There are more reports of security breaches/hacking taking place each day. From traditional viruses to “ransomware” to malicious web sites, the amount and severity of threats, and the ease with which these malevolent threats are created, grows unabated. With increasing sophistication of threat actors, the number and severity of attacks is increasing, and the number being prevented is decreasing.
To protect against a changing threat landscape, we need to look at security in a new way, especially if we are to protect corporate data from loss.
Maximizing enterprise data security requires a series of actions, increasingly difficult but increasingly necessary. Detection is the process that has been around the longest and which most organizations concentrate on by deploying anti-virus and similar on-client apps. But it’s really just a first step and should not be an end by itself.
Investigating the internal workings of the threat is next, leading to an understanding of the workings of the threat necessary to cope with the danger. This offers an improvement in overall security, but it’s not enough to stop here. It’s important that we continuously learn about the intricacies of the threat and any changes it may undergo in the real world, as well as the goals of its implementer. This is not easy but security companies are concentrating on this task.
We also need to be much better at knowledge sharing as it relates to threats, to enable a wider base of information driving our actions. This is so each organization doesn’t need to find each threat on its own, nor find a unique way to defeat it.
This is probably the single biggest challenge as very few companies, even at the security vendor level, currently do this effectively. But this intelligence sharing is required if we are to progress in the fight against malware.
Finally, we need to formulate a response based on the full analysis of the threat, and the subsequent assessment of how best to defeat it. This requires a partnership between the vendors providing security services that is often difficult to accomplish, given their reluctance to give away what they see as competitive information. Nevertheless we are starting to see signs of this level of cooperation emerging.
Without all of these steps, the ability to deal with current threats and with more complex future threats will be limited.
One of the primary needs going forward for threat detection and mitigation will be creating an intelligence based approach built on top of the security model outlined above. This requires creating an analytics based approach by collecting and analyzing large amounts of data. It’s unlikely a manual process can keep pace with all of the changing and emerging threats. Fully automated cognitive computing solutions now emerging will learn in real time and can be highly protective.
Few enterprises currently realize how much increased cognitive and analytics functions on mobile and fixed computers can result in more secure environments. Knowing normative user behaviors allows limiting unexpected ones.
Threat mitigation is related to cognitive learning about users and typical organizational uses. It includes expected pattern analysis between client and cloud, as well as learning about previous threat activities. It is similar to how the financial industry looks for anomalies in transaction history vs. behavior, raises flags when things look out of place and takes action to contact customers and limit losses. The more we know about normative behavior the more likely organizations will find all of the security anomalies to act on.
There are few security vendors that have the required technology and resources necessary to accomplish this task adequately. IBM, with its Watson initiative, and its extensive research and database of threats, has an excellent opportunity to lead in this space, although it is still early in the maturity curve. Other companies, such as RSA, Symantec and Intel/McAfee, with their extensive knowledge of threats and their increasing use of cognitive/A.I. type tools, will also provide next generation security to their customers. This will be both for traditional fixed devices, but importantly for current mobile and future IoT devices, where on-board tools may not be practical or sufficient to contain all threats. And it will entail an always connected device-cloud interaction to accomplish adequately. This will increasingly bring major networking vendors and carriers (e.g., AT&T, Verizon) to offer such services as well.
And it’s why Cisco has lately been making a number of moves into this space. You can expect more vendors to do so.
Enterprises would do well to start looking at emerging cognitive based solutions for security, particularly as it relates to mobile and IoT devices. This is an emerging field and solutions will continue to evolve, with new products being made available over the next 2-3 years. Old style anti-malware loaded on each device will not be sufficient to stem the threats now present and continuously emerging. Vendors are making progress in this space, but few enterprises have yet taken advantage of their capabilities. It is imperative they do so by making the transition to new security threat avoidance and mitigation services over the next 1-2 years, or face the potential for huge corporate losses.