These days, the threat of cyberattacks is a major concern for businesses of all sizes, and organizations are putting a lot of money into cybersecurity. However, I believe that relying on prevention and detection/response isn’t enough. As a founder and business owner myself, as well as an IT industry professional, I’m advocating for a shift to a preemptive approach as a more effective way to handle cybersecurity. In this article, I’ll explain my reasoning, drawing from my own experiences, and how the innovative approach we’ve developed at BforeAI helps to meet this growing need.

Read our new Manifesto

The Limitations of the Traditional Framework

I have worked in IT and cybersecurity for 30 years, so I’ve been a first hand witness to how the industry often operates with a “victim mentality,” where organizations mostly react to attacks after they happen. While preventative measures like firewalls and EDR (endpoint detection and response) software are necessary, they approach the problem in a generic way and often fail against new and complex threats. That said, detection and response alone seems like “accepting to be a victim,” as it only focuses on blocking attacks after they start (how else would you detect them?), leaving organizations open to exploits and novel attack methods. I’ve observed that the industry’s focus on detection and response is essentially a reactive stance, and I believe that it’s unhealthy. Nobody likes to be a victim and so we should do more to take control of our defenses.

The Case for Preemption

What is deficient in this industry is a preemptive approach, which, to me, means identifying and stopping specific threats before they can cause any damage. This strategy, which was inspired by the idea of “pre-crime” from the movie Minority Report, is the foundation of BforeAI. PreCrime™, our technology, uses advanced predictive analytics to capture the network metadata of the entire Internet, finding malicious infrastructure as it’s being set up by cyber criminals. We often describe what we are doing as a “weather forecast system” for the Internet, since we analyze behavior patterns to predict where attacks will start.

Some of the benefits of adopting predictive security technology:

• Preemptive Disruption and Takedown: By blocking access to malicious infrastructure before it can be used, organizations can avoid the chaos and costs of cyberattacks. This includes different kinds of attacks like ransomware, data leaks, and malware.
• Cost Savings: In my experience, preemption is more cost-effective because it reduces the need for costly fixes, forensics, and incident response. When you block attacks before they occur, you save a lot of money that would otherwise be spent reacting to a breach.
• Reduced Strain on Security Teams: Based on what we’ve seen with our customers,  preemption allows security teams to concentrate on the most important threats that cannot be predicted. By reducing the number of alerts, preemption also cuts down on the resources needed for security.
• Improved Morale: Preemption allows cyber security teams to feel more in control and less like they’re the victims of attacks, which helps reduce burnout.

How BforeAI Achieves Preemption

The technology we have built at BforeAI is the result of years of research, and it uses different AI algorithms, such as supervised learning, machine learning, and predictive analytics (no GenAI was used in the making of BforeAI 😇). Our system analyzes humongous amounts of data from the internet, spotting behavior patterns linked to malicious infrastructure. The data we collect includes things like:

• DNS (Domain registration information, changes in name servers, configuration evolution over time)
• BGP, ASN (Routing and IP address allocations), traffic patterns, announcements
• And proprietary calculation on jumping hosts, cloud configuration, and other metadata

By watching these parameters over time, our system maps behaviors and can accurately predict if an infrastructure is likely to be used for malicious purposes, often weeks or months before an actual attack. This allows us to give our customers valuable intelligence, enabling them to block these threats preemptively. Our system also gets better over time, learning from mistakes and becoming more effective.

Key differentiators of BforeAI’s approach

• Predictive Attack Intelligence: At BforeAI, we focus on identifying future attack vectors, rather than reacting to active ones. This is a new kind of intelligence, “predictive attack intelligence” is what we call it.
• Impersonation Protection: We protect brands and customers from attacks using fake domains, fake social media accounts, phishing, credential theft, and account takeovers.
• Disruption and Takedowns: We don’t just identify threats. We actively disable and take down malicious infrastructure, preventing attacks from happening.
• High Accuracy: We guarantee a high level of prediction accuracy, with a false positive rate of less than 0.05%. We back this guarantee with a guarantee policy from Munich Re, which covers the costs of an attack if we are wrong.
• No Customer Data Required: Our technology works independently of the customer’s network. We use data collected from the internet, meaning that no internal data needs to be shared.

Real-World Impact

I’m proud to say that BforeAI is already making a significant impact. Our intelligence is preventing tens of millions of victims per day. We mainly work with commercial clients across sectors such as manufacturing, finance, retail, and critical infrastructure.

Although our current focus is on commercial clients, we also contribute our data to organizations like CISA (Cybersecurity and Infrastructure Security Agency)  JCDC (Joint Cyber Defense Collaborative) to protect critical infrastructure. As we continue to grow, I predict (pun intended) we’ll be more enlisted for government partnerships.

The Future of Cyber Security

I believe that the cybersecurity industry needs to move past simply relying on detection and response. We should aim for a better balance with prediction and preemption. While detection and response are necessary, they shouldn’t be the “end-all” of cybersecurity. We need to shift our mindset so that organizations see themselves as active participants in their own defense, rather than just passive victims.

Based on recent trends, one of the biggest threats in cybersecurity appears to be the rise of realistic deepfakes, which make it much harder to spot impersonation attacks. At BforeAI, we’re adapting our pre-crime technology to identify human behaviors in order to combat this threat.

It’s also important to emphasize the value of using different security measures like DNSSEC, TLS certificates, and other methods to reduce the attack surface. I also recommend that organizations focus on securing their own domains first, before worrying about external impersonation.

What does this all mean?

The main takeaway from all this: preemption is not just better; it’s a necessary step forward. By using predictive AI, BforeAI is helping organizations move from a reactive to a proactive position, reducing the impact of cyber attacks and creating a more secure digital world. As the threat landscape becomes more complex, a shift towards preemptive strategies will be essential for organizations that want to stay ahead of cyber criminals.

Want to learn more? Read our Manifesto on the future of predictive security!

By Luigi Lenguito, Founder and CEO of BforeAI