firewall vendor claims to stop cybercrime, every firewall is breached every single day. For example, no firewall or cybersecurity solution has proven to have stopped the Solarwinds breach or any of the other successful major breaches that impacted the world in the past twelve months.

Firewalls were created and designed by definition to be the network appliance that monitors and controls incoming and outgoing network traffic to keep your internal network safe. They have all failed because they work from a list of known bad actors that represents less than 1% of the dangerous IP addresses active on the Internet. And more importantly, they can never catch and stop Zero Day attacks.

AI The Great Equalizer

Most reports show that cybercrime lives on every network in the world for months to years without notice! They are only identified when they shut a company down, which they often never do. We must recognize that most cybercrime is executed silently, without a company ever knowing they were breached and infected. Cybercriminals steal source code and other company secrets from businesses in the background every single day without ever being noticed by IT departments. Ransomware on the other hand shuts a company down and thus gets noticed and reported. But ransomware is less than 30% of all cyber breaches. Most cybercrime never does anything to reveal it is on your network, silently stealing data. This is why the problem is so much bigger than most people realize!

Firewalls must be enhanced to inspect every unknown packet entering or exiting the network in real time using AI. Implementing a Zero Trust architecture using firewalls must advance from a manual, overwhelming process as performed by IT engineers today, to an AI-driven, automated solution that “knows” all trusted IPs.

Currently, verified and trusted IP addresses number more than 6 billion. Using AI, a master list of all legitimate IP addresses can be verified and continually reverified so organizations can safely connect to them without exposure to the billions of bad actors operating on the Internet. What we once thought was impossible, AI has and is continuing to make a reality. AI is changing our understanding of what is possible in a computing world.

“AI is an amazing renaissance.” Jeff Bezos, founder and CEO Amazon.

 PwC estimates that AI will add $15.7 trillion to the global economy by the end of the decade!

While thousands of examples of AI exist, self-driving cars is one of the most complex and successful AI proof points as thousands of self-driving vehicles operate on roads safely today. AI can do for cybersecurity what it has done for self-driving cars, self-flying planes, financial audits, and to most areas of technology.

© 2021 Jack B. Blount

Big Data Artificial Intelligence
Quantum Computing
Mobile Computing
Cloud Computing