Contributed by Ashley Fidler, Vice President of Product, Versive
The cloud. Big data. BYOD. In this era where human-scale has given way to machine-scale, today’s cybersecurity challenges require a substantial change in the way incidents are identified and resolved. These new technologies, such as cloud computing, the Internet of Things, and artificial intelligence, are delivering digital transformation on a previously-unknown scale for both attackers and defenders.
Even though defending the cybersecurity landscape now exceeds human capacity, the question should not be how to replace humans. Instead, efforts should focus on how to compensate for human error and resource limitations within security strategies and how to augment human defenders. In other words, how can chief information security officers (CISOs) leverage new, advanced technologies to successfully grapple with the scale and complexity of today’s evolving threat landscape?
The machine-scale of cyber threats
Today’s increasingly vulnerable and expanding attack surface is attracting all types of malicious actors, regardless of whether they are motivated by pride, money or ideology. Recent major attacks such as the Mirai botnet Distributed Denial of Service (DDoS) and WannaCry ransomware are a clear demonstration of the scope and breadth of cyber threat actors. Furthermore, 2.6 billion records were compromised worldwide in 2017, an 87 percent increase over 2016, which translates to 7.1 million records that are stolen or lost per day.
One of the most important aspects of this evolution of cyber threats is the combination
of cheaper, easier access to technology with the democratization of the tools and knowledge required to execute these sorts of operations. You no longer have to be a stereotypical kid in a basement or a nation-state to be a hacker. Malware-as-a service, in all of its guises, is readily available on the Dark Web and sold on a commission basis. Anyone who wants to make a fast buck and knows how to get on the Dark Web can become a hacker. The goal posts have changed forever.
Human-scale limitations
But malicious actors aren’t the only cause of machine-scale threats. Whether an innocent mistake, sheer carelessness, or malintent, the complexity and scale of today’s digitized platforms poses a serious challenge to traditional models of security that still heavily rely on human analysts. In many instances, it’s outstripping them completely.
There are a number of factors contributing to this increased complexity of enterprise cybersecurity and why securing it now exceeds human cognition:
- Humans struggle to spot patterns across the scale of big data. How big? By 2025, there will be a projected 163 zettabytes of digital data in existence.
- The attack surface is greatly magnified given the interconnectedness and cloud-hosting of many services. Most people assume their organizations use up to 40 cloud apps when, in reality, the number is generally closer to 1,000.
- The newness of the technologies means security teams are unclear on best practices. In June 2017, the names, addresses and account details of some 14 million Verizon customers were found in an unsecured data repository on a cloud server. This was not a result of a malicious attack; the repository was simply exposed to the internet because of an incorrect configuration.
- There is an outsourcing of security to well-known cloud infrastructure technology companies, under the assumption that those companies have better security practices. This is true in terms of the security of the infrastructure, but the company (cloud customer) is still responsible for utilizing the available security settings and securing their own data.
Integrating machine-scale with human touch to fight back
So, what is the path forward – blockchain, deep learning, artificial intelligence, machine learning, neural nets? Buzzword bingo is a game that we are all tired of playing. If we cut through the noise, we can all agree that these machine-scale problems require machine-scale solutions, like machine learning. But the conversation needs to be about how to apply these technologies in the right way, to augment the analyst, not replace them. The use of integrated machine learning can have a pertinent and powerful impact on its application in cybersecurity.
To use ML, or more broadly, AI effectively, the cybersecurity paradigm needs to shift from finding low-level patterns in siloed data and then aggregating the output, to aggregating data from across the network and then looking for the patterns in that cross-network data that really matter. Using these tools within an integrated approach will optimize the use of these new technologies, ensuring that the data used to determine cybersecurity incident trends and patterns are relevant, informative and accurate. The promise of AI is to help organizations to automate the time-consuming process of analyzing the data to understand a threat and to augment their human analysts, who then must add context and determine how to respond.
It is important to have an understanding of the three stages of change management in evolving from human-scale to machine-scale in cybersecurity defense. These are:
- Human Control: Many AI-based cybersecurity platforms work to reduce cyber threat mitigation by monitoring network traffic. The results of the algorithm will usually initiate an alert being sent to a dashboard viewed by a human operator, who will then take action.
- Automation: Automating this process is the next phase change, to move away from the floods of alerts being generated by most tools today.
- Holistic control: The phase change that takes AI platforms in cybersecurity to new levels is the use of integrated ML that is applied holistically across an entire enterprise. These systems use automation to complete complex human tasks by using data from an entire system, not just a single focus point.
What Cybersecurity Requires Now
The challenge of mitigation of cybersecurity threats is real and advancing, but the tools at our disposal, such as artificial intelligence and machine learning, are also advancing. To successfully leverage new, advanced technologies to combat today’s ever-evolving threat landscape, human-machine interaction is what we need to work towards. Building integrated AI platforms that empower human cybersecurity analysts is the new wave of change that the industry needs to make it effective against a formidable and ever-changing foe.
