In our increasingly data-driven world, organisations are engaged in a race to gather operational and customer data and apply analytics to transform that data into valuable business insights. Yet one important application that is still rarely addressed is cyber security data analytics.
From Proactive to Prescriptive
We regularly hear about major cyber security breaches and wonder whether they were preventable. Prescriptive Security is about exactly that: preventing breaches from happening by leveraging big data and supercomputing capabilities. As technologies advance, cyber security is shifting away from a reactive and proactive model to a prescriptive model that can analyse analytics patterns in order to identity the next threats and to automate the security control responses.
While cyber security has been focused on finding the needle in the haystack, Prescriptive Security instead uses the haystack to find the needle by leveraging big data and machine learning analytics and utilising all data generated within the organisation and outside the organisation, in order to bring 360° security visibility and eliminate all potential blind-spots.
With a Prescriptive Security Operations Centre (SOC), organisations will be able to:
• Face the ever-evolving threat landscape: The threat landscape has been increasing exponentially as the adoption of new technologies such as Internet of Things (IoT), big data and cloud computing are expanding the attack surface. Every three months, over 18 million new malware samples are captured, with zero-day exploits (malware that goes undetected by traditional anti-virus software) expected to rise from one per week in 2015 to one per day by 2021. With Prescriptive Security, threat intelligence is no longer a separate technology-watching process managed through alert bulletins, but an integrated part of the SOC where threat intelligence feeds give actionable risk scorings and can detect unknown threats before they even reach the organisation
• Significantly improve detection and response times: Time is on the side of any adversary who is patient, persistent and creative. We’re fighting human ingenuity and attackers aren’t playing by the same rules as we are. Prescriptive SOCs can change current operational models and considerably improve detection times and response times. Instead of thinking in days and months to detect and correct threats, with machine learning and automation we can neutralise emerging threats in real time and prevent future attacks
• Optimise cyber security resources: While cyber attacks are growing in volume, complexity and pervasiveness, organisations will need to counter these using limited resources. The latest research estimates that by 2020, over 1.8 million cyber security jobs will not be filled due to a shortage of skills. Prescriptive Security, by introducing artificial intelligence and automatic response, will optimise the use of cyber security professionals who will be able to automate responses to common cyber attacks and focus on the more complex and persistent ones. It will also introduce new cyber security roles, such as cyber security data scientists to integrate statistical and mathematical models and provide innovative mechanisms to detect future cyber attacks.
Prescriptive Security advances a tri-dimensional paradigm by increasing the detection surface, increasing the velocity of response and decreasing the reaction time. By using big data, analytics and supercomputing, it also effectively optimises the cost factor (human resources cost plus storage/compute power costs).
Prescriptive Security SOCs will be the next-generation cyber security infrastructure that the digital economy needs to enable and engender confidence. With this in place, organisations will be able to effectively protect their business assets including valuable business data and customer personal data.
Digital Vision for Cyber Security
This article, by Zeina Zakhour, Atos Global CTO for Cyber Security, is part of the Atos Digital Vision for Cyber Security opinion paper. It covers what every business should know about cyber security, why a concerted response is essential, and how to protect data, systems and services from any attack.