Harnessing the Power of Machine Learning and Automation in Cybersecurity: Part Two in a Three Part Series on Navigating Change in Cybersecurity.
In the first blog post in this series—Raising the IQ of Cybersecurity—we discussed how good cybersecurity requires innovative and continuous security services to manage risk. CVP’s answer is our “Predict. Prevent. Protect.” model, a structured cybersecurity approach that delivers service across multiple domains allowing for continued maturity growth.
One of the elements that defines the “Predict. Prevent. Protect.” model is our “Anticipate. Automate. Prevent.” Intelligence Driven Approach (AAPIDA) for Security Operations. This model leverages a multi-tool automated approach to communication, containment, eradication, and recovery based on the type of alert/incident. AAPIDA shifts the manual, human-based process and event analysis to machine based intelligent automation, reducing the response and containment times from minutes/hours to a matter of seconds and allowing staff to perform more sophisticated security analysis and threat hunting functions.
This approach leverages Security Orchestration, Automation, and Response tools to automate playbooks and/or machine learning, artificial intelligence, and Robotic Process Automation (RPA) based techniques to build intelligence driven automation. Key factors steering intelligence driven automation include security playbook automation, integrating external threat feeds with internal vulnerability data for deriving threat intelligence, adding/correlating context information to monitoring data, automated correlation and predictive analytics, and automating hunt procedures.
Furthermore, the AAPIDA approach accounts for the need to aggregate, curate, disseminate, and automate/orchestrate the incident response process that enables flexibility without sacrificing response fidelity. As organizations invest in the use of real-time event data for detection and response, sophisticated threat intelligence machine learning adoption improves visibility into unknown risks and strengthens the security posture of the enterprise. Achieving data science maturity within the context of cybersecurity means empowering the right person with the right intelligence to act while minimizing false positives.
Striking a Balance Between Human Analysis and Machine Learning Technology
Machine Learning enables an organization to move beyond blacklisting to automated threat hunting through the dynamic recognition of threats based on the rich, contextual recognition of factors like maliciousness ratio. While an experienced human analyst can recognize dynamically evolving threats based on gut feeling, machine learning models win the contest of scale in a world where a unique strain of malware is identified every several seconds.
Training the machine learning models with enough data to recognize dynamically evolving threat events in real time carries several requirements, including the use of both internal network data and third-party threat exchange data for total visibility. The analytic engine’s ability to identify, integrate, and adapt to the changing events landscape in real time provides analysts with actionable recommendations. Since CVP’s cybersecurity experts understand how a threat intelligence machine learning model arrived at a decision, the recommendation is trusted and ensures the right response.
At CVP, we are continually working to enhance our cybersecurity professionals’ expertise, allowing them to be further integrated thinkers and problem solvers adapting to the challenges they will face in the future. Our goal is to enable the security architecture within an organization to be future-resilient. That way, it can account for advancements in Machine Learning to continually improve the underlying security architecture.
Stay tuned for the third and final part in this series: Creating a Framework for Continuous Improvement in Cybersecurity.