I’m often asked what I like best about my job. One of my top answers is public speaking, learning and networking at security and technology events around the world.
Besides giving press interviews or speeches on cyberthreats, I really enjoy moderating panels and leading executive roundtables with public- and private-sector leaders at security and technology events. I often get asked to be a moderator for a few sessions at SecureWorld Expo events, InfraGard Conferences and regional technology forums, such as the upcoming MidWest Technology Leaders event.
During these panel sessions, the participants typically talk about a range of (hopefully intriguing) topics that include top cybercrime trends, cyberthreat intelligence, attracting and retaining cybertalent, big industry security breaches, internal security incidents or the always interesting (but overused question) “what’s keeping you up at night?”
Inevitably, security and technology topics include well known themes that I have written about such as ransomware, IoT botnets, cloud computing, smart cities, smartphone security, government CISO plans, securing the smart grid, end-user training, etc. Hopefully, we get beyond the problems and spend a few minutes on solutions. Nevertheless, the hopeful emerging technologies are often shortchanged in these panel discussions due to a lack of time.
Hazards on the Horizon Panel at SecureWorld Expo 2017 in Boston
Behind the Curtain
I often learn more in pre-event discussions, one-on-one CISO breakfasts and panel preparation sessions than I do during the actual sessions. There are many reasons for this, but most panelists want to talk about a set number of their company or government "talking points" that are pre-negotiated. Many CISOs and other tech leaders don’t want to discuss specifics about their company or difficult security situation in public, since stock prices, business reputations, brands and more can be impacted. In addition, as I have explained before, no security or tech leader wants to become an accidental news headline.
Meanwhile, the audience tends to ask questions about breach headlines or recent headline technology outage incidents with major impacts — rather than seeking a deeper dive into emerging new technologies.
So what are the new cybertechnology solution trends I am hearing about the most in private? What cross-industry topics are on the minds of CSOs, CTOs and CEOs — besides their own specific enterprise issues?
The three cybersolution topics I hear most about during these pre and post-panel discussions are analytics (including metrics), artificial intelligence (AI) and orchestration. In order to honor the “off the record” aspects of these conversations, I won’t be providing names or companies regarding what I’m hearing.
Analytics, ‘Big Data,’ ‘Little Data’ and Cybermetrics
Without a doubt, the topic that every CISO has near the top of their “must do” project list is to do more with cyberanalytics. That is, do more with the data they collect and sector incident data gained through vendor and Information Sharing & Analysis Center (ISAC) partnerships.
There are many companies that offer solutions in this space. Teredata describes cybersecurity analytics in this way: “Big data and deep analytics provide high-speed, automated analysis for bringing network activity into clear focus to detect and stop threats, and shorten the time to remediation when attacks occur.”
Recently, CIO Magazine ran this article: Feds to battle cybersecurity with analytics. Here’s an excerpt:
“With more real-time information sharing, officials envision cyber defenses moving from 'vaccine' to 'immune system,' a big analytics project that could achieve something like automatic security. …
Security firms offer a bevy of products that can intervene to mitigate the damage from a person clicking on a malicious link, [former deputy undersecretary of cybersecurity at the Department of Homeland Security] Phyllis Schneck said. But she envisions a much larger, global pool of threat data that could be tapped instantly and automatically to keep machines from falling prey to malicious actors, a system that would be aided by "big analytics" capabilities to make sense of the massive trove of data.”
Others think that “big data” is over-hyped, and we need to start thinking in terms of “little data.” Regardless of the approach taken, the discussion always leads to this wider cybermetrics topic with dashboards for management decision-making.
Another article from CSO Online reported that: Predictive analytics can stop ransomware dead in its tracks.” The article describes how Livingston County, Mich., has deployed predictive analytics as a defense against ransomware attacks.
But more than these two examples, I am hearing local, state and federal CISOs tell me that they are planning to do much more in their security operations centers (SOCs) with cyberanalytics products and services. How will this be done? There are numerous different approaches, but one set of solutions takes this topic to the next level with artificial intelligence.
Artificial Intelligence (AI) and Cybersecurity
Another topic that is hot right now is how will artificial intelligence (AI) help our cyberdefense efforts?
This recent article by Nasdaq.com describes how IBM’s AI is being used in the Department of Defense (DoD) because humans can’t keep up with cyberthreats.
In addition, “Aside from partnering Watson with H&R Block to process and analyze 11 million tax returns, the other major development has been the recent commercial release of cyber security by Watson to over 8,000 customers. With growing data sharing arrangements among members of the cyber security intelligence community, Watson was able to digest over 700 terabytes of data from just one partner (that is about 150,000 DVDs worth of data, enough to power Netflix for over 34 years without interruption). More data inputs only further empower the potential for AI in cyber security, allowing machine learning software to automatically detect, diagnose and counter cyber breaches in a more informed manner.”
I really like this article from earlier this year by SecurityWeek.com’s Torsten George on The Role of Artificial Intelligence in Cyber Security. The article describes three use cases for AI in cyber, including: Identification of threats, risk assessments and orchestration of remediation.
Here's an excerpt: “Too often, unsupervised machine learning contributes to an onslaught of false positives and alerts, resulting in alert fatigue and a decrease in attention. For opponents of AI, this outcome provides ammunition they typically use to discredit machine learning in general. Whether we choose to admit it or not, we have reached a tipping point whereby the sheer volume of security data can no longer be handled by humans. This has led to the emergence of so-called human-interactive machine learning, a concept propagated among others by MIT’s Computer Science and Artificial Intelligence Lab.
Human-interactive machine learning systems analyze internal security intelligence, and correlate it with external threat data to point human analysts to the needles in the haystack. …”
What Is Network and Security Orchestration?
The last area I hear quite a bit about from CISOs lately is network and cybersecurity orchestration. Like bringing together different instruments in an orchestra to produce beautiful music in a symphony, orchestration brings together diverse tools, processes and people to improve cyberdefense results and incident response to (hopefully) produce better results.
In this Network World article by Jon Oltsik from earlier this year, the state of incident response and security orchestration is described in more detail. He covers several vendor products and the outlook for the near future.
You can also learn more about the security orchestration market at this Business Wire article.
Final Thoughts
I am heading to another National Association of State CIO (NASCIO) Midyear 2017 meeting (follow at #NASCIO17 on Twitter) this week for discussions and networking with public- and private-sector partners. I always learn more about where things are heading in federal and state government cybersecurity and infrastructure at these gatherings, and we will be discussing many of same topics that I have written about in the past year.
One breakout session covers state government examples from what I think was the top cybertrend from 2016, namely Hacktivism and how hacktivists have been active all over the country.
In a keynote session, Virginia Governor McAuliffe is schedule to deliver some remarks, which will no doubt touch on cybersecurity and what is being done by governors through his NGA chair role.
But regardless of whether you will be at any of these security and technology events or not, I urge you to engage your team and vendors into deeper discussions regarding these three relatively new security topics. Analytics, AI and orchestration are already elbowing their way onto enterprise security agendas around the world, and regardless of the security problem — these topics are key pieces of cyberstrategy road maps and security solutions as we head toward 2020.
In conclusion, I started my industrywide 2017 cybersecurity prediction roundup at the end of last year saying cyberconcerns continue to escalate. And you ain’t seen nothing yet.