New advances in machine learning and mathematicians are now transforming our ability to defend against very complex, fast-moving threats, but we are only at the beginning of that transition. We are starting to see the Enterprise Immune System become a core component of today’s security strategies, whereby the machine understands what is going on in the network and spots threats, and the human does the high-value work of responding to top-level threats.
It is important to remember that cyber security is a very difficult problem to solve – and may be unsolvable. However, in the future, we will undoubtedly see further development and application of machine learning methods that will bring information security to ever new levels of sophistication and enhance our ability to defend our core information assets.
What are the essential features of a powerful threat detection solution?
As we make the transition to a new phase of cyber defense that takes into account the de facto vulnerability of our networks and inevitability of intrusions, threat detection tools have been forced to evolve too. The most serious and dangerous attackers do not use the same methodology twice – they use the full force of their resources and intelligence to maneuver themselves around their target’s environments without triggering concern.
For this reason, threat detection tools need to be able to spot more than just known threats, based on threat intelligence garnered from previous attack methodologies. If we want to do more than just react to cyber-attacks, these solutions must also detect threatening behaviours that have not previously been seen before.
Essential features of this immune system-style approach include the ability to self-learn, to operate in real time and to constantly adapt to an evolving business context and environment. Furthermore, they need a sufficient level of visibility into the network that allows them to spot very weak indicators which, when combined, may paint a compelling and dangerous picture.
The core value in next-generation cyber solutions lies in this ability to understand and calculate different likelihoods – or probabilities – to work out when a certain behavior constitutes abnormal and potentially threatening activity. Only by embracing uncertainty can IT security departments regain the advantage against their adversaries and manage risk in an effective and pragmatic way.