Cybersecurity: It’s about visibility and analytics, these days
By Benjamin Cher March 9, 2016
- Prepare businesses to reduce cybersecurity complexity
- Education needed for ‘high-risk’ employees
COMPANIES looking to get ahead of the cybersecurity curve usually look for the latest and greatest technology to put their dollars into.
But while the cybersecurity industry has an array of dazzling new products to offer every year, RSA chief strategy officer Niloofar Razi Howe believes that visibility and analytics are the future.
And this includes visibility and analytics for network as well as the endpoint – these are going to be the important, fast-growing markets, she told Digital News Asia (DNA) on the sidelines of the recent RSA Conference 2016 in San Francisco.
“What has to happen is that companies need to rationalise the investments they have made in security,” while they struggle to balance financial and regulatory pressures along with customer expectations, according to Howe.
“There is no question that there is a shift happening, a necessary one, from prevention and towards detection, analysis and response,” she said.
In an environment where the perimeter is ‘disappearing’ because of a variety of factors – from the Internet of Things (IoT) to Bring Your Own Device (BYOD) policies – this shift is becoming ever more important, Howe argued.
Firewalls, antivirus and such technologies are so ‘last generation,’ she said.
“Today, our perimeters are people and our devices, so you need to have complete visibility into your infrastructure and know what’s going on.
“There’s where you need to be making the investments if you want to continue protecting yourself against advanced threats,” she added.
By Howe’s definition, analytics “is data science and machine learning married to security research.”
“We need a whole new set of disciplines to look for the unknown unknowns,” she quipped.
Identity problems
Today’s attackers are not the mischievous hackers of yore just flexing their technical muscles for a lark, or to feed their egos.
“They’re adaptive and smart – the threat environment isn’t getting better, so we as an industry need to make our response better,” said Howe (pic).
And that’s where visibility and analytics come. The main focus of these technologies is solving the “identity problem,” she said.
“We need to layer more and more analytics into our systems, with behavioural analytics being a heavy investment for a lot of folks – this is going to matter a lot.
“Solving the identity problem, making it less complex, connecting the islands of identity and enabling it to function in a modern IT infrastructure – this is where folks have to make a lot of investment,” she added.
Even in sectors like healthcare, where cybersecurity awareness is increasing, human errors are still causing breaches or intrusions, Howe argued.
“It’s not about a security product not working or not having the right security architecture, it is about a human making a mistake,” she said.
Keep it simple … and focused
While threats are getting more advanced and complex, the best weapon against them is simplicity: Security has to be made less complex for businesses to cope with, according to Howe.
“You have to figure out how to reduce complexity, from an operating as well as a security architecture perspective.
“You need to have an integrated offering – that’s the only way you can have visibility into what’s going on, and you have to shift from the perimeter to hunting within your network to find malicious activity,” she added.
Education is important to reduce human errors, with Howe recommending a targeted programme rather than just a generic one.
“If you have an education programme that’s aimed at 100% of your employees, you kind of missed the opportunity because there is a small subset, perhaps 5% of your employees, who need much more education than the other 95%,” she added.
Identifying these high-risk employees can be key to securing the ‘human perimeter,’ and analytics would be vital in highlighting them for targeted education.
“This is not in terms of what they access, but how they are interacting with your systems and applications,” said Howe.
“Without that, the training doesn’t really accomplish what it needs to,” she adds.
Benjamin Cher reporting from the RSA Security Conference in San Francisco, at the invitation of RSA. All editorials are independent.
Previous Instalments:
Cybersecurity industry facing AI, privacy and trust issues: RSA president
Cybersecurity: Time for public and private sectors to step up
For more technology news and the latest updates, follow us on Twitter, LinkedIn or Like us on Facebook.