Posted by Sunil K. Kotagiri
Cybersecurity has become a key issue impacting strategic decisions at the highest level within organizations. The increasing sophistication of today’s threat landscape and growing number of high-profile breaches have impacted businesses of all sizes struggling to protect their most important assets – data, reputation and people.
Juniper Networks in association with Vanson Bourne recently conducted a comprehensive study to identify, assess and investigate the top cybersecurity threats that enterprises are experiencing. They looked at how these threats and pain points are changing or predicted to change in immediate future, and how AI and machine learning are helping enterprises protect themselves from constantly changing adversaries.
Please click here to view the complete report.
As this research paper correctly stated, cybersecurity is tumulus. In fact, the only element of this landscape that is stable, is that it is unstable, unpredictable and ever changing. Defining and describing this new form of crime is relatively easy, but preventing it is a completely different game.
I would like to highlight a few very critical findings of this research that are worth further discussion and consideration:
- Only 31% of respondents believe that the cybersecurity solutions used within their organization have done exactly what they promised to do when they were purchased.
- Approaching nine-in-ten (86%) believe that if their organization were to use and end-to-end solution they would be much more secure.
These two findings are spot on. Seceon’s experience working with hundreds of enterprises big and small, across multiple verticals, demonstrates that the biggest challenge security teams face today is having to deal with the sheer volume of alerts from multiple siloed solutions security solutions that are deployed to address singular needs. SILO solutions lack global context, which causes a high volume of alerts without appropriate priority assigned. As an example, a Firewall or IDS may report download of a file with malicious signature, but it may not know if the execution of that malware has been prevented by End Point Protection software. Whereas, an intelligent end-to-end system will have necessary global context required to correlate these two pieces of information, hence eliminating the need to raise an alert, and resulting in reduced false positives and improved effectiveness of security teams.
- Spending on user behavior analytics is forecast to increase substantially (30% growth). On average, $469,449 was spent over the past three years, whereas predicted spending is set to reach $647,309 over the next three years.
- Approaching nine-in-ten (87%) agree that cybersecurity tools with AI/machine learning capabilities would be of great benefit to their organizations.
At present, there are more than 800 million known malware signatures. Out of those, more than 100M signatures were discovered and added in the last year alone. That is 350K new malware and Potentially Unwanted Applications (PUA) discovered every day; an absolutely staggering number. What this means is, it is impossible for your IDS, IPS and End Point Protection agents that rely on these signatures to keep up with new malware. Machine learning and behavioral analytics-driven threat detection are extremely critical to be able to combat against these zero-second threats.
Similarly, approximately 40% of threats are due to malicious insiders. How do you identify these malicious insiders, especially those who know the rules and thresholds that trigger alerts in the traditional SIEM systems? When correctly implemented with strong feature engineering, machine learning and artificial intelligence-driven correlations that adapt to changing human behavior can detect and alert security teams about malicious insiders with very low false positive rate.
- Over eight-in-ten (82%) respondents believe that their organization would be ‘extremely willing” or “somewhat interested” in relinquishing control of cybersecurity to AI/machine learning technologies.
This finding is somewhat surprising, but extremely gratifying. At last, the industry is starting to recognize that it is impossible for security analysts to handle nearly 10,000 alerts per day. (That is the number a typical Fortune 500 Enterprise’ security team has to handle every day.) Also, industry statistics demonstrate that security teams are equipped to handle only 1% of those 10,000 alerts; this is because, on average, one has to analyze 672 log instances per incident and analyzing each log instance takes about 1.5 minutes. In total, it takes 16.8 person-hours to analyze each incident. Considering these 2 factors, it is clear that humans alone cannot handle the sheer volume of alerts generated by solutions today. They have to be augmented by machine learning and AI-driven cybersecurity solutions to automate mundane human analysis. This frees security analysts to focus on the most important tasks that only humans can perform.
These are real challenges today and it is so important to address them immediately as the threat landscape is increasing rapidly. In this noisy space with new entrants, old vendors massaging their product lines and score of analysts providing their views on how companies must build their security posture, the end buyer naturally gets confused. Inherent human nature is that when in confusion or doubt, the decision-making slows down. But, not to forget, there are significant costs due to this delay. In my opinion, it boils down to a simple question from the end buyer, “Are there any vendors today that provide comprehensive end-to-end security using the User Behavior analytics and cutting-edge Machine Learning/AI technologies or we still need to invest in silo solutions to build a security posture?”
From inception, Seceon has recognized that cybersecurity isn’t just a technology problem, but a human problem. There are not enough people with security skills and attack experience to properly identify, analyze and act on the high volume and dynamic nature of new-age threats. Our innovative machine learning and AI-driven aiSIEM and aiMSSP solutions, which feature intelligent correlations with contextual awareness to prioritize the alerts, have been recognized for their innovative approach and won more than 50 industry awards. Seceon solutions not only “detect the threats that matter,” but will stop them before they cause irreparable damage to the organization.
Here are some salient features of our aiSIEM solution:
- Ingests raw streaming data (Identity, Web, Apps, Firewall, Proxy, Windows, DNS and DHCP) and Flows (NetFlow, Sflow and Jflow).
- Logically auto-discovers and creates asset groups.
- Machine learning and AI with actionable intelligence – eliminating the need to add rules.
- Behavioral analytics, predictive modeling and contextual real-time alerts with automated analysis and correlation.
Threat Containment and Elimination
- Out-of-the-box automated threat containment and elimination in real-time.
- Provides clear actionable steps to eliminate threats which can be fully automated.
Compliance, Indexing and Reporting
- Regulatory comliance (HIPAA, PCI, NIST, GDPR) assurance and customizable operational reports.
- Log indexing, long-term storage and data analytics for forensic analysis.
- Microservice architecture facilitates rapid reployment across cloud, on-premise or hybrid.
- Simplified licensing based on the number of assets (versus that amount of data ingested)