CyberSecurity Future: Humans & Machines Work Symbiotically

cybersecurity.jpg?fit=780%2C9999Cybersecurity's future will require humans and machines to work symbiotically.

In yesterday’s world of enterprise security, there were a few well-known points of weakness for the bad guys to target in their attacks, which made defending against threats, well, much simpler. But today’s mobile and cloud-enabled world offers thousands, if not millions, of touch points for attacks.

Driven by the advent of the Internet of Things, connected cars, homes, retail sensors, watches, cameras, utility meters, and more, over 40.9 billion connected devices are expected to be in use within five years, nearly five times the 8.7 billion connected devices recorded in 2012. That is the primary reason for a massively expanding attack surface. 
As a result, we predict the surface area for potential cyber attacks will grow 10x larger from 2010 to 2020. Although companies are building their own security solutions to help them detect and mitigate attacks at the earliest possible stages, as time goes on and more devices get shared across contexts by multiple users. That means the methods by which attacks will be perpetrated will multiply. The modern enterprise lives across the cloud, mobile devices, and the Internet of Things, which means the approaches we previously used to defend against cyber threats are no longer viable.

There are a couple of bills under debate in the U.S Congress that, if enacted, will enhance the flow of information about hackers’ tactics between the government and the private sector, particularly among financial institutions. Both sides need more data on the dangers they face, and sharing threat-related information is a good way to increase security while also potentially reducing corporate liability.

Among consumer-facing companies, Facebook is a few steps ahead of the curve. The company proactively launched ThreatExchange, a new API-based platform for sharing security threat information. Its early partners include Bitly, Dropbox, Pinterest, Tumblr, Twitter, and Yahoo.

Mark Hammell, manager of the threat infrastructure team at Facebook, explains Facebook’s motivation: “Our goal is that organizations anywhere will be able to use ThreatExchange to share threat information more easily, learn from each other’s discoveries, and make their own systems safer. That’s the beauty of working together on security. When one company gets stronger, so do the rest of us.”

Given the evolution of cyber threats, security needs to be addressed, with a collaborative, distributed systems mindset centered on protecting identities. Identity is a concept in modern consumer-facing digital services that aims to track and understand people across various devices they used based on their preferences, relationships, attributes, and interests.
Modern consumer platforms own the identities of their users, but many enterprises still use homegrown identity platforms that they can’t scale across their security products. These stacks don’t track privileges, relationships, or the context of user interactions.
Without a better understanding of identity, security professionals will have a hard time detecting and predicting attacks at scale, which is why today’s monolithic security products need to be rebuilt with identity at the core of a distributed system. 
A ton of data is being collected and monitored across security systems around the globe without any substantial analysis. As a result, that data is not being put to any use in protecting against attacks.

Currently, security analysts are responsible for reviewing an incredible amount of data —both internal and external. And while more and more data inputs are coming in, enterprise security continues to rely on the same straightforward human resources.
In most enterprise settings, security data gets collected and correlated in SIEM (Security Incident and Event Management) products made by Splunk, LogRhythm, and others, and it ends up overwhelming the security analysts tasked with making sense of it. For example, one of the world’s largest banks plans to double its security professional staff to analyze and triage events—but that’s not going to stop it from being attacked. This huge demand for security professionals is a problem that is not just relegated to the big banks, either.

The real leverage in security will come with technology that can detect, prioritize and act against the millions of threats enterprises face on a daily basis. Unfortunately, today’s systems are not smart enough to determine which events and vulnerabilities need attention now.

When Target was attacked, the system detected it, but the security first responders didn’t see the alerts because there was no system in place to prioritize threats, characterize the cost of the impact, and force a response.
A defense built upon supervised machine learning and AI could resolve countless mundane attacks itself, so that security analysts could focus on the high-priority threats that matter most. Human expertise is always necessary to deal with the “unknown unknowns,” but having a machine act on behalf of humans for the high-volume, low-priority events could free up the humans to focus on high-priority events during an emergency.
We often think of the future as a battle for control between humans and machines, but in the world of security, we need a symbiotic relationship. The only way we can solve this problem is if humans train machines to do basic functions so that they can do the more important work.

To give one example already in use today, Google’s PageRank algorithm shows search results based on what links a user clicks most often — and then uses that data to inform what it shows the next person. Security platforms need to implement the same kind of supervised machine learning so that humans can teach the machines what to look for when assessing immediate threats and anomalies.

