CyberSecurity Future: Humans & Machines Work Symbiotically

cybersecurity.jpg?fit=780%2C9999Cybersecurity's future will require humans and machines to work symbiotically.

In yesterday’s world of enterprise security, there were a few well-known points of weakness for the bad guys to target in their attacks, which made defending against threats, well, much simpler. But today’s mobile and cloud-enabled world offers thousands, if not millions, of touch points for attacks.

Driven by the advent of the Internet of Things, connected cars, homes, retail sensors, watches, cameras, utility meters, and more, over 40.9 billion connected devices are expected to be in use within five years, nearly five times the 8.7 billion connected devices recorded in 2012. That is the primary reason for a massively expanding attack surface. 
As a result, we predict the surface area for potential cyber attacks will grow 10x larger from 2010 to 2020. Although companies are building their own security solutions to help them detect and mitigate attacks at the earliest possible stages, as time goes on and more devices get shared across contexts by multiple users. That means the methods by which attacks will be perpetrated will multiply. The modern enterprise lives across the cloud, mobile devices, and the Internet of Things, which means the approaches we previously used to defend against cyber threats are no longer viable.

There are a couple of bills under debate in the U.S Congress that, if enacted, will enhance the flow of information about hackers’ tactics between the government and the private sector, particularly among financial institutions. Both sides need more data on the dangers they face, and sharing threat-related information is a good way to increase security while also potentially reducing corporate liability.

Among consumer-facing companies, Facebook is a few steps ahead of the curve. The company proactively launched ThreatExchange, a new API-based platform for sharing security threat information. Its early partners include Bitly, Dropbox, Pinterest, Tumblr, Twitter, and Yahoo.

Mark Hammell, manager of the threat infrastructure team at Facebook, explains Facebook’s motivation: “Our goal is that organizations anywhere will be able to use ThreatExchange to share threat information more easily, learn from each other’s discoveries, and make their own systems safer. That’s the beauty of working together on security. When one company gets stronger, so do the rest of us.”

Given the evolution of cyber threats, security needs to be addressed, with a collaborative, distributed systems mindset centered on protecting identities. Identity is a concept in modern consumer-facing digital services that aims to track and understand people across various devices they used based on their preferences, relationships, attributes, and interests.
Modern consumer platforms own the identities of their users, but many enterprises still use homegrown identity platforms that they can’t scale across their security products. These stacks don’t track privileges, relationships, or the context of user interactions.
Without a better understanding of identity, security professionals will have a hard time detecting and predicting attacks at scale, which is why today’s monolithic security products need to be rebuilt with identity at the core of a distributed system. 
A ton of data is being collected and monitored across security systems around the globe without any substantial analysis. As a result, that data is not being put to any use in protecting against attacks.

Currently, security analysts are responsible for reviewing an incredible amount of data —both internal and external. And while more and more data inputs are coming in, enterprise security continues to rely on the same straightforward human resources.
In most enterprise settings, security data gets collected and correlated in SIEM (Security Incident and Event Management) products made by Splunk, LogRhythm, and others, and it ends up overwhelming the security analysts tasked with making sense of it. For example, one of the world’s largest banks plans to double its security professional staff to analyze and triage events—but that’s not going to stop it from being attacked. This huge demand for security professionals is a problem that is not just relegated to the big banks, either.

The real leverage in security will come with technology that can detect, prioritize and act against the millions of threats enterprises face on a daily basis. Unfortunately, today’s systems are not smart enough to determine which events and vulnerabilities need attention now.

When Target was attacked, the system detected it, but the security first responders didn’t see the alerts because there was no system in place to prioritize threats, characterize the cost of the impact, and force a response.
A defense built upon supervised machine learning and AI could resolve countless mundane attacks itself, so that security analysts could focus on the high-priority threats that matter most. Human expertise is always necessary to deal with the “unknown unknowns,” but having a machine act on behalf of humans for the high-volume, low-priority events could free up the humans to focus on high-priority events during an emergency.
We often think of the future as a battle for control between humans and machines, but in the world of security, we need a symbiotic relationship. The only way we can solve this problem is if humans train machines to do basic functions so that they can do the more important work.

To give one example already in use today, Google’s PageRank algorithm shows search results based on what links a user clicks most often — and then uses that data to inform what it shows the next person. Security platforms need to implement the same kind of supervised machine learning so that humans can teach the machines what to look for when assessing immediate threats and anomalies.

