In 2018, the total volume of all electronic data ever created reached 18 billion terabytes. By the end of 2020, that will have more than doubled. The data generated through security monitoring, while smaller in volume, has been growing at a similar pace.
As we enter the fourth industrial revolution, the transformational power of technology lies in how human beings can maximise value from what is sometimes called the data overload. Equally, turning the growing volumes of security-related data into actionable insight is vital for effective cyber security.
Cyber security: a brief history
So firstly, how has cyber security evolved over time? For many years, cyber security analysts inspected and assessed data about a myriad of cyber threats using a mix of standalone solutions. Security tooling was dotted around the network, with each tool generating its own volumes of data about threats relevant to its specific function.
As a result, the number of security controls grew significantly, making it harder for organisations to detect and respond to threats in reasonable timeframes. Analysts were flooded with alerts, many of which were ‘false positives’; this hid genuine attack data and, most importantly, hampered effective decision-making.
At the same time, ongoing digitalisation exacerbated data volumes, with increasing convergence of information technology and operational technology (OT), the growth of the Internet of Things (IoT), and vast infrastructures linking together multiple systems and networks. As businesses strive to integrate plant equipment and new IoT devices into their networks, this broadens the attack surface. Given the increasing connectivity of such devices, securing these systems and networks requires visibility across the connected whole.
From reactive to prescriptive
Dealing with the ever-expanding data volumes and ever more complex cyber threats clearly places an increasingly heavy burden on the skills and knowledge of cyber security analysts. Advanced computing power, automation, machine-learning and artificial intelligence (AI) have catalysed a revolution in cyber security.
By harnessing these capabilities over time, cyber security has moved from reactive analysis – which tells you what has just happened, through proactive analysis – which extrapolates what may commonly happen next, to prescriptive analysis – which uses machine learning to identify patterns in the data that might indicate a zero-day threat or attack in progress.
To compare this to the aerospace industry, proactive maintenance might suggest that an aircraft part requires inspection; in contrast, prescriptive maintenance would use data from an aircraft fleet to identify points of failure before they occur, resulting in higher safety and lower costs.
Human and machine
In a Prescriptive Security Operations Centre, more automation is deployed and can analyse the bulk data gathered over long timeframes; this enhances the analysts’ ability to spot patterns and trends, identifying common types of attack or specific targeted industry sectors.
Uses of advanced analytics include: pattern recognition to identify malware and other threats; anomaly detection to find unusual activity, data or processes; natural language processing to convert unstructured text into structured intelligence; and predictive analytics to process data and identifying patterns. From there, the response to any detected threats can be seamlessly orchestrated.
Responses to known threats are automated based on a high level of confidence using pre-configured scenarios. In other cases, multiple data points are collated and enriched with contextual threat intelligence to help the analyst make evidence-based decisions, including whether to trigger automated ‘playbooks’. Crucially, prescriptive security frees up cyber security experts and analysts to focus on advanced detection, in-depth analysis and threat hunting tasks.
Cyber security ecosystem
To implement an effective prescriptive security strategy requires organisations to consider cyber security as an ecosystem, with all available data brought together into a single repository where it can be effectively analysed. The AI-driven insight into this ‘data lake’ enables organisations to take an evidence-based, risk-driven approach to managing their security posture.
Without this, an organisation’s cyber security approach can become a game of chance, with obvious implications ranging from potential loss of service to negative impact on share price, regulatory compliance and reputation; trust is central to every business’s success.
Prescriptive security is both the solution to, and the opportunity created by the huge volumes of data being generated. While computing power is critical, so too are the skills, insight and talents of human cyber security experts who enable organisations to navigate the best and worst of the data overload.