18.04.2019
Prescriptive security: using the haystack to find the needle
In our increasingly data-driven world, organizations are engaged in a race to gather operational and customer data and apply analytics to transform that data into valuable business insights. Yet one important application that is still rarely addressed is cybersecurity data analytics.
We regularly hear about major cybersecurity breaches and wonder whether they were preventable. Prescriptive security is about exactly that: preventing breaches from happening by leveraging big data and supercomputing capabilities. As technologies advance, cybersecurity is shifting away from a reactive and proactive model to a prescriptive model that can analyze analytics patterns in order to identify the next threats and to automate the security control responses. While cybersecurity has been focused on finding the needle in the haystack, prescriptive security instead uses the haystack to find the needle by leveraging big data and machine learning analytics and utilizing all data generated within the organization and outside the organization, in order to bring 360° security visibility and eliminate all potential blind-spots.
With a Prescriptive Security Operations Centre (SOC), organizations will be able to:
Face the ever-evolving threat landscape: the threat landscape has been increasing exponentially as the adoption of new technologies such as Internet of Things (IoT), big data and cloud computing are expanding the attack surface. Every three months, over 18 million new malware samples are captured, with zero-day exploits (malware that goes undetected by traditional anti-virus software) expected to rise from one per week in 2015 to one per day by 2021. With prescriptive security, threat intelligence is no longer a separate technology watching process managed through alert bulletins, but an integrated part of the SOC where threat intelligence feeds give actionable risk scorings and can detect unknown threats before they even reach the organization.
Significantly improve detection and response times: time is on the side of any adversary who is patient, persistent and creative. We’re fighting human ingenuity and attackers aren’t playing by the same rules as we are. Prescriptive SOCs can change current operational models and considerably improve detection times and response times. Instead of thinking in days and months to detect and correct threats, with machine learning and automation we can neutralize emerging threats in real time and prevent future attacks.
Optimize cybersecurity resources: while cyberattacks are growing in volume, complexity and pervasiveness, organizations will need to counter these using limited resources. The latest research estimates that by 2020, over 1.8 million cybersecurity jobs will not be filled due to a shortage of skills. Prescriptive security, by introducing artificial intelligence and automatic response, will optimize the use of cybersecurity professionals who will be able to automate responses to common cyberattacks and focus on the more complex and persistent ones. It will also introduce new cybersecurity roles, such as cybersecurity data scientists to integrate statistical and mathematical models and provide innovative mechanisms to detect future cyberattacks.
Next-generation infrastructure
Prescriptive security advances a tri-dimensional paradigm by increasing the detection surface, increasing the velocity of response and decreasing the reaction time. By using big data, analytics and supercomputing, it also effectively optimizes the cost factor (human resources cost plus storage/compute power costs).
Prescriptive security SOCs will be the next-generation cybersecurity infrastructure that the digital economy needs to enable and engender confidence. With this in place, organizations will be able to effectively protect their business assets including valuable business data and customer personal data.