Can AI Mixed With Ambience, Topped With Behavioral Analytics, Be The Perfect Cybersecurity Recipe?
Since cybersecurity threats have become a topic of nightly newscasts, no longer is anyone shocked by their scope and veracity. What is shocking is the financial damage the attacks are predicted to cause as they reverberate throughout the economy.
Cybersecurity Ventures predicts global annual cybercrime costs will grow from $3 trillion in 2015 to $6 trillion annually by 2021, which includes damage and destruction of data, stolen money, lost productivity and theft of intellectual property, personal and financial data, embezzlement and fraud. That doesn’t even include post-attack disruption to the normal course of business, forensic investigation, restoration and deletion of hacked data, systems and reputational harm.
While traditional security filters like firewalls and reputation lists are good practice, they are no longer enough. Hackers increasingly bypass perimeter security, enabling cyber thieves to pose as authorized users with access to corporate networks for unlimited periods of time.
Organizational threats manifest themselves through changing and complex signals that are difficult to detect with traditional signature-based and rule-based monitoring solutions. These threats include external attacks that evade perimeter defenses and internal attacks by malicious insiders or negligent employees.
Along with insufficient threat detection, traditional tools can contribute to “alert fatigue” by excessively warning about activities that may not be indicative of a real security incident. This requires skilled security analysts to identify and investigate these alerts when there is already a shortage of these skilled professionals.
Protect the Data, Not the Network
Security pros need to pick up where those traditional security tools end and realize that it’s the data that is ultimately at risk. The safeguarding of the data is as important, if not more imperative, than just protecting the network or the perimeter. Security shields must be placed where the data resides in the IT enterprise as opposed to monitoring data traveling across the network.
Some cybersecurity sleuths deploy a variety of traps, including identifying an offensive file with a threat intelligence platform using signature-based detection and blacklists that scan a computer for known offenders. This identifies whether those types of files exist in the system which are driven by human decisions.
However, millions of files need to be uploaded to cloud-based threat-intelligent platforms; scanning a computer for all of them would slow the machine down to a crawl or make it inoperable. But the threats develop so fast that those techniques don’t keep up with the bad guys and, also, why wait until you are hacked?
The Mix of Forensics and Machine Learning
Instead of signature and reputation-based detection methods, smart CSOs and CISOs are moving from post-incident to pre-incident threat intelligence. They are looking at artificial intelligence innovations that use machine learning algorithms to drive superior forensics results.
In the past, humans had to look at large sets of data to try to distinguish the good characteristics from the bad ones. With machine learning, the computer is trained to find those differences, but much faster with multidimensional signatures that detect problems and examine patterns to identify anomalies that trigger a mitigation response.
The Good, the Bad and the Ugly
Machine learning generally works in two ways: supervised and unsupervised. With supervised learning, humans tell the machines which behaviors are good and bad (ugly), and the machines figure out the commonalities to develop multidimensional signatures. With unsupervised learning, the machines develop the algorithms without having the data labeled, so they analyze the clusters to figure out what’s normal and what’s an anomaly.
The obvious approach is to implement an unsupervised, machine learning protective shield that delivers a defense layer to fortify IT security. A self-learning system with the flexibility of being able to cast a rapidly scalable safety net across an organization’s information ecosystem, distributed or centralized, local or global, cloud or on-premise. Whether data resides in a large health system or is the ERP system of a large energy company or a financial institution, rogue users are identified instantly.
By applying machine learning techniques across a diverse set of data sources, systems become increasingly intelligent by absorbing more and more relevant data. These systems can then help optimize the efficiency of security personnel, enabling organizations to more effectively identify threats. With multiple machine learning modules to scrutinize security data, organizations can identify and connect otherwise unnoticeable, subtle security signals.
Security analysts of all experience levels can also be empowered with machine learning through pre-analyzed context for investigations, making it easier for them to discover threats. This enables CISOs to proactively combat sophisticated attacks by accelerating detection efforts, reducing the time for investigation and response.
The Digital Eye Sees All
Once a machine learning system is in place, organizations need to identify solutions that employ behavioral analytics which will baseline normal behaviors and identify irregularities. While the technology is advanced, the concept is simple.
A pattern of user behavior is established and stored in the system. To adequately address the threat, CISO’s should consider using solutions which are ambient to completely surround an intrusion while harnessing the power of the machine learned system’s cognitive nature. This combination creates an evolving “virtual intelligent eye” defense shield that provides real-time behavior analysis and anomalous user access monitoring.
This type of solution provides an eye that learns, understands, recognizes and remembers normal user habits and behavior as they use applications in their daily work. The eye generates a digital “fingerprint” based on behavior for every single login, by every user, in every single application and database across the organization.
If your organization deploys this type of comprehensive cybersecurity system, a gloomy doomsday scenario offered up by many cybersecurity ventures will no longer be a concern.
About the Author
Santosh Varughese serves as the Co-Founder and President of Cognetyx. He brings more than 30 years of leadership experience building companies into profitable, high-value enterprises.
His mission for Cognetyx is to deploy new, powerful technologies combining the art and science of machine learning and artificial intelligence to directly address the challenge of quashing the insidious growing problem of healthcare data breaches and privacy violations that affect hundreds of millions of Americans.
He began his career with Royal Dutch Shell designing high-speed fiber optic communications between Cray Supercomputer and IBM (News - Alert) mainframes. His next venture led him to Procter & Gamble in International Marketing for Pampers and Luvs in Switzerland, then Germany, to Singapore, and finally, Saudi Arabia.
Varughese’s passion and spirit for innovation have led to his involvement in various startups in fields ranging from global product licensing and distribution, advertising agencies, brick & mortar operations and online ventures including his most recent – co-founding Healthpost.com, which was acquired by The Advisory Board (NASDAQ:ABCO) in May 2014.
Edited by Alicia Young