CyberSecurity Future: Humans & Machines Work Symbiotically

cybersecurity.jpg?fit=780%2C9999Cybersecurity's future will require humans and machines to work symbiotically.

In yesterday’s world of enterprise security, there were a few well-known points of weakness for the bad guys to target in their attacks, which made defending against threats, well, much simpler. But today’s mobile and cloud-enabled world offers thousands, if not millions, of touch points for attacks.

Driven by the advent of the Internet of Things, connected cars, homes, retail sensors, watches, cameras, utility meters, and more, over 40.9 billion connected devices are expected to be in use within five years, nearly five times the 8.7 billion connected devices recorded in 2012. That is the primary reason for a massively expanding attack surface. 
As a result, we predict the surface area for potential cyber attacks will grow 10x larger from 2010 to 2020. Although companies are building their own security solutions to help them detect and mitigate attacks at the earliest possible stages, as time goes on and more devices get shared across contexts by multiple users. That means the methods by which attacks will be perpetrated will multiply. The modern enterprise lives across the cloud, mobile devices, and the Internet of Things, which means the approaches we previously used to defend against cyber threats are no longer viable.

There are a couple of bills under debate in the U.S Congress that, if enacted, will enhance the flow of information about hackers’ tactics between the government and the private sector, particularly among financial institutions. Both sides need more data on the dangers they face, and sharing threat-related information is a good way to increase security while also potentially reducing corporate liability.

Among consumer-facing companies, Facebook is a few steps ahead of the curve. The company proactively launched ThreatExchange, a new API-based platform for sharing security threat information. Its early partners include Bitly, Dropbox, Pinterest, Tumblr, Twitter, and Yahoo.

Mark Hammell, manager of the threat infrastructure team at Facebook, explains Facebook’s motivation: “Our goal is that organizations anywhere will be able to use ThreatExchange to share threat information more easily, learn from each other’s discoveries, and make their own systems safer. That’s the beauty of working together on security. When one company gets stronger, so do the rest of us.”

Given the evolution of cyber threats, security needs to be addressed, with a collaborative, distributed systems mindset centered on protecting identities. Identity is a concept in modern consumer-facing digital services that aims to track and understand people across various devices they used based on their preferences, relationships, attributes, and interests.
Modern consumer platforms own the identities of their users, but many enterprises still use homegrown identity platforms that they can’t scale across their security products. These stacks don’t track privileges, relationships, or the context of user interactions.
Without a better understanding of identity, security professionals will have a hard time detecting and predicting attacks at scale, which is why today’s monolithic security products need to be rebuilt with identity at the core of a distributed system. 
A ton of data is being collected and monitored across security systems around the globe without any substantial analysis. As a result, that data is not being put to any use in protecting against attacks.

Currently, security analysts are responsible for reviewing an incredible amount of data —both internal and external. And while more and more data inputs are coming in, enterprise security continues to rely on the same straightforward human resources.
In most enterprise settings, security data gets collected and correlated in SIEM (Security Incident and Event Management) products made by Splunk, LogRhythm, and others, and it ends up overwhelming the security analysts tasked with making sense of it. For example, one of the world’s largest banks plans to double its security professional staff to analyze and triage events—but that’s not going to stop it from being attacked. This huge demand for security professionals is a problem that is not just relegated to the big banks, either.

The real leverage in security will come with technology that can detect, prioritize and act against the millions of threats enterprises face on a daily basis. Unfortunately, today’s systems are not smart enough to determine which events and vulnerabilities need attention now.

When Target was attacked, the system detected it, but the security first responders didn’t see the alerts because there was no system in place to prioritize threats, characterize the cost of the impact, and force a response.
A defense built upon supervised machine learning and AI could resolve countless mundane attacks itself, so that security analysts could focus on the high-priority threats that matter most. Human expertise is always necessary to deal with the “unknown unknowns,” but having a machine act on behalf of humans for the high-volume, low-priority events could free up the humans to focus on high-priority events during an emergency.
We often think of the future as a battle for control between humans and machines, but in the world of security, we need a symbiotic relationship. The only way we can solve this problem is if humans train machines to do basic functions so that they can do the more important work.

To give one example already in use today, Google’s PageRank algorithm shows search results based on what links a user clicks most often — and then uses that data to inform what it shows the next person. Security platforms need to implement the same kind of supervised machine learning so that humans can teach the machines what to look for when assessing immediate threats and anomalies.

