New technologies, including cloud computing, the Internet of Things and artificial intelligence, are constantly bringing new opportunities and challenges to attackers and defenders alike. This is not just the age of machines but of machine-scale. As such, IT security analysts need new tools to defend the network.
This brings up the important point that humans are still needed in the loop of cybersecurity. Machine-scale defense is not about replacing people. Instead, efforts should focus on how to compensate for human error and resource limitations within security strategies and how to augment the skills of cybersecurity defenders. In other words, how can chief information security officers (CISOs) leverage new, advanced technologies to successfully address the scale and complexity of today’s evolving threat landscape?
Cyber-attacks at machine-scale
All sorts of malicious actors are converging upon today’s increasingly vulnerable attack surface, regardless of whether they are motivated by pride, money or ideology. Major attacks such as the Mirai botnet Distributed Denial of Service (DDoS) and WannaCry ransomware are clear demonstrations of the scope and breadth of cyber threat actors. Furthermore, 2.6 billion records were compromised worldwide in 2017, an 87 percent increase over 2016, which translates to 7.1 million records that are stolen or lost per day.
What’s enabled the scale of these attacks is the combination of cheaper, easier access to technology with the democratization of the tools and knowledge required to execute these sorts of operations. You no longer have to be a nation-state to have access to sophisticated hacking tools. Malware-as-a service, in all of its guises, is readily available on the Dark Web and sold on a commission basis. Anyone who wants to make a fast buck and knows how to get on the Dark Web can become a hacker. The goal posts have changed.
Why human-scale is no longer enough
Machine-scale threats are not only the result of malicious intent. Be it an innocent mistake, sheer carelessness or malicious intent, the complexity and scale of today’s digitized platforms poses a serious challenge to traditional models of security, as there is still a probability of human error.
The increased complexity of enterprise cybersecurity and why securing the network now requires an integrated AI and expert analyst approach, results from a number of factors:
- Organizations assume that well-known cloud infrastructure technology companies have better security practices, so they outsource their security to those companies. This is true in terms of the security of the infrastructure, but the cloud customer takes on many new responsibilities for configuring the available security settings and securing their own data.
- With the interconnectedness and cloud-hosting of many services, the threat landscape is greatly expanded. Most people assume their organizations use up to 40 cloud apps when, in reality, the number is generally closer to 1,000.
- It is difficult for security analysts to detect patterns across the scale of big data. How big? By 2025, there will be a projected 163 zettabytes of digital data in existence.
- Security teams are uncertain about how best to secure cloud applications due to the newness of the technologies. In June 2017, the names, addresses and account details of some 14 million Verizon customers were found in an unsecured data repository on a cloud server. This was not a result of a malicious attack; the repository was simply exposed to the internet because of an incorrect configuration.
Striking back with integrated machines and humans
With so many new technologies ringing in our ears, how do we choose a security strategy that will work? If we cut through the noise, we can all agree that these machine-scale problems require machine-scale solutions, like machine learning. But the conversation needs to be about how to apply these technologies in the right way, to augment the analysts, not replace them. The use of integrated machine learning can have a pertinent and powerful impact on its application in cybersecurity.
If organizations want to implement machine learning – or, more broadly, AI – to the greatest effect, the cybersecurity paradigm needs to shift. This involves moving from finding low-level patterns in siloed data and then aggregating the output to aggregating data from across the network and looking for the patterns that matter in data that is aggregated across many sources. Using these tools within an integrated approach will optimize the use of these new technologies. It will ensure that the data used to determine cybersecurity incident trends and patterns are relevant, informative and accurate. The promise of AI is to help organizations to automate the time-consuming process of analyzing the data to understand a threat and to augment their human analysts, who then must add context and determine how to respond.
To evolve from human-scale to machine-scale in cybersecurity defense, it is important to have an understanding of the three stages of change management. These are:
1. AI-Human action: Often, cybersecurity platforms based on AI attempt to reduce cyber threats by monitoring instrumentation from multiple sources (such as the network and endpoints). The results of the analysis should be delivered to a highly skilled analyst, who will then take action.
2. Stemming the flood: The next stage of change management is automating the machine-to-human process to avoid the floods of alerts being generated by most tools today.
3. Integrating Machine Learning: The use of integrated machine learning enables AI-based cybersecurity platforms to achieve the best outcomes as it is applied holistically across an entire enterprise security strategy. These systems use automation to complete complex human tasks by using data from an entire system, not just a single focus point.
Cyber threats continue to evolve in scope and sophistication, but so do the tools to confront them. This includes artificial intelligence and machine learning. Organization must deploy these advanced technologies, working toward human and machine collaboration, to address the shifting threat landscape. To win this fight, organizations will need to adopt integrated AI platforms that empower cybersecurity analysts in new, effective ways.
This article originally ran in Today’s Cybersecurity Leader, a monthly cybersecurity-focused eNewsletter for security end users, brought to you by Security magazine. Subscribe here.