The new rulers of the cybersecurity realm: Automation, Analytics Artificial Inte
It may be a brave new world in 2017 but it’s also a darn scary one for IT security professionals.
Source: Michael Cooney
Just take a look at some recent Gartner assessments of the security situation:
By 2020, 60% of digital businesses will suffer major service failures, due to the inability of IT security teams to manage digital risk.
By 2020, 60% of enterprise information security budgets will be allocated for rapid detection and response approaches, which is an increase from less than 30% in 2016.
By 2018, 25% of corporate data traffic will flow directly from mobile devices to the cloud, bypassing enterprise security controls.
Through 2018, over 50% of IoT device manufacturers will not be able to address threats from weak authentication practices.
So what technologies are going to change this scenario back in favor of IT? The new security AAA: Automation, analytics and artificial intelligence say proponents.
When it comes to automation, security platforms will devise and execute controls based on newly detected threats and do it without human intervention. That reduces the time between a compromise and the time the threat is neutralized – reducing the time window when attackers can do damage.
+More on Network World: 20 years ago: Hot sci/tech images from 1996+
Security analytics engines digest data from network gear and endpoints in search of anomalies that indicate threats. By setting a baseline for normal, these engines spot out of the ordinary behaviors and assess whether they represent malicious activity.
By incorporating machine learning this technology will expand its ability to detect anomalies not only in network traffic, but in the behavior of individual machines, users, and combinations of users on particular machines.
As these platforms become more sophisticated and trusted in 2017, they will be able to spot attacks in earlier stages and stop them before they become active breaches.
And the big guns are all involved in making this happen: Cisco with its Tetration Analytics platform, IBM with Watson cognitive computing for cybersecurity; Google/Alphabet with DeepMind lab to name just a few.
+ Network World: Cisco: Potent ransomware is targeting the enterprise at a scary rate+
Cisco’s Tetration Analytics product is a turnkey package that gathers information from hardware and software sensors and analyzes the information using big data analytics and machine learning. In the security realm the system sets a baseline for normal network and application behavior and quickly identify any deviation in communication patterns in real time or use Tetration’s forensics search engine to look for other security or user behavior analytics.
“The single most important things customers can do to protect the data center is set up a whitelist of who has access to what but it is one of the most difficult tasks to implement,” said Tom Edsall, a senior vice president and CTO with Cisco. “Tetration lets users set up a white list model and policies more quickly and efficiently than they could before.” This capability will address key cybersecurity issues challenges and move toward “self-driving data center” of the future, Edsell said.
Cisco promises many new security-related applications will be layered onto Tetration in the future.
Then we have IBM’s Watson supercomputer which is being unleashed in corporate networks to analyze traffic in search of malware, but also learning at the same time via its own experiences, but also by taking in white papers, threat intelligence and news about cybercrime. So over time, Watson will develop new strategies for finding attacks as they unfold. The Watson for Cybersecurity project is on beta now and likely sometime in 2017 it could become a full-fledged cybersecurity service.
+More on Network World: IBM warns of rising VoIP cyber-attacks+
There is governmental research going on that would impact the cybersecurity world this year as well. For example Intelligence Advanced Research Projects Activity the radical research arm of the of the Office of the Director of National Intelligence wants to build a system of what it calls sensors – which can be monitors of everything from search terms to social media output – to look for early warning signs of cyber-attacks.
“Cyber-attacks evolve in a phased approach. Detection typically occurs in the later phases of an attack, and analysis often occurs post-mortem to investigate and discover indicators from earlier phases. Observations of earlier attack phases, such as target reconnaissance, planning, and delivery, may enable warning of significant cyber events prior to their most damaging phases,” IARPA wrote in announcing its Cyberattack Automated Unconventional Sensor Environment (CAUSE) program.
“It is expected that the technology developed under the CAUSE Program will have no “human in the loop.” Experts may help develop, train, and improve the solution systems, but they will not manually generate warnings, guide the system, or filter warnings before they are delivered to the [IARPA] Team. The performer produced warnings must be machine-generated and submitted automatically…,” IARPA wrote of the system.