Prescriptive Security: the journey to self-learning cyber security
In June 2017, over 200 million records were publicly leaked worldwide, putting sensitive data at risk and undermining trusted relationships between organisations, citizens, partners and other stakeholders. In 2016, 87% of organizations reported at least one cyber attack. With cyber threats expected to continue to grow in size, frequency and complexity, the annual global cost of cybercrime could rise to around US$6 trillion by 2021.
As recent experience has shown, the digital threat landscape continues to evolve. It’s clear that a paradigm shift is needed to effectively manage cyber security. We are starting to see a move from traditional in-depth cyber security based on multiple layers of protection to supercomputing and automation. This new model harnesses data to learn from past threats to interpret and prevent future attacks before they strike.
Today it takes on average 190 days to detect a data breach in an organization’s environment, reflecting the lack of necessary cyber security expertise. In this time, vast amounts of information may already have been stolen and entire infrastructures infected and hacked. In the constant struggle against the clock, a new model, Prescriptive Security, compresses the response period to a cyber-attack making time work for organisations instead of against them.
Prescriptive Security can solve threats in real time
In essence, Prescriptive Security brings together two key technology building blocks:
- Analytics and machine learning: we can reduce cybercrime by using supercomputing to learn from historical data and put algorithms in place in response to these learnings. A data lake powered by high performance storage and analytics software makes it possible to collect, aggregate and access high volumes of data. Prescriptive Security analytics integrates all key elements in the environment (from the Internet of Things, operational technology and information technology) and leverages threat intelligence gathered outside of the organization (surface web, the dark and deep web, social media and partners’ feeds) to proactively block imminent cyber-attacks. By analysing structured and unstructured data, we can develop behavioural and contextual profiles to protect against current and future threats. Indeed, we can stop attacks before they happen by using the data we’ve collected to develop notions of what’s next and by extending our scope of data collection (hunting outside the organization as well as inside) so that a state of readiness is preserved.
- Automation. When threats are detected, a response must be instant. Prescriptive Security minimises the need for human intervention by using automation to expedite a clean-up. This not only neutralises the threat but it also analyses its root causes to alleviate future attacks. Automation means resolution happens faster and more efficiently, freeing up resources.
- Optimized human resources: Prescriptive Security can optimise an organisation’s cyber security resources and free them from spending valuable time detecting threats and then acting on them. This means that cyber security teams can focus their resources where most needed.
Prescriptive SOC will also introduce a cultural change and new cybersecurity roles such as cyber security data scientists . These cyber data scientists will integrate statistical and mathematical models in the SOCs providing innovative mechanisms to detect future cyber-attacks.
To understand how Prescriptive Security can address the current cyber security threats and prepare the organizations for the future ones, let’s focus on the past couple of months where ransomware attacks (Wannacry, NotPetya) forced many businesses to completely shutdown their infrastructure. These Ransomware attacks leverage EternalBlue exploit tools which were leaked on the deep and dark web nine months ago. With Atos Prescriptive Security, organizations would have already been aware of these threats and Atos would have implemented the necessary security controls to block the attacks before they even happened.
Also we have noted that a number of the ransomware attacks were actually smokescreen attacks where cybercriminals planted ransomware as a false flag to hide that they had already stolen sensitive data from the organization. Deploying Atos Prescriptive Security post-attacks will help organizations unveil undetected stealth attacks. This is possible with the use of Atos Machine learning capabilities on current and historical data.
The current pace of digital change will never be as slow and we know that data volumes will grow exponentially over the next few years. What’s termed ‘big data’ today will appear dwarfed in just a few short years. The success of this digital revolution will depend on how quickly and efficiently cyber security practices evolve to counter increasingly complex, rapid and aggressive threats as they occur. This is essential to protect every institution that is susceptible to attack, from multi-national enterprises and central governments to smaller companies and local government agencies.
Atos Technology Days 2017 : Watch the Prescriptive Security Operations Center Demo
At the Atos Technology Days 2017, Farah Rigal, Global SOC Transformation Program Director, presented the next-generation Security Operations Center enabling organizations to neutralize cyber-attacks before they reach their goal. If you’d like to find out more about the event, please visit Atos Technology Days.