Last month, global system integrator Atos issued a report that argues organisations are now entering a new age of predictive cyber security.
Atos says organisations will no longer be resigned to waiting for cyber-attacks to happen, as they will have the ability to ward off threats even before they occur. They can do this, it says, by harnessing the power of automation and machine learning to understand and predict the threat landscape, stopping attacks before they take hold.
With many IT vendors now jumping on the driverless bandwagon of AI and machine learning, Atos sees an increasing number of organisations shifting from their traditionally reactive – or even proactive – way of dealing with cyber threats, to this new prescriptive model, which uses the technology to analyse data patterns to identify threats and automate the security control responses.
In fact, it argues a more automated cyber security approach is essential "to address the sheer scale, complexity and volatility of risks in the digital age".
"While cyber security has been focused on finding the needle in the haystack, prescriptive security instead uses the haystack to find the needle by leveraging Big Data and machine learning analytics and utilising all data generated within the organisation and outside the organisation, in order to bring 360° security visibility and eliminate all potential blind-spots," Zeina Zakhour, distinguished expert and global chief technical officer of cyber security, at Atos tells Channel Pro.
"With prescriptive security, threat intelligence is no longer a separate technology-watching process managed through alert bulletins, but an integrated part of the Security Operations Centre (SOC) where threat intelligence feeds give actionable risk scorings and can detect unknown threats before they even reach the organisation.
"We're fighting human ingenuity and attackers aren't playing by the same rules as we are. Prescriptive SOCs can change current operational models and considerably improve detection times and response times. Instead of thinking in days and months to detect and correct threats, with machine learning and automation we can neutralise emerging threats in real time and prevent future attacks," she notes.
Realigning budgets
This change in approach is reflected in a shift in IT security spending. Gartner says that in 2017, enterprises have moved away from prevention-only approaches to focus more on detection and response. The analyst house said spending on enhancing detection and response capabilities is expected to be "a key priority for security buyers through 2020".
"While this does not mean that prevention is unimportant or that chief information security officers (CISOs) are giving up on preventing security incidents, it sends a clear message that prevention is futile unless it is tied into a detection and response capability," it says.
Gartner argues that security investments and even preventive security controls, such as EPP, firewalls, application security and intrusion prevention systems (IPSs), are now being tweaked to provide more intelligence into security operations, analytics and reporting platforms.
This makes sense, with automation on the rise across the board. Spiceworks' recently released 2018 State of the IT Nation report noted than 43% of businesses are currently using IT automation and an additional 22% plan to adopt it in the next 12 months.
In addition, 38% of firms are currently using advanced security solutions, such as encryption, breach detection and biometrics, and an additional 28% plan to adopt them in the next 12 months.
However, Gartner predicts that by 2020, advanced security analytics will be embedded in at least 75% of security products.
These more advanced analytical capabilities are driven by a variety of underlying technologies, such as heuristics, artificial intelligence and machine learning, and other techniques.
These are creating new security product segments, including deception, endpoint detection and response (EDR), software-defined segmentation, cloud access security brokers (CASBs), and user and entity behaviour analytics (UEBA).
Of interest to the channel is that these new segments are reportedly creating net new spending, but are also taking spend away from existing segments such as data security, enterprise protection platform (EPP) network security and security information and event management (SIEM).
"The key enabler for CISOs in this endeavour is to get visibility across their security infrastructure to make better decisions during security incidents. This visibility will enable them to have a more strategic and risk-based conversation with their board of directors, CFO and CEO about the direction of their security program," says Gartner.
In an area such as IT security, where there is an evident shortage of skilled workers, automation may prove invaluable to shoring up a customers' defences. (Recent research estimates that by 2020, more than 1.8 million cyber security jobs won't be filled due to a shortage of skills).
"Introducing artificial intelligence and automatic response, will optimise the use of cyber security professionals who will be able to automate responses to common cyber-attacks and focus on the more complex and persistent ones," says Atos' Zakhour.
"It will also introduce new cyber security roles, such as cyber security data scientists to integrate statistical and mathematical models and provide innovative mechanisms to detect future cyber-attacks."
But where this skills gap exists within organisations, there remains an opportunity for the channel, as businesses seek help from security consultants, managed security service providers (MSSPs) or trusted IT partners.
To this end, successful channel firms will work with customers and prospects to understand use cases where analytics can deliver value and augment limited security staff and resources. As with any customer engagement, there is an opportunity for the channel to guide their customers through this new world of AI and analytics, become a specialist in the latest prescriptive approaches to secure, and ensure they are protected from the next generation of cyber threats.