This structure will also provide a new weapon to defend our online borders. Based on deep learning and supervised AI, security professionals will get to the information that matters most before the attacks actually happen. A human expert would be hard pressed (actually, it would be impossible) to deliver the kinds of results needed for today’s complex security environment, but a new AI-armed security force would not only identify what has been compromised but also have the ability to quickly isolate the attack and prevent further harm.
It’s clear that the definition of security is changing from reactive to proactive, and it is one of the most exciting growth areas

of computer science. Enterprise security, which is a $76.9 billion dollar market today, is expected to grow to $86 billion by 2016, and whereas only 10 percent of enterprise security budgets are allocated to real-time detection and response at present, that’s expected to jump to 60 percent by 2020. I have been thinking a lot about the opportunities that now exist for entrepreneurs, as well as for my firm, Foundation Capital.
Tackling these opportunities is an enormous task, but it’s also going to be incredibly thrilling work. The way I see it, there are three key areas that we need to address in order to protect the world from evolving security threats. If you are thinking about starting a security company, one of these categories might be a good place to start.
            Identity-Based Distributed Firewalls Fully distributed firewall services that act based on identity and application-level context. The last great firewall company, Palo Alto Networks, was created over 10 years ago, and the world has changed considerably since then. Centralized firewalls sitting in the DMZ are no longer the answer.
            Security Operations Centers for the Cloud Blending cloud and on-premise security platforms that help enterprises better understand and manage incidents across traditional on-premise apps and modern cloud apps with a single tool. This unified approach is what every company should be striving for in the coming years.
            Security Orchestration Enterprises spend millions on consulting services from companies like Mandiant and Verizon for outsourced security services and advanced forensic analysis. Providing enterprises with new tools that enable the average security professional to do detective-style forensic investigation without the expense of outside consultants will be huge.
As the world becomes more connected and our vulnerability increases, the need for more comprehensive security will become imperative for everyone from small businesses to multinational corporations—and, of course, for their customers. The opportunity is staggering.
VB: http://bit.ly/1HrFSNT

 

 

« Assange says NSA intercepts 98% of S. American Coms
4 Signs a Board thinks Security is Better than it Is »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Oracle Cloud Security

Oracle Cloud Security

Oracle’s cloud security solutions enable organizations to implement and manage consistent security policies across the hybrid data center.

Gurucul

Gurucul

Gurucul predictive security analytics protects against insider threats, account compromise and data exfiltration on-premises and in the cloud.

Ivanti

Ivanti

Ivanti provide user-centered IT solutions designed to increase user productivity while reducing IT security risk.

SANS CyberStart

SANS CyberStart

SANS CyberStart is a unique and innovative suite of tools and games designed to introduce children and young adults to the field of cyber security.

totemo

totemo

Totemo offers solutions for the secure exchange of business information.

Sera-Brynn

Sera-Brynn

Sera-Brynn is one of the highest-ranked, pure-play cybersecurity compliance and advisory firms in the world.

Verafin

Verafin

Verafin is one of the North American leaders in fraud detection and AML software.

Langner

Langner

Langner is a software and consulting firm specialized in cyber security for critical infrastructure and large-scale manufacturing.

Marvell Technology Group

Marvell Technology Group

Marvell is a semiconductor company providing solutions for storage, processing, networking, security and connectivity.

Council of Europe Convention on Cybercrime

Council of Europe Convention on Cybercrime

The Council of Europe helps to protect societies worldwide from the threat of cybercrime through the Convention on Cybercrime.

Innovation Cybersecurity Ecosystem at BLOCK71 (ICE71)

Innovation Cybersecurity Ecosystem at BLOCK71 (ICE71)

Innovation Cybersecurity Ecosystem at BLOCK71 (ICE71) is Singapore's first cybersecurity entrepreneur hub.

Amadeus Capital Partners

Amadeus Capital Partners

Amadeus Capital Partners offers over 20 years’ experience in technology investment. Our areas of focus include AI & machine learning and cyber security.

NDK InfoSec

NDK InfoSec

NDK InfoSec is a specialist Information Security and Cyber Security search firm. We're not just a security function in a larger generalist recruitment company.

Mindsight

Mindsight

Mindsight is a technology consulting firm with expertise from cybersecurity to cloud, disaster recovery to infrastructure, and collaboration to contact center.

Allentis

Allentis

Allentis provide adapted solutions to ensure the security and performance of your information system.

Axiata Digital Labs

Axiata Digital Labs

Axiata Digital Labs is the technology hub of Axiata Group Berhad Malaysia which is one of the leading groups in telecommunication in Asia.