This structure will also provide a new weapon to defend our online borders. Based on deep learning and supervised AI, security professionals will get to the information that matters most before the attacks actually happen. A human expert would be hard pressed (actually, it would be impossible) to deliver the kinds of results needed for today’s complex security environment, but a new AI-armed security force would not only identify what has been compromised but also have the ability to quickly isolate the attack and prevent further harm.
It’s clear that the definition of security is changing from reactive to proactive, and it is one of the most exciting growth areas

of computer science. Enterprise security, which is a $76.9 billion dollar market today, is expected to grow to $86 billion by 2016, and whereas only 10 percent of enterprise security budgets are allocated to real-time detection and response at present, that’s expected to jump to 60 percent by 2020. I have been thinking a lot about the opportunities that now exist for entrepreneurs, as well as for my firm, Foundation Capital.
Tackling these opportunities is an enormous task, but it’s also going to be incredibly thrilling work. The way I see it, there are three key areas that we need to address in order to protect the world from evolving security threats. If you are thinking about starting a security company, one of these categories might be a good place to start.
            Identity-Based Distributed Firewalls Fully distributed firewall services that act based on identity and application-level context. The last great firewall company, Palo Alto Networks, was created over 10 years ago, and the world has changed considerably since then. Centralized firewalls sitting in the DMZ are no longer the answer.
            Security Operations Centers for the Cloud Blending cloud and on-premise security platforms that help enterprises better understand and manage incidents across traditional on-premise apps and modern cloud apps with a single tool. This unified approach is what every company should be striving for in the coming years.
            Security Orchestration Enterprises spend millions on consulting services from companies like Mandiant and Verizon for outsourced security services and advanced forensic analysis. Providing enterprises with new tools that enable the average security professional to do detective-style forensic investigation without the expense of outside consultants will be huge.
As the world becomes more connected and our vulnerability increases, the need for more comprehensive security will become imperative for everyone from small businesses to multinational corporations—and, of course, for their customers. The opportunity is staggering.
VB: http://bit.ly/1HrFSNT

 

 

« Assange says NSA intercepts 98% of S. American Coms
4 Signs a Board thinks Security is Better than it Is »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

MyCERT

MyCERT

MyCERT is the National Computer Emergency Response Team of Malaysia.

Council of Europe - Cybercrime Programme Office (C-PROC)

Council of Europe - Cybercrime Programme Office (C-PROC)

The Cybercrime Programme Office of the Council of Europe is responsible for assisting countries worldwide in strengthening their legal systems capacity to respond to cybercrime

Spirion

Spirion

Spirion offers data discovery, classification, and protection tools for your business's privacy, security, and compliance program to avoid gaps and risks.

Westermo Network Technologies

Westermo Network Technologies

Westermo designs and manufactures robust, resilient and secure data communications products for mission-critical industrial systems.

Tevora

Tevora

Tevora is a specialized management consultancy focused on cyber security, risk, and compliance services.

ThreatQuotient

ThreatQuotient

ThreatQuotient delivers an open and extensible threat intelligence platform to provide defenders the context, customization and collaboration needed for increased security effectiveness.

Immersive Labs

Immersive Labs

Immersive Labs have created a kinesthetic learning platform which identifies gaps in your teams cyber skills.

Cellopoint

Cellopoint

Cellopoint is a leading manufacturer of information security and email lifecycle management (ELM) products.

StepStone

StepStone

StepStone is one of the leading online job platforms in Germany, and other countries, covering all industry sectors including IT and cybersecurity.

Beosin

Beosin

Beosin is a blockchain security company providing cybersecurity services including security audits, on-chain asset investigation, threat intelligence and wallet security.

boxxe

boxxe

boxxe create flexible IT infrastructures, collaborative global workspaces and data clarity, all underpinned by world-leading security.

BOXX Insurance

BOXX Insurance

BOXX Insurance Inc. is a new type of insurance company for a new type of risk. Cyberboxx is the first fully-integrated cybersecurity and insurance solution for small-to-medium-sized businesses.

Google Cloud

Google Cloud

Accelerate your digital transformation. Whether your business is early in its journey or well on its way to digital transformation, Google Cloud can help solve your toughest challenges.

CyberSanctus

CyberSanctus

CyberSanctus provide clients with a variety of pentest plans from the entry level starter plan, which is tailored for personal websites, to enterprise level pentests, tailored for large scale business

Cynical Technology

Cynical Technology

Cynical Technology is a Nepalese cybersecurity company with expertise in security consulting, auditing, testing and compliance.

SIGLA Group

SIGLA Group

SIGLA Group specialize in the design and development of IT and OT solutions, from analysis to design, from implementation to commissioning, as well as consultancy, training and assistance.