By Michelle Davidson
Triple A protection coming to world of cybersecurity
It may be a brave new world in 2017 but it’s also a damn scary one for IT security professionals.
Just take a look at some recent Gartner assessments of the security situation:
- By 2020, 60% of digital businesses will suffer major service failures, due to the inability of IT security teams to manage digital risk.
- By 2020, 60% of enterprise information security budgets will be allocated for rapid detection and response approaches, which is an increase from less than 30% in 2016.
- By 2018, 25% of corporate data traffic will flow directly from mobile devices to the cloud, bypassing enterprise security controls.
- Through 2018, over 50% of IoT device manufacturers will not be able to address threats because of weak authentication practices.
When it comes to automation, security platforms will devise and execute controls based on newly detected threats and do it without human intervention. That reduces the time between a compromise and the time the threat is neutralized – reducing the window during which attackers can do damage.
Security analytics engines digest data from network gear and endpoints in search of anomalies that indicate threats. By setting a baseline for normal, these engines spot out of the ordinary behaviors and assess whether they represent malicious activity.
By incorporating AI and machine learning this technology will expand its ability to detect anomalies not only in network traffic, but in the behavior of individual machines, users, and combinations of users on particular machines.
As these platforms become more sophisticated and trusted in 2017, they will be able to spot attacks in earlier stages and stop them before they become active breaches.
And the big guns are all involved in making this happen: Cisco with its Tetration Analytics platform, IBM with Watson cognitive computing for cybersecurity; Google/Alphabet with DeepMind lab to name just a few.
Cisco’s Tetration Analytics product is a turnkey package that gathers information from hardware and software sensors and analyzes the information using big data analytics and machine learning. In the security realm the system sets a baseline for normal network and application behavior and quickly identifies any deviation in communication patterns in real time or uses Tetration’s forensics search engine to look for other security or user behavior analytics.
“The single most important things customers can do to protect the data center is set up a whitelist of who has access to what, but it is one of the most difficult tasks to implement,” said Tom Edsall, a senior vice president and CTO with Cisco. “Tetration lets users set up a white list model and policies more quickly and efficiently than they could before.” This capability will address key cybersecurity challenges and move toward the “self-driving data center” of the future, he said.
Sign up for Computerworld eNewsletters.