In the face of continuously evolving complicated threats, how does an organization stay secure? The old security paradigm that focuses on securing the perimeter and making sense of alerts and incidents no longer works in this new dynamic world.
In an interaction with CSO India, Surendra Singh, Senior Director and Country Manager at Forcepoint highlights the importance of revamping security strategy, and explains what works and what doesn't in the current threat landscape.
What are the three biggest security challenges that you see in 2019?
In 2019, critical enterprise and government data will be the new oil. The sheer magnitude of digital innovation that human ingenuity has exceeded our wildest expectations - from the amount of data that is transacted across a network to the 20 billion devices that will be connected by 2020.
The average enterprise uses hundreds of apps. However, the rate and pace of this innovation has accelerated well beyond our ability to secure it – the enterprise and its critical assets are now exposed more than ever.
The old security paradigm that focuses on securing the perimeter and making sense of alerts and incidents no longer works in this new dynamic world. Focusing on a constantly changing IT infrastructure doesn’t address the unpredictable behavior of people, and the volume of digital transactions today or tomorrow.
The time has come for shifting the paradigm from protecting infrastructure to understanding the behavior of users interacting with technology and automating the security response based on risk.
Which technologies are disrupting the cybersecurity landscape?
Few trends to look out for this year are:
• As security threats are becoming complex and insider threats loom larger than before – behavior analytics will be a major trend in 2019. Not only will User and Entity Behavior Analytics (UEBA) solutions be attractive to customers – but embedding behavior-based decision making will become the cornerstone of all existing cyber security solutions, such as NGFW, DLP, and Cloud Security.
• With cloud infrastructure adoption at an all-time high – cloud security will become an important trend. Cloud security solutions like Cloud Access Security Broker (CASB) will see higher demand from organizations to enable visibility and control, critical to erasing security blind spots and implementing a level of normalcy.
• Organizations are becoming more distributed. Connecting stores, branches and remote offices to the latest cloud applications, corporate systems, and data stored everywhere in between is more important – and more complicated – than ever before. Therefore, secure SD-WAN will be a significant trend that will reshape the distributed networks.
How can enterprises prepare better to deal with zero-day attacks and APTs?
“Data theft has become a harsh reality for many, with enterprise critical data & IP, people’s identities and personal information simply being another product available for trade, sale or unauthorized secondary use.”
The only way that we can respond to such attacks is, we need to look at how do machines and humans normally behave. We need to characterize it, and then figure out when they’re behaving in a different way, so we can catch those anomalies. Through the behavioral approach we can really catch hackers in whatever they’re doing.
The traditional enterprise security programs have limited means for understanding their users and therefore tend to apply security policies broadly to users grouped by role or departments. They then apply a least-privilege policy to the group, balancing access needs against organisational risk.
Within this framework, all users are therefore considered risky and subjected to the same restrictions. An answer to this legacy operational model is what we call Risk-Adaptive Protection, which uses human-behavior analytics to understand user intent and automatically dial up or down the appropriate security response to changing levels of risk. Risk-Adaptive Protection allows customers to adjust their policies to the behaviour of individual users, ensuring an optimal level of security without unnecessary business friction.
What impact will artificial intelligence (AI) and automated threat intelligence have on cybersecurity initiatives in the coming times?
AI is meant to bridge the gap with machines that can evaluate ambiguous activities, but we’re not there yet. AI can work well in certain niches, such as healthcare, marketing or autonomous vehicles for example, but it is not always broadly effective.
Our 2019 Cybersecurity Predictions Report states that there is no real cybersecurity AI at the moment, and there won’t be in 2019. Today’s cybersecurity solutions are more like machine learning, and require a lot of the humans-helping-machines model. That sort of solution won’t be sufficient in the long term.
What we really need is the right data scientists with the right data to train. It is not about which AI model or which machine learning tool. It is all about whether we have the right data to train the system and whether we have the right human to make sense of that data. I think it’s more of a need for new data sets in terms of quantity and quality. And alongside, having the right data scientists with the right experience to unlock it.
What is your advice to CSOs and other top level security management professionals?
Be sure to have a strong architecture approach to security. We’ve moved way beyond the era of “protect the end device and the perimeter.” Data theft has become a harsh reality for many, with enterprise critical data & IP, people’s identities and personal information simply being another product available for trade, sale or unauthorized secondary use.
So how can security professionals and leaders rebuild safer workplaces that enable business outcomes and not add more friction? Here at Forcepoint we suggest a switch from what is commonly called a “threat-centric” world to a behavior analytics one, focusing on a people’s interaction with data.
By taking this risk-adaptive approach, weaving in contextual intelligence on security incidents and only flagging those incidents which pose a real risk to our data, people, or business, security can become a business enabler.