Cybercrime and security threats have increased exponentially in recent years, and the momentum is only growing. According to Juniper Research, over 146 billion records will be exposed through criminal data breaches from 2018 to 2023, growing at a rate of 22.5% per year. Threat vectors are multiplying as enterprises move toward digital business and embrace a wide array of internet-connected devices, fledgling blockchain networks, cloud and social media. Even as organizations implement emerging technologies to safeguard their crown jewels, malicious agents are also evolving, devising new and automated cyber attacks.
We believe traditional defense mechanisms and siloed security tools are no longer adequate. Cybersecurity now requires advanced analytics that keep pace with the speed and scale of digital business. IT organizations must leverage big data, cloud and streaming architecture paradigms in conjunction with artificial intelligence (AI)-powered analytics and edge analytics to provide predictive insights and threat protection.
Here we examine emerging cybersecurity challenges; the risk of continuing with conventional approaches; and the imperatives for adopting an intelligent, integrated strategy for holistic digital security.
The current cyber threat landscape
A robust cybersecurity defense strategy needs to account for both internal and external threat vectors, as well as sophisticated attacks made possible through the advent of Internet of Things (IoT) initiatives, cloud enablement, big data analytics, social media, mobile computing, cryptocurrencies, etc. According to the Ponemon Institute, the average probability of a material breach in the next two years is 27.9%.
Here are four of today’s major cybersecurity challenges, as well as ideas on addressing them:
1 Cybersecurity programs are failing to keep up with digital threats.
The pivot to digital introduces new technology and architecture patterns that upend legacy cybersecurity methods. Roughly 84% of respondents to a recent McKinsey & Co. study feel companies are insufficiently prepared for the vulnerabilities caused by IoT initiatives. With connected technologies and IoT, organizations must shift from managing security for thousands of network endpoints to dealing with millions of connected devices.
Action item: Garner clear understanding of your emerging cyber-risk portfolio and evolve legacy security policies. Broaden the data points collected for real-time integration, and employ automation to centralize management and enable rapid deployment.
2 Bots are a blessing and a curse.
While advanced analytics and AI are driving digital business change, malicious agents are reinventing attack algorithms, using AI to create new variants of old attacks. This adds to burgeoning problems with traditional security tools that rely on human intervention and manual investigations.
Action item: Evolve from a reactive to a proactive strategy. Employ advanced analytics powered by AI and machine learning (ML) to detect deception.
3 Siloed data analysis generates too much noise.
Organizations typically use either traditional security information and event management solutions or multiple cybersecurity products that collect huge volumes of system and user activity events, independently. This results in disparate, disconnected systems that are unsuited to digital models and fail to present a complete picture at any given point in time.
Action item: Shift away from piecemeal processes. Adopt innovative thinking to intelligently integrate disparate data, radically increasing insight generation and response.
4 There’s a lack of cyber skills and capabilities in the emerging technology landscape.
Given that the human factor is a significant cause of data breaches, there is a critical need to improve awareness among employees. Conventional education and standard procedures are simply not enough to face the challenges in the digital world, where attack models are outpacing acquired skills.
Action item: Inform, educate and upskill security operations center (SOC) analysts, and avoid internal fragmentation of cybersecurity skills. Overcome the lack of human-driven intelligence with analytics-driven intelligence.
Foundations for tackling cybersecurity challenges
Having sketched out cybersecurity challenges, we turn to addressing those challenges. While it’s important that organizations continuously refine their protocols and governance strategy to face emerging challenges, it’s also imperative to build advanced threat protection models. This requires a transformative security agenda. This agenda must incorporate a cyber analytics platform that integrates disparate data in real time, enriched with metadata and AI/ML analytics, as well as security-orchestration automation and response for expedited threat handling.
We advise organizations to take the following actions:
Broaden the data integration and management horizon
- Automate collection and ingestion of data at big-data scale.
- Store data in a manageable manner, supporting data lake patterns.
- Break traditional information barriers with fast data retrieval and search.
Cybersecurity defense is a moving target, and so is the data used for analysis. Isolating analysis to data generated by traditional information security tools creates rigid boundaries when the data sources are evolving and multiplying.
Cyber analytics platforms must be able to spot threats across a wide variety of data sources — both internal and external. These platforms must work with data that is beyond the traditional purview of security operations teams, such as email content; social media feeds; user metadata from a human resources database; and critical auditing databases managed by IT teams.
Use an integrated advanced analytics-driven platform
- De-fragment and reconcile siloed data for rapid insight generation.
- Power analysis with ML and other advanced forms of AI.
- Use AI and automation to close skills gaps.
Fragmented data results in fragmented investigation and forensic analysis. Cybersecurity requires an integrated, intelligent analytics-based platform that can automate scanning at the scale and speed required to process increasingly agile digital data and workload patterns.
The cyber-analytics platform must be able to crunch massive volumes of disparate data and derive meaningful insights, convert data into intelligent information and detect advanced threats using data science, deep learning, edge analytics and AI.
Seek real-time data enrichment
- Add structure and context with metadata.
- Correlate disparate data to derive meaning.
- Add streaming analytics for real-time alerts.
Simply collecting large volumes of data without preparing it for analysis can result in a data deluge. The cyber-analytics platform must be able to correlate patterns among disparate sources of data, using metadata to connect the dots.
For example, legacy systems often send data with timestamps but no indication of time zone. Without that information, SOC analysts cannot be certain where and when an event was triggered.
Apply intelligent visualization
- Create a customizable command center view for holistic security.
- Facilitate egress integrations for business intelligence tools.
- Enable seamless collaboration with the data scientist community.
With traditional SOC dashboards and vendor-specific information security tools, incident analysis involves switching between several consoles and user interfaces. This manual method of analysis and reporting is highly time-consuming, prone to human error, and limited in the amount of data available for analysis at any point in time.
The cyber-analytics platform must provide SOC analysts with a single view of current IT risk and health scores, as well as a digital map connecting the dots between thousands of people, machines and devices — and their interactions. It must also provide the flexibility to create purpose-built dashboards that present intelligent information.
Expand the security analysis surface via the cloud
- Extend the boundaries of data gathering.
- Augment security by deploying cloud-native security tools.
- Cross-validate with in-house data to get a comprehensive view.
As enterprise perimeters expand to the cloud via IoT, IT organizations need solid cloud security protocols and a holistic view of user and system activity patterns across on-premises and cloud environments. With immature security auditing and governance capabilities in the cloud, threat vectors for data leakage and exfiltration increase substantially. Consider a scenario in which an employee uploads files from an office laptop to cloud storage open to public access. Without end-to-end visibility of the event chain, vulnerability checks and analyses would be inaccurate and time-consuming.
Security and compliance analysis can be augmented with cloud-native security products feeding cloud-event data into the cyber-analytics platform. The result is a comprehensive picture of overall user and system behavior.
Bringing it all together
The degree of connectivity in today’s — and, more importantly, tomorrow’s — digital enterprise demands fresh thinking about security. Siloed products and tunnel vision just aren’t enough.
Figure 1 depicts a high-level reference architecture of a conceptual next-gen cyber-analytics platform. Such a platform can be conceived and built by integrating industry-standard advanced analytics tools and big-data technology. Forward-thinking organizations can leverage available tools to prototype and validate best-of-breed technologies to quickly deliver on the cyber-analytics platform vision while also addressing business priorities.