I recently caught up with a friend of mine that I met years ago during a pretty crazy Bentley test drive in Park City, Utah in the middle of winter while there for the Solera Customer Advisory Board meeting. This friend, Brian Contos, CISO of Verodin, and I chatted on the Cybersecurity Effectiveness Podcast. On the podcast, we discuss the transformation of talent and technology, Bentley test drives, and Iron Man.
One of the prime objectives in security incident management is reducing dwell time to the absolute minimum. I think machine learning and process automation through orchestration will have a significant impact on accomplishing that due to the volume of log data that information security teams must sort through. Those volumes simply can’t be effectively reviewed by humans, as indicated by continued breaches.
Having anomalous activities identified by machine learning technologies will allow threats to be identified at near real time 24/7 for continuous visibility, which is critical. That in turn will reduce risks to the business, especially given the talent shortage in cyber security.
Other changes I see having a real impact on risk reduction is a move toward continuous testing through simulated attacks to validate and improve security tools. I also feel that there is a transition away from the traditional perimeter-based and network-centric models to a cloud-based, application-centric model that provides greater flexibility and adherence to data-centric classification policies.
As information security continues to be increasingly seen more as a business issue to be addressed, the historical perception and expectation of security teams engaging and adding value by simply managing firewalls and AV are long outdated. That said, while there’s certainly a critical need for security to be collaborating heavily with all IT functions, if the security team is seen only as an IT function, it will be limited in its ability to address those business risks and issues. For those reasons, I’m a big advocate of seeing information security as a brand protection function, which can help when engaging the business in discussions of risk.
Check out the podcast to listen to our full conversation.