How combining human expertise and AI stop cyberattacks

Hear from the CIO, CTO and other C-level and senior executives on data and AI strategies at the Future of Work Summit on January 12, 2022. Learn more


The biggest challenge for CISOs in 2022 is the speed and intensity of cyber attacks. The latest real-time monitoring and detection technologies improve the barriers to attack failure but are not in vain. CISOs tell VentureBeat that bad performers avoid searching with first-line monitoring systems by modifying the attack on the fly. That is a cause for concern, especially with the CISO in financial services and health care.

Enterprise is in reaction mode

Enterprise risk monitoring, detection and response fail to get the most value out of cybersecurity strategies because they focus too much on data collection and security monitoring. CISOs tell VentureBeat that they are capturing more telemetry (i.e., remote) data than ever before, although they have short staff when it comes to understanding, which means they are often in response mode. .

The enterprise needs to be more aggressive in order to interrupt threats before they can affect operations. To do that, CISOs, and the CEOs and boards they report to, need to look at cyber security spending not just as a cost center, but as a business investment. VentureBeat spoke with CISOs who say the challenges of anticipating potential risks include budget limitations, hiring experienced cybersecurity analysts with expertise in threat analysis tools, and scaling up zero confidence in new machine identification and endpoints. These factors, coupled with the severity and speed of cyber attacks, lead to the integration of Managed Detection and Response (MDR) into their broader cyber security and IT strategies. In addition, CISOs and cybersecurity teams are prioritizing MDRs that can instantly integrate with existing technology stacks and their technology stacks using APIs to expand and expand infrastructure.

Risk education needs to be measured more quickly

Even the most advanced AI and machine learning-based threat monitoring and response systems need time to interpret, learn and defend against new attack patterns. Structured machine learning algorithms that rely on convoluted neural networks help reduce delays. However, bad performers are improving attack techniques faster than AI and ML techniques can respond.

MDRs see the market opportunity to close the growing search and visibility gap in the enterprise by providing experienced threat analysts as a service. They are hiring these analysts to strengthen real-time monitoring and detection with human skills to quickly identify complex discrepancies. The rapidly growing number of MDRs targeting this problem in the enterprise suggests that human analysis identifies inconsistencies in data and nonlinear interlinks with greater accuracy, prevents breaches, complex cyber attacks, sophisticated ransomware attacks, and restricted access to privileged access.

In its latest Market Guidelines for Managed Detection and Response Services, Gartner defines the role of MDRs as providing “search and response services that provide customers with remotely distributed advanced security operations center (MSOC) functions. These functions reduce risk and control organizations Allows to quickly search, analyze, investigate, and actively respond to. MDR service providers using predefined technology stacks (covering areas such as endpoint, network, and cloud services) to collect relevant logs, data, and contextual information. Provides a turnkey experience. ” Gartner’s definition of MDR and affiliate services prioritizes access to data and analytics, threat intelligence, and real-time reporting to avoid an attack based on 24/7, as shown in the figure below.

Diagram of various functions and MDR's associated services, including exposure management, bullying and incident response.

Above: At the very least, MDRs need to provide and manage extensible (ideally API-based) secure tech stacks that can integrate their clients into real-time threat monitoring, detection, and attack prevention.

Image Credit: Gartner

Cyber ​​security gaps give impetus to a growing market

Gartner’s study on emerging technologies predicts that the global MDR market will reach $ 2.15 billion by 2025, up from $ 1.03 billion in 2021 – a compounded annual growth rate of 20.2%. Gartner says there has been a 95% increase in customer inquiries between 2019 and 2020, with large businesses evaluating and adopting. Gartner’s report on emerging technology also cites the growing sophistication of cyber attacks, the shortage of skilled workers and the regulatory requirements that drive market growth. These factors contribute to the cyber security gaps that enterprises today face because they cannot respond quickly enough to threats.