This structure will also provide a new weapon to defend our online borders. Based on deep learning and supervised AI, security professionals will get to the information that matters most before the attacks actually happen. A human expert would be hard pressed (actually, it would be impossible) to deliver the kinds of results needed for today’s complex security environment, but a new AI-armed security force would not only identify what has been compromised but also have the ability to quickly isolate the attack and prevent further harm.
It’s clear that the definition of security is changing from reactive to proactive, and it is one of the most exciting growth areas

of computer science. Enterprise security, which is a $76.9 billion dollar market today, is expected to grow to $86 billion by 2016, and whereas only 10 percent of enterprise security budgets are allocated to real-time detection and response at present, that’s expected to jump to 60 percent by 2020. I have been thinking a lot about the opportunities that now exist for entrepreneurs, as well as for my firm, Foundation Capital.
Tackling these opportunities is an enormous task, but it’s also going to be incredibly thrilling work. The way I see it, there are three key areas that we need to address in order to protect the world from evolving security threats. If you are thinking about starting a security company, one of these categories might be a good place to start.
            Identity-Based Distributed Firewalls Fully distributed firewall services that act based on identity and application-level context. The last great firewall company, Palo Alto Networks, was created over 10 years ago, and the world has changed considerably since then. Centralized firewalls sitting in the DMZ are no longer the answer.
            Security Operations Centers for the Cloud Blending cloud and on-premise security platforms that help enterprises better understand and manage incidents across traditional on-premise apps and modern cloud apps with a single tool. This unified approach is what every company should be striving for in the coming years.
            Security Orchestration Enterprises spend millions on consulting services from companies like Mandiant and Verizon for outsourced security services and advanced forensic analysis. Providing enterprises with new tools that enable the average security professional to do detective-style forensic investigation without the expense of outside consultants will be huge.
As the world becomes more connected and our vulnerability increases, the need for more comprehensive security will become imperative for everyone from small businesses to multinational corporations—and, of course, for their customers. The opportunity is staggering.
VB: http://bit.ly/1HrFSNT

 

 

« Assange says NSA intercepts 98% of S. American Coms
4 Signs a Board thinks Security is Better than it Is »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Verve Industrial

Verve Industrial

Verve specialize in providing software and services to help protect and secure critical industrial control systems.

Hague Security Delta (HSD)

Hague Security Delta (HSD)

The Hague Security Delta Campus is home of the leading cyber security cluster in Europe with an Innovation Centre, labs and training facilities.

AGAT Software

AGAT Software

AGAT Software is an innovative security provider specializing in external access authentication and data protection solutions.

ComCERT

ComCERT

ComCERT SA is an independent, private consulting company focusing in the assistance of its customers facing the dangers of cyber threats and security incidents.

State e-Government Agency (SEGA) - Bulgaria

State e-Government Agency (SEGA) - Bulgaria

The State e-Government Agency (SEGA) is responsible for matters relating to electronic governance in Bulgaria.

Cyfirma

Cyfirma

CYFIRMA offers Cyber threat visibility and intelligence suite and services aimed at keeping your organization’s cybersecurity posture up-to-date.

Revere Technologies

Revere Technologies

Revere Technologies is a pure-play cyber security solutions and services provider in Sub-Saharan Africa.

Seadot Cybersecurity

Seadot Cybersecurity

Seadot offer cybersecurity services to organizations with a high demand for regulatory compliance and security.

CITRA - Information Security and Emergency Response

CITRA - Information Security and Emergency Response

CITRA is responsible for overseeing the telecommunications sector, monitoring and protecting the interests of users and service providers, and regulating the services of telecomms networks in Kuwait.

Lattice Semiconductor

Lattice Semiconductor

Lattice Semiconductor solves customer problems across the network, from the Edge to the Cloud, in the growing communications, computing, industrial, automotive and consumer markets.

Psybersafe

Psybersafe

Psybersafe is a hands-on, behaviour-changing training system that keeps your people and your business cyber safe.

SoftForum

SoftForum

SoftForum is a company specializing in next-generation information security solutions in the Quantum-Resistant-Cryptography (PQC) field.

DeviQA

DeviQA

DeviQA provide best-in-class quality assurance services to companies of all sizes.

FastPassCorp

FastPassCorp

In the world of IT, identity theft is a growing concern. FastPass offers an innovative solution as a cloud or on-premises offering.

OutKept

OutKept

OutKept offers the highest quality phishing simulation campaigns, supported by a community of ethical phishers, to build awareness, and maintain alertness.

JustunSecure

JustunSecure

JustunSecure is dedicated to promoting information technology and cybersecurity in Africa.