CyberSecurity Future: Humans & Machines Work Symbiotically

cybersecurity.jpg?fit=780%2C9999Cybersecurity's future will require humans and machines to work symbiotically.

In yesterday’s world of enterprise security, there were a few well-known points of weakness for the bad guys to target in their attacks, which made defending against threats, well, much simpler. But today’s mobile and cloud-enabled world offers thousands, if not millions, of touch points for attacks.

Driven by the advent of the Internet of Things, connected cars, homes, retail sensors, watches, cameras, utility meters, and more, over 40.9 billion connected devices are expected to be in use within five years, nearly five times the 8.7 billion connected devices recorded in 2012. That is the primary reason for a massively expanding attack surface. 
As a result, we predict the surface area for potential cyber attacks will grow 10x larger from 2010 to 2020. Although companies are building their own security solutions to help them detect and mitigate attacks at the earliest possible stages, as time goes on and more devices get shared across contexts by multiple users. That means the methods by which attacks will be perpetrated will multiply. The modern enterprise lives across the cloud, mobile devices, and the Internet of Things, which means the approaches we previously used to defend against cyber threats are no longer viable.

There are a couple of bills under debate in the U.S Congress that, if enacted, will enhance the flow of information about hackers’ tactics between the government and the private sector, particularly among financial institutions. Both sides need more data on the dangers they face, and sharing threat-related information is a good way to increase security while also potentially reducing corporate liability.

Among consumer-facing companies, Facebook is a few steps ahead of the curve. The company proactively launched ThreatExchange, a new API-based platform for sharing security threat information. Its early partners include Bitly, Dropbox, Pinterest, Tumblr, Twitter, and Yahoo.

Mark Hammell, manager of the threat infrastructure team at Facebook, explains Facebook’s motivation: “Our goal is that organizations anywhere will be able to use ThreatExchange to share threat information more easily, learn from each other’s discoveries, and make their own systems safer. That’s the beauty of working together on security. When one company gets stronger, so do the rest of us.”

Given the evolution of cyber threats, security needs to be addressed, with a collaborative, distributed systems mindset centered on protecting identities. Identity is a concept in modern consumer-facing digital services that aims to track and understand people across various devices they used based on their preferences, relationships, attributes, and interests.
Modern consumer platforms own the identities of their users, but many enterprises still use homegrown identity platforms that they can’t scale across their security products. These stacks don’t track privileges, relationships, or the context of user interactions.
Without a better understanding of identity, security professionals will have a hard time detecting and predicting attacks at scale, which is why today’s monolithic security products need to be rebuilt with identity at the core of a distributed system. 
A ton of data is being collected and monitored across security systems around the globe without any substantial analysis. As a result, that data is not being put to any use in protecting against attacks.

Currently, security analysts are responsible for reviewing an incredible amount of data —both internal and external. And while more and more data inputs are coming in, enterprise security continues to rely on the same straightforward human resources.
In most enterprise settings, security data gets collected and correlated in SIEM (Security Incident and Event Management) products made by Splunk, LogRhythm, and others, and it ends up overwhelming the security analysts tasked with making sense of it. For example, one of the world’s largest banks plans to double its security professional staff to analyze and triage events—but that’s not going to stop it from being attacked. This huge demand for security professionals is a problem that is not just relegated to the big banks, either.

The real leverage in security will come with technology that can detect, prioritize and act against the millions of threats enterprises face on a daily basis. Unfortunately, today’s systems are not smart enough to determine which events and vulnerabilities need attention now.

When Target was attacked, the system detected it, but the security first responders didn’t see the alerts because there was no system in place to prioritize threats, characterize the cost of the impact, and force a response.
A defense built upon supervised machine learning and AI could resolve countless mundane attacks itself, so that security analysts could focus on the high-priority threats that matter most. Human expertise is always necessary to deal with the “unknown unknowns,” but having a machine act on behalf of humans for the high-volume, low-priority events could free up the humans to focus on high-priority events during an emergency.
We often think of the future as a battle for control between humans and machines, but in the world of security, we need a symbiotic relationship. The only way we can solve this problem is if humans train machines to do basic functions so that they can do the more important work.

To give one example already in use today, Google’s PageRank algorithm shows search results based on what links a user clicks most often — and then uses that data to inform what it shows the next person. Security platforms need to implement the same kind of supervised machine learning so that humans can teach the machines what to look for when assessing immediate threats and anomalies.

