Similar to corporate auditors and risk and compliance managers, security teams are often viewed as a hindrance to business growth. They are deemed the killjoys of business innovation by imposing restrictions on access, rules and controls, and responding with “no.” Given this perception, security teams are often times not thought of as innovative or creative. Yet that’s precisely what needs to happen.
Mounting pressures forcing change
Security teams are under tremendous pressure today. According to an Imperva study released at RSA Conference 2018, 27 percent of enterprise security teams are hit with more than one million alerts per day. Additionally, more than half of IT professionals admit they have difficulty differentiating between critical incidents and false positives, sending these workers in a furious tailspin that leads to alert fatigue.
How quickly security professionals can detect and mitigate threats is essential to preventing significant damage to the organization, with consequences impacting customers, reputation and product development.
In this stressful and highly vulnerable environment, security teams are forced to follow standard frameworks and processes to protect their organizations. It’s a rigid mindset that’s been around for years, so there is comfort in adhering to industry standards and implementing traditional cyber security control frameworks. The problem is this necessary process of monitoring the data and reacting to alerts is no longer good enough. We are in an age where it’s cheap to be a “bad guy” and it’s easy for them to evolve quickly. This leaves the organization steps behind and even more vulnerable to experienced hackers who know how to game the standard frameworks.
Setting intelligence free
It’s time for the security world to shift its approach from just standard, static dashboards and monotonous procedures to more creative and strategic methods. Forward-thinking companies are starting to augment human intuition with machine learning to create a more proactive organization that’s ready for the ever-shifting threats of today. Thus, strengthening their security posture, better supporting business innovation, up-leveling talent and increasing job satisfaction. Security teams need to be able to color outside of the lines by infusing new and independent thinking, essentially setting data and intelligence gathering free.
Here are three building blocks to help you get started down the path of being more creative, proactive and comprehensive in threat detection. By implementing these strategies, security teams can transform into the curious problem solvers they are meant to be.
1. Embrace a culture of data curiosity and continuous learning
Analysts of all levels have hidden capabilities. They aspire to be heroes by protecting the security of their organization. However, they struggle to unleash their inquisitive minds often due to the difficulty of mastering complex search query languages. Technologies such as natural language processing (NLP) have made it easy for analysts of all levels to ask questions of their machine data. Imagine the creativity that your analysts could demonstrate by communicating with their data as naturally as they communicate with each other. This approach is a game-changer — by embracing a culture of data curiosity and continuous learning, your security team can be inspired to investigate deeper and faster. One question of your data sparks the next for intelligent insights, impossible in a strict automated environment. Analysts can explore the data, map findings into context, ask new questions, and save the alerts they surface. New insights lead to valuable outcomes.
Now you can work with your team to up-level your analysts, helping them to ask the right questions and reviewing standard playbooks to uncover gaps.
2. Adopt a Dynamic Security Stance
Security teams should adopt technologies that will augment human intelligence and create a dynamic environment. Imagine setting up automated queries to run at intervals, asking probing questions of your data. This automated capability can replace static dashboards and quickly surface anomalies. Security teams should also experiment with new detection approaches, using data-driven metrics that are based on past threat activity. Another creative approach is to explore the dark corners of your data for “cold cases,” investigating past threats that have not been discovered yet.
I have witnessed the best organizations who enable people outside of the securities operations center (SOC) to help investigate their data with tremendous success. Physical security teams and their inquisitive mindset for example can immediately contribute in an environment where they can easily ask questions of the data and bring different perspectives to identify and prevent threats.
3. Make sure your data is in good shape
For security teams to better support the business, they need to get their data in good shape. Having the forethought to dig into your data store to figure out what is there is essential. Think of it as a data classification exercise, enabling security teams to better balance security measures and protect the company’s most critical information assets while enabling business innovation.
At the same time, security teams need to challenge data source assumptions. Unleashing data curiosity always uncovers data quality or data visibility problems in every organization. It’s critical for security teams to collaborate with data source owners to dive deep and get all their data to peak performance.
No doubt, there are many advantages to applying AI to cyber security. By adopting this technology and following the suggestions outlined above, security teams can augment human intelligence with machines to inspire more creative thinking in threat detection. What’s important to understand is that these machine learning systems won’t work right out of the box. AI models require oversight and collaboration with data analysts to produce meaningful results. Only when humans work alongside machines will we achieve the desired results.
Security teams want to enhance security efficacy, improve operational efficiency and deliver IT business initiatives, but the majority are stuck in old processes using static systems. Advanced technologies like NLP search eliminate the need for complicated and stodgy queries and instead results in data investigation that’s as natural, flexible and responsive as dynamic human conversations.