Articles by Christopher McDaniels
Artificial intelligence and machine learning are the rage in tech right now and not surprisingly, many cyber companies are beginning to automate an increasing amount of their operations. Some of this is great, particularly when it assists cybersecurity professionals to automate mundane tasks and focus more of their attention on higher level analysis. But so far, machine learning is more hype than helpful for cybersecurity, but that does not mean you can’t automate some tasks to keep your organisation safe. Effective machine learning applications At its most basic, machine learning technology is supposed to enable cybersecurity companies to predict the nature of future attacks based on past behaviour, similar to how Netflix displays what you want to watch based on what you’ve previously viewed. According to Jack Gold, president and principal analyst at J. Gold Associates, this innovation can assist cyber companies to transition away from a “signature-based” system to detect malware. Instead, he sees more companies adopting a machine learning approach that aims to analyse past incidents in a broader manner and aggregate information from a multitude of sources. Machine learning technology is supposed to enable cybersecurity companies to predict the nature of future attacks Specifically, some machine learning applications for cybersecurity are effective at doing the following: detecting malicious activity, helping security officers determine what tasks they need to complete in an investigation process, analysing mobile endpoints, decreasing the number of false positive threats, automating repetitive tasks like interrupting ransomware, and potentially closing some zero-day vulnerabilities. A number of tech giants have invested in these capabilities recently, including Google, which is employing machine learning to help protect Android mobile endpoints. Amazon also bought a startup called harvest.AI to help it aggregate and better understand data located on the S3 cloud storage service. Limitations of AI for cybersecurity That said, the signal-to-noise ratio for threat intelligence-type automation events isn't effective for most organisations at the moment. The reality is automating threat intelligence - or in other words, identifying adversaries automatically - is difficult to execute within an organisation because every company’s threats, vulnerabilities, and risks are unique. Ultimately, machine learning can help cybersecurity outfits, but it can’t replace many important functions. In an article for Forbes, Alexander Polyakov explains well why machine learning’s applications for cybersecurity are limited. He writes, “There will always be a person who tries to find issues in our systems and bypass them. Therefore, if we detect 90% [of] attacks today, new methods will be invented tomorrow.” Cybersecurity outfits can pair their human intellect with machine technology to catch hackers before they do too much damage Put in another way, there is a reason that machine learning is very good at predicting events like the weather. As McAfee CTO Steve Grobman described at McAfee MPOWER, their annual security conference, the weather abides by laws of physics. So even with phenomena such as global warming, the weather will largely act in the future based on how it has been in the past. Pairing human intellect and machine technology Cyber attacks, meanwhile, are the complete opposite. Hackers become smarter, and are always one step ahead of cybersecurity officers, inherently and frequently shifting their strategies so that CISOs will not detect them. For all the incidents machine learning technology can identify, which is helpful, there will always be sophisticated attacks that no machine learning algorithm will be able to find. It is also worth stating a simple fact: Humans hack. While they may use fancy technology to deploy these attacks, it is a human-led effort. Therefore, at the highest level, cybersecurity officers will be the only force able to stop hackers from penetrating critical networks. Machines don’t fully understand us. Only humans can still (and probably always) comprehend hackers’ larger strategy. Instead, cybersecurity outfits can pair their human intellect with machine technology to sort through data faster and catch hackers before they do too much damage. No cybersecurity company should be led by robots -- and that’s a good thing.
Cybersecurity has become a major element – and a major source of discussion – in the physical security marketplace as a result of the rise in networked systems. And we may still not be talking enough about cybersecurity. Here is part one of our Cybersecurity series. “Cybersecurity requires everyone in the security industry to be playing offense and defense at the same time, every single day,” says Bill Bozeman, President and CEO of PSA Security Network. “It needs to just become part of the standard conversation when we are talking about physical security because they are so intertwined.” Creating new industry leaders Cybersecurity and physical security can be seen as two parts of a single entity, and increasingly the two will be combined at the enterprise level over the next several years. “This convergence of physical security and cybersecurity will create new industry leaders that will emerge to lead a new segment of the combined market through strong investment and leadership,” says Rob Lydic of ISONAS, now part of Allegion. Data capture form to appear here! Cybersecurity issues dominate almost every discussion in today’s physical security industry, and the clear message is that “manufacturers and integrators must continue to create robust and scalable cybersecurity offerings to protect customer data and facilities,” says Lydic. He contends that cloud services providers (such as ISONAS) are more cybersecure and reliable ‘by orders of magnitude’ than non-cloud solutions. Cybersecurity is linked to cloud-based systems and managed security service provider models Cloud-based services The Security Industry Association (SIA) has listed cybersecurity as one of 2019’s ‘Top Megatrends’ in the physical security market. SIA says it is important to prioritise cybersecurity among security businesses, for customers’ businesses, and for vendors. The trend calls for continual process improvement and investment. Bill Bozeman of PSA Security Network agrees: “Cybersecurity has definitely taken a strong foothold in the industry.” With the continued expansion of cloud-based services, cybersecurity will be more important than ever to integrators, manufacturers and end users alike, he says. Notably, cybersecurity is directly linked to two other important industry trends listed by Bozeman: cloud-based systems and the rise in recurring monthly revenue (RMR) and managed security service provider (MSSP) models, whose focus will include cybersecurity. Loss prevention executives The days when cybersecurity was exclusively the domain of the information technology (IT) department are gone. “Cybercrime is one of the biggest threats organisations of all sizes and types face today,” says Michael Malone, CEO of ADT Cybersecurity (formerly known as Datashield). “Considering the magnitude of these crimes, it now falls on the entire organisation, including the traditional security or loss prevention executives, to band together to combat these threats.” Cybercrime is one of the biggest threats organisations of all sizes and types face today Malone favours (and his company offers) a managed detection and response (MDR) service, which combines advanced technology and human analysis. Using packet capture on the network, an MDR analyst can ‘replay’ a cyber security event and dig deeper into the incident and determine remediation steps. It’s an approach that significantly cuts through false positive ‘noise’ so security teams can focus on what matters. Helping security officers Interestingly, cybersecurity is poised to benefit from another major trend in the physical security market – the rise of artificial intelligence. Specifically, machine learning applications for cybersecurity include: detecting malicious activity, helping security officers determine what tasks they need to complete in an investigation process, analysing mobile endpoints, decreasing the number of false positive threats, automating repetitive tasks like interrupting ransomware, and potentially closing some zero-day vulnerabilities. But AI in this case is not a panacea. Christopher McDaniels of Mosaic451 recommends pairing human intellect with machine technology to sort through data faster and catch hackers before they do much damage. See part two of our Cybersecurity series here.