The cyber security industry is growing like never before with more people, more skills and more products coming every day. It is a great time to be in the industry and yet for some, they’ve never felt more vulnerable or at risk. With all the activity in the cyber security space, are the defenses actually getting smarter or do we just have more of them?
I can remember the days when some hardened configuration, a good set of policy, and a good anti-virus set up was all that you needed. But now, with the exponential growth in the cyber security market, there are lists of many key things an IT team must have in place and the list doesn’t get any smaller.
For many of us, these numerous tools and key ‘must-haves’ are marketed as the essential antidote to all our cyber security needs. However, in practical, we need a full team of humans to manage all of the data that they push at us and create, as they get smarter. It is not that they do not help with cyber security; it is just that with further platforms we will need more resource and more eyes on them.
"We are reaching a point where the avalanche of data is undermining the ability of teams and individuals to perform at their best and enable them to make effective in-roads to find threats and resolve false-positives"
We are now also watching our own organizations for the compliance factor which sits closely along cyber security, who’s sharing what with whom, is it an accident, a threat, or is it malicious?
Furthermore, while evaluating some of the biggest incidents of the past 5 years, we see that the malicious activities have occasionally been actually happening for some time before being detected. It implies that we are reaching a point where the avalanche of data is undermining the ability of teams and individuals to perform at their best and enable them to make effective in-roads to find threats and resolve false-positives.
So where do we go from here? More of something is not necessarily a bad thing; it is just how you use it. Nevertheless, how do we use it? This is where the possibilities get exciting!
Two of the most visible trends in the last few years have been data science and the increased use of Artificial Intelligence— if we can combine these two, we can turn the cyber security function into an active defense powered by AI using both data and systems.
As I said earlier, many of the leading platforms do a great job in collecting data and some can even investigate and present it, occasionally by employing some level of automation. But, what if threat detection platforms were able to act entirely independent of identified changes in the data usage or settings, amend them, and tell us if people have been affected, just by measuring the data flow?
Such a platform could also feed in data from vulnerability platforms, combine it with compliance data about configurations, cause the use of at-risk data by changing configurations, and proactively alert the operational teams with real-time data as to who are using this platform or how much of it is being used?
This fantasy platform could also detect changes in data usage, for example in the case of an encrypted database that matches patterns of growth such as the Hilton Hotel data breach, and make assessments around the why, how, or what to make the necessary corrective actions.
The possibilities for this seem to be only limited by our confidence in an AI to make those decisions on our behalf. Of course, none of us would let an AI system completely free to make decisions without the guidance, which is where we come back to the human touch, the people we train and nurture to do a great job. To be clear, I am not advocating replacing, but making a suggestion about giving them a full time AI assistant to turn them into a super powerful crime-fighting duo, as in the likes of Cagney and Lacey, Holmes and Watson, or Batman and Robin? Who would not want something like that on their side fighting in the name of cyber security?