This structure will also provide a new weapon to defend our online borders. Based on deep learning and supervised AI, security professionals will get to the information that matters most before the attacks actually happen. A human expert would be hard pressed (actually, it would be impossible) to deliver the kinds of results needed for today’s complex security environment, but a new AI-armed security force would not only identify what has been compromised but also have the ability to quickly isolate the attack and prevent further harm.
It’s clear that the definition of security is changing from reactive to proactive, and it is one of the most exciting growth areas

of computer science. Enterprise security, which is a $76.9 billion dollar market today, is expected to grow to $86 billion by 2016, and whereas only 10 percent of enterprise security budgets are allocated to real-time detection and response at present, that’s expected to jump to 60 percent by 2020. I have been thinking a lot about the opportunities that now exist for entrepreneurs, as well as for my firm, Foundation Capital.
Tackling these opportunities is an enormous task, but it’s also going to be incredibly thrilling work. The way I see it, there are three key areas that we need to address in order to protect the world from evolving security threats. If you are thinking about starting a security company, one of these categories might be a good place to start.
            Identity-Based Distributed Firewalls Fully distributed firewall services that act based on identity and application-level context. The last great firewall company, Palo Alto Networks, was created over 10 years ago, and the world has changed considerably since then. Centralized firewalls sitting in the DMZ are no longer the answer.
            Security Operations Centers for the Cloud Blending cloud and on-premise security platforms that help enterprises better understand and manage incidents across traditional on-premise apps and modern cloud apps with a single tool. This unified approach is what every company should be striving for in the coming years.
            Security Orchestration Enterprises spend millions on consulting services from companies like Mandiant and Verizon for outsourced security services and advanced forensic analysis. Providing enterprises with new tools that enable the average security professional to do detective-style forensic investigation without the expense of outside consultants will be huge.
As the world becomes more connected and our vulnerability increases, the need for more comprehensive security will become imperative for everyone from small businesses to multinational corporations—and, of course, for their customers. The opportunity is staggering.
VB: http://bit.ly/1HrFSNT

 

 

« Assange says NSA intercepts 98% of S. American Coms
4 Signs a Board thinks Security is Better than it Is »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

WEBINAR: 2024 and Beyond: Top Six Cloud Security Trends

WEBINAR: 2024 and Beyond: Top Six Cloud Security Trends

April 4, 2024 | 11:00 AM PT: Join this webinar to find out about six emerging trends dominating the cloud cybersecurity landscape.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Sapphire

Sapphire

Sapphire deliver flexible and scalable cybersecurity solutions, helping organisations to detect, protect, respond and remediate against cyber threats.

Waterfall Security Solutions

Waterfall Security Solutions

Waterfall Security is focused on protecting critical infrastructure and industrial control systems from remote online cyber attacks,

Advenica

Advenica

Advenica develops, manufactures and sells innovative cybersecurity solutions for encryption and secure information exchange.

CIRT.GY

CIRT.GY

CIRT-GY is the national Computer Incident Response Team for Guyana.

Celestya

Celestya

Celestya is dedicated to providing the most advanced and cost effective systems for human behavior education on cybersecurity awareness training.

IGX Global

IGX Global

IGX Global is a provider of information network and security integration services and products.

Greenetics Solutions

Greenetics Solutions

Greenetics Solutions is a company focused on providing solutions for information security.

Industrial Internet Consortium (IIC)

Industrial Internet Consortium (IIC)

The Industrial Internet Consortium is the world's leading organization transforming business and society by accelerating the Industrial Internet of Things (IIoT).

Logic Supply

Logic Supply

Logic Supply is a global industrial PC company focused on hardware for the IoT edge. We design highly-configurable computers engineered for reliability.

Ampere Industrial Security

Ampere Industrial Security

Ampere is an industrial security firm. We specialize in industrial control systems (ICS) and operational technology (OT) security.

Symbol Security

Symbol Security

Through situational learning, simulations, and a gamified user experience, Symbol strengthens the cyber awareness of employees and helps companies lower cyber risk.

MetaWeb Ventures

MetaWeb Ventures

MetaWeb Ventures is a global venture capital firm focused on pre-seed and seed investments in crypto start-ups.

Primary Guard

Primary Guard

Primary Guard provides IT solutions and computing technologies that help minimize impact from cyber threats, improve business efficiency and maintain essential functions during or after a disaster.

Xoriant

Xoriant

Xoriant is a technology leader and execution partner throughout the Build, Run and Transform lifecycle for companies that create and use technology products.

Boecore

Boecore

Boecore is an aerospace and defense engineering company that specializes in software solutions, systems engineering, cybersecurity, enterprise networks, and mission operations.

Kong

Kong

Kong - powering the API world. Increase developer productivity, security, and performance at scale with the unified platform for API management, service mesh, and ingress controller.