Bringing foresight to bear on security performance
Much is made of the ability of artificial intelligence to improve business performance in different ways and places in organizations. Financial Services as a sector is no stranger to these claims but remains some way off realizing the full business benefit which the technology promises.
One area of real high potential benefit which appears to be coming into focus only now is around improving security performance across the organization by creating and applying foresight to digital risks, particularly cyber risks. It appears that the key attributes of technologies most able to shift an organization’s security performance from reaction to prevention are augmented intelligence and, as a result, prescription.
Augmented intelligence, created by combining artificially intelligent tools and techniques, enables more data sources in widely differing formats to be ingested and applied through machine learning to identify and expose otherwise hidden relationships in data sets.
The nature of these relationships, once identified, is tested through the operation of supervised and unsupervised learning models, enabling cybersecurity specialists to receive, interpret and act quickly to neutralize more threats to data security than would have been possible without the augmented intelligence.
This looked interesting to me, but not without its challenges to today’s security systems and operations. I wanted to understand how augmented intelligence related to prescriptive actions in a security context. Here’s what I learned:
Prescription, the semi- or completely autonomous machine decision to act to neutralize a threat immediately, or subject to further controls, is a step which can therefore follow the receipt of newly identified threats to data. The degree of freedom to act granted to the machine remains firmly under the control and management of the organization. These two attributes are encapsulated in the term Prescriptive Security.
So, what is Prescriptive Security in practical terms?
Prescriptive Security is a state toward which forward-looking financial services organizations will work to achieve a step-change in data security performance.
To the familiar attributes of Security Incident and Event Management (SIEM) services - firewalls, malware protection, mail and web gateways, logs, audits, events and alerts – Prescriptive Security adds four new, broad dimensions:
- Enhanced analytics (1)
- Artificial intelligence (2)
- Enhanced threat intelligence (3)
- Security orchestration, automation and response (4)
(1) Enhanced analytics combines the ability to ingest and analyze massive and heterogenous data sets on an Advanced Analytics Platform, including the analysis of user behaviors to identify and distinguish genuinely threatening attributes from apparently threatening, but innocent attributes.
(2) Artificial intelligence directs computing power to mimic human intelligence to carry out deductive and interpretive tasks through a range of technologies and techniques including machine learning, which uses algorithms to analyze and draw deeper inferences from data to enable it to make a decision or a prediction about something. Machine learning includes Deep Learning which uses neural networks and very large data sets to train the system progressively to improve the accuracy and utility of its results.
(3) Enhanced threat intelligence extends and integrates the range of internal and external sources of threat information including semi- and unstructured data sets. Enabled both by artificial intelligence and advanced analytics, enhanced threat intelligence is made available to the network of security systems either as a starting point for a machine-led investigation or as corroborative data during one.
(4) These services are coordinated and directed by a Security Orchestration, Automation and Response platform: a single, comprehensive incident response engine which can deliver major - and accelerating - improvements to security performance over time.
Central banks have now started to turn their banks toward acting with security foresight, rather than hindsight. They’re doing it for a reason.
I hope the industry is listening.