First Midwest BankFirst Midwest Bank logoArrow DownIcon of an arrow pointing downwardsArrow LeftIcon of an arrow pointing to the leftArrow RightIcon of an arrow pointing to the rightArrow UpIcon of an arrow pointing upwardsBank IconIcon of a bank buildingCheck IconIcon of a bank checkCheckmark IconIcon of a checkmarkCredit-Card IconIcon of a credit-cardFunds IconIcon of hands holding a bag of moneyAlert IconIcon of an exclaimation markIdea IconIcon of a bright light bulbKey IconIcon of a keyLock IconIcon of a padlockMail IconIcon of an envelopeMobile Banking IconIcon of a mobile phone with a dollar sign in a speech bubbleMoney in Home IconIcon of a dollar sign inside of a housePhone IconIcon of a phone handsetPlanning IconIcon of a compassReload IconIcon of two arrows pointing head to tail in a circleSearch IconIcon of a magnifying glassFacebook IconIcon of the Facebook logoLinkedIn IconIcon of the LinkedIn LogoXX Symbol, typically used to close a menu
Skip to nav Skip to content

2 Innovations That Can Tip the Balance in Cybersecurity

What critical innovations can change the balance in cybersecurity, providing those of us responsible for defending our organizations with more capabilities against those who would do us harm?

This is not just a theoretical exercise. It is something all of us in cybersecurity need to understand — and a key national security priority.

I’ve given this question considerable thought in my role advising many of my former colleagues and other leaders in the U.S. government. In my view, there are two key interrelated developments that can shift the cybersecurity paradigm. They are:

  1. Innovations in automation.
  2. Software-based advanced analytics — including big data, machine learning, behavior analytics, deep learning and, eventually, artificial intelligence.

These innovations can't necessarily reverse the historical advantage offense has had over defense. But improved use of automation — combined with software-based advanced analytics — can help level the playing field.

Cyber threats are increasingly automated using advanced technology. Unfortunately, defense has continued to employ a strategy based mostly on human decision-making and manual responses taken after threat activities have occurred.

This reactive strategy can’t keep pace against highly automated threats that operate at speed and scale. The defense has been losing — and will continue to lose — until we in the cybersecurity community fight machines with machines, software with software.

Prevention is key

Any good defensive strategy should be comprehensive with protection, detection, response, recovery, and resilience. Prevention is key, especially in today’s complex environment. That is where we have not invested enough — and where automation and advanced analytics can make an enormous difference.

First, let me define what I mean by prevention, starting with understanding the basic cyberattack process, sometimes referred to as the cyber threat lifecycle. This process consists of seven steps:

  1. Probing;
  2. Developing a delivery mechanism to get to a victim or target;
  3. Exploiting a vulnerability in the network environment;
  4. Installing malicious code;
  5. Establishing a control channel;
  6. Escalating privileged access;
  7. Moving laterally within the network environment.

These steps usually occur in that order, but not always. The final step defines a successful attack, which could be encrypting data for ransom; exfiltrating sensitive data; exposing embarrassing information; or disrupting/destroying targeted systems, devices, or data.

Modern cyber threat actors can work their way through the attack process more quickly than ever with advanced software and machines.

But the process still takes time — allowing defenders to see and stop a threat at any step in the process. To do so, however, defenders must have complete visibility across their network environment and be able to deliver protections everywhere automatically. Therefore, they need both sensors and enforcement points. Just seeing malicious activity without being able to stop it won’t change the dynamic between offense and defense.

Tackling speed and scale

Automation lets security teams fight machines with machines and save their most precious resource (people) to do things that only people can do better and faster than machines. This includes hunting and deep, high-end analysis. Any other approach will never keep pace with the speed and scale of modern cyberthreats.

Software-based advanced analytics enable security teams to fight software with software. They make it possible to deploy sensors and enforcement points in all critical places in a network environment. More importantly, they enable the integration between the sensors and enforcement points.

With advanced analytics, any type of suspicious behavior in a network environment can be quickly matched to the attack process used by all known threat actors or organizations. Analytics can even identify a threat never seen before or a possible threat not directly matched to a known bad signature or activity.

Using machine learning algorithms, a decision can be rendered in near real-time — less than 10 minutes is state-of-the-art today — and a protection can be delivered automatically to stop the threat everywhere in the organization’s enterprise environment without the need for any human intervention.

Defenders have access to an enormous amount of data from networks, endpoints, and clouds. The right kind of data includes cyber threat indicators of compromise as well as contextual information. It does not include traditional policy and legal landmines such as personally identifiable information, protected health information, intellectual property, or surveillance-related data.

Leveraging this data, it is possible to act at speed and scale with a very high degree of precision, achieving false positive rates of less than one percent. The key to this kind of effective defense is complete, continuous, and consistent visibility and security controls across all elements of an organization’s network environment — from the network to the cloud (public, private, hybrid, multi, SAAS) to endpoint and IoT devices.

Stopping threats, mitigating risk

Cybersecurity protections that leverage automation and advanced analytics are available today and getting better as time goes by, with more of the right kinds of data to drive automated decisions and protections.

Best case, the use of these two innovations enable security teams to see and stop cyber threats before they are successful, providing an advantage for the defense. Worst case, they let security teams limit the damage of a successful attack to something determined to be an acceptable level of risk.

Why is this so important? Eliminating or reducing the advantage that cyber offense has over defense is critical to creating a more stable cyberspace. Traditionally, when offense has the advantage, it creates enormous instability. When defense has the advantage, it creates a more stable environment.

We live in a world with an unacceptably high level of instability in the cyber domain. The risks of miscalculation, misinterpretation or even a plain mistake are just too high. Effective use of automation and software-based advanced analytics can help level the playing field between offense and defense and create a much more effective cybersecurity posture for any organization.

 

This article was from CIO and was legally licensed through the Industry Dive Content Marketplace. Please direct all licensing questions to legal@industrydive.com.

Subscribe for Insights

Subscribe