Negative space is not a common term, but if you spend time researching a company logo or graphic design, you will hear it. “Negative space” is the space between and around objects in the design. Talented artists look for opportunities to create additional meaning or hide Easter eggs when creating logos, choosing fonts and letter spacing in company names.
One of the most famous examples of negative space is the FedEx logo. The logo design team realized that by choosing a specific font and letter spacing, they could create an arrow between the letters E and X. For a company that is always delivering products to customers, the arrow is a symbol of perfection. The story goes like this. During the first design review, only the CEO immediately saw the arrow, while the rest of the team did not see it. Maybe, even after all these years, you missed it.
Many people saw what they expected to see, but missed what was staring at them. Since they don’t see things in their full context, people see things like FedEx arrows and other negative space objects as blind spots. Once someone points out the negative space, people’s blind spots usually disappear and the whole picture can be seen.
Cyber security and blind spots
Network security is full of blind spots, but the consequences are more serious than missing hidden marketing messages. In the field of network security, whether it is from economically driven hackers or hostile nation-states, they are constantly looking for the next attack before it is too late. In response to these attacks, many companies did what they thought they should do: build a library of known attacks, also known as signatures. They then compare network traffic or event logs with these signatures to try to match previous events with what is happening on the network.
This method initially achieved some success, but the hacker quickly changed the attack method to avoid matching known signatures. The cybersecurity industry’s response has been pattern matching and sophisticated attempts to interpolate between what happened and determining whether the attack is very similar to anything they have seen before. This is a statistical rolling of dice, sometimes using tools such as neural networks.
The pursuit of larger and larger signatures and rule sets is accompanied by cost inflation and runtime inefficiencies. Marketing is trying to treat it as a good thing, using the “bigger is better” value proposition to market the largest, largest, or most complex database (or data lake) known in the past with signatures. The weekly updates provide more false assurances that you are always protected.
Zero day destroys the “bigger is better” approach
The problem is that this method has a blind spot, that is, bad guys are using adversarial artificial intelligence (AI) to develop attacks that do not match historical signatures, and the method will not be detected by signatures or signature variants.
These novel attacks take the SolarWinds attack at the end of 2020 and other “zero-day” attacks as examples. They are called so because they were not known before being included in the threat list. Network security provider FireEye stated that it was unable to effectively alert SolarWinds attacks because the hackers “used a new combination of technologies that we or our partners had not seen in the past.” As a result, the attack was able to bypass its defenses.
So, if you don’t know what something or something close to it looks like, how do you find it?
Like the FedEx logo, the answer is right in front of you. The solution is to change the way you see everything you see.
In cybersecurity, this means that in order to identify threats you have never seen before, you must change how is it You are looking for threats.Instead of looking for what you think is an attack, it’s better to check all Is not Normal behavior. If you promote abnormal content, you will check for all anomalies, including attacks that you have seen and have not seen before.
Just like in real life, sometimes seeing an unexpected arrow will point you in the right direction.
Matt Shea serves as the federal head of MixMode, a “third wave artificial intelligence” (provided by DARPA) company whose products involve cyber security.With more than 20 years of experience in the technical field, Matt has conceived, built and developed breakthrough solutions that integrate… View complete biology