451 Research’s Market Insight Report, Coverage Initiative: Pondurans Takes a Risk-Based Approach to MDR, Forecasting the Security Services Market Exceeds $ 24.3 Billion by 2025 MDR is one of the fastest growing security service markets, attracting providers such as Alert Logic. , Arctic Wolf, Armor, AT&T, Atos, Binary Defense, Blackpoint Cyber, BlueVoyant, Booz Allen Hamilton, Critical Insight, CrowdStrike, CSIS, Cybereason, F-Secure, Fidelis Cybersecurity, IBM, Cudelsky, NC, Security Open Systems, Orange Cyberdefense, Pondurance, Secureworks, SentinelOne, Sophos, Trustwave, Verizon, Viking Cloud, VMware and many more.

Prevent attacks with human insight and AI

MDRs distinguish themselves on the extent and scale of their committed service levels and their tech stacks. However, Pondurans, a notable competitor, recently announced a new cyber risk assessment solution that combines the insights of cyber experts and innovative technology platforms to reduce the risk of breaches and improve cyber resilience. Pondurans claims that its cyber risk assessments identify gaps in cyber security coverage on integrated dashboards that could be used to reduce the risks of breaches and ransomware attempts. Based on their track record of identifying threats on cloud platforms, networks, users, applications, endpoints and traditional log data, Pondurens says the new solution, combined with its core MDR services, will help organizations both proactive, aggressive and responsive. Defensive approach to improve their security posture and prevent cyber attacks. Last June, Pondurans acquired Bering Cyber ​​Security, a consulting and evaluation services provider. As a result, their flagship cloud-based platform, MyCyberScorecard, is now integrated with Pondurans Solutions to help enable each organization to detect and respond to cyber threats – regardless of size, industry or current in-house capabilities – With people. And technology.

A diagram of pondurans approaches and MDRs using AI and ML-based approaches.  Pondurence's MDR monitors network, endpoints, users, cloud, apps and servers and workloads and uses the data collected for threat recognition and investigation.

Above: The scope of the platform enables analysts and their clients’ ponderness MDR team to detect and respond to threats and take action on remedy recommendations.

Image Credit: Pondurens

“Organizations are rapidly moving toward a more remote distribution model, and with more and more cloud services being adopted, visibility is becoming harder to maintain and access,” said Lyndon Brown, Pondurans’ chief strategy officer. Not only sound education but his alertness and dedication too are most required. Linden also says that organizations have realized that looking at their networks and endpoints and exploring the risks that may already exist in the environment is also an increasingly important requirement.

Pondurans says its cyber risk assessments, powered by MyCyberScorecard, also enable collaboration between business and system owners to bridge the gap between policies, controls and operations. In addition, Pondurans cyber risk experts can communicate recommendations directly to MyCyberScorecard, helping consumers prove to regulators and insurance providers that they are making real progress in reducing their cyber risks. His approach has even broader values ​​for NIST Cyber ​​Security Framework (CSF), NIST 800-53, NIST 800-171, Cyber ​​Security Maturity Model Certification (CMMC), New York State Department of Financial Services (NYDFS). ), National Association of Insurance Commissioners (NAIC) data law, third-party risk and others in the future.

Conclusion

To identify and eliminate the source of the attack on the scale, we need to rethink how automation dominates the MDR landscape today. Even the best AI and ML-based real-time monitoring and detection technologies can’t keep up with how fast bad actors rediscover attack strategies on the fly. Instead, CISO combines the intuitive insights of cybersecurity analysts with the best possible insights that AI and ML-based real-time monitoring tools and techniques can provide. As the MDR competitive landscape matures, find hybrid approaches combining human expertise and AI to become more prevalent.

Venturebeat

VentureBeat’s mission is to become a digital town square for technical decision makers to gain knowledge about transformative technology and practices. Our site delivers essential information on data technologies and strategies so you can lead your organizations. We invite you to access, to become a member of our community:

  • Up-to-date information on topics of interest to you
  • Our newsletters
  • Gated idea-leader content and discounted access to our precious events, such as Transform 2021: Learn more
  • Networking features and more

Become a member

Similar Posts

Leave a Reply

Your email address will not be published.