Credit: Google News
“Machine learning is here to stay” as a way of getting value from existing security-related data, ExtraHop director of security Barbara Kay told iTWire.
But “a lot of people claim [their product incorporate] AI but don’t deliver on it,” she observed.
AI is not always the best fit in a security context, suggested Kay. In general, there is a need to automate and manage risk effectively, and doing the wrong thing can be worse than taking no action – you don’t want AI to break your business by shutting down a crucial service, she said.
If an automated system detects suspicious activity, a common response is to shut down or isolate that component. That’s fine if it is just one PC in your contact centre, because all the other agents can keep working.
But when the suspect computer is part of a wider system (eg, a web server that’s part of an ecommerce site along with a database server and other elements), it’s important to understand the interdependencies before taking action, especially if restarting the overall system is a complex process.
Weak information leads to more false positives, and each decision made on the basis of weak information increases the risk of a bad outcome, she said.
Machine learning does have a part to play in maintaining security, but it should be “just in there” in much the same way as a driver doesn’t think about a car having anti-lock braking.
Traditionally, most of the effort has gone into the prevention part of IT security, said Kay. But there’s an increasing realisation that detection and response needs more attention.
Network traffic – if appropriately analysed – can provide useful information for the detection piece, especially as intruders increasingly know how to alter, disable or delete logs.
ExtraHop’s approach, which comes from its background in performance management, is to take a copy of network traffic for analysis. That way, “they [intruders] don’t know you’re there,” she explained.
This data provides “a strong foundation” for advanced analytics, and in turn those analytics go beyond detection to suggest possible courses of action.
This makes it easier for staff to explore situations, and allows them to investigate a larger number of alerts.
Traffic analysis “makes good business sense” for some organisations, said Kay, but it hasn’t been seen as a priority until recently. Now, organisations have a better idea of risks and costs, and “the downside of going down.”
LEARN HOW TO REDUCE YOUR RISK OF A CYBER ATTACK
Australia is a cyber espionage hot spot.
As we automate, script and move to the cloud, more and more businesses are reliant on infrastructure that has the high potential to be exposed to risk.
It only takes one awry email to expose an accounts’ payable process, and for cyber attackers to cost a business thousands of dollars.
In the free white paper ‘6 Steps to Improve your Business Cyber Security’ you’ll learn some simple steps you should be taking to prevent devastating and malicious cyber attacks from destroying your business.
Cyber security can no longer be ignored, in this white paper you’ll learn:
· How does business security get breached?
· What can it cost to get it wrong?
· 6 actionable tips
Credit: Google News