Sanil Nadkarni, VP & Global Head - Global Enterprise Security & Risk Governance, SLK Global
It’s 2 am late night, its pitch dark and Vanya K (CISO) is deep a sleep. He suddenly wakes up hearing his cell beeping. Hearing the news his stomach felt upside down, he stood still with terror. What was the news all he got that d ay? H e n oiselessly m ade h is w ay t o h is chair and wished if he would have heeded to the advice of his consultant on investing in security analytics to detect Ransomware attacks and zero day attacks. Have you ever had such sleepless nights worrying about such horrifying news?
A Forbes Article reported that 2017 will be the year of cyber warfare. The pace and scale at which the security threats are accelerating is incredulous. The perils are not only due to hackers becoming increasingly ingenious but our inability to keep up to the pace at ever-changing threat landscape. According to a recent, report more than 90 percent of the organisations have legacy and archaic systems, fragment security products which are holding organisations from tackling advance threats. Legacy systems work in isolations and do not integrate well to detect patterns and correlate attack
So how do we tackle these adversaries and find a solution to the ever changing security landscape? As Vanya (CISO) got the news that his financial server was hit by a ransomware and the hackers are demanding two million to release the systems.
To combat these emerging threats many successful organisations considering security analytic as a tactical weapon of choice. Many CISO’s are looking at how analytic can add to their security arsenal and drive the security of solving these complex security challenge faced by the organisations.
Security Analytic is not a product : Security analytic is not a product or a turn-key solution which you can plug it on to get real-time data. There are arrays of multiple open source and commercial data analytic tools and techniques which can be used to integrate to add more in-depth learning of your security landscape and add value to your organisation. Analytic methods such as context based analytics, statistical or machine learning derived analytics can be used basis requirements.
Data scientist: Security analysts often have only InfoSec competency however they may lack analytical mind-set. CISO’s may look at making way for data scientist in their team to add analytical side of their brains to the business. Data scientist experts can analyse security related structure and unstructured data and to extract deeper knowledge of the security threats from the data. Alternatively, security analysts should learn to think with an analytical mind-set and add value to the business.
Analyse: An mid- size to large-scale enterprise systems produces millions bytes of logs every day making it impossible for any security analyst to get any insight from these logs. One of the most important aspects of security analytics software is integrating data from different devices and applications, as a single data source may provide insufficient information to understand an attack. Security analytic techniques can not only purge and correlate the data but also add predictive base behaviour to thwart futuristic attacks. Scientific methods such as pattern recognition and machine learning processing can demystify pernicious attack. To give a 360 view of security threats a good visualizations techniques can be utilised.
As CISO’s and security practitioners we need to realise that no one product can help fight cyber-attack, it’s time we embrace the power of advance analytics coupled with artificial intelligence and machine learning to bring in deeper knowledge and uncover new unknown emerging threats and drive security to protect our business.