[BreachExchange] Why creativity is key to security

[Inga Goddijn]

https://www.helpnetsecurity.com/2018/06/07/creativity-security/

Similar to corporate auditors and risk and compliance managers, security
teams are often viewed as a hindrance to business growth. They are deemed
the killjoys of business innovation by imposing restrictions on access,
rules and controls, and responding with “no.” Given this perception,
security teams are often times not thought of as innovative or creative.
Yet that’s precisely what needs to happen.
Mounting pressures forcing change

Security teams are under tremendous pressure today. According to an Imperva
study released at RSA Conference 2018
<https://www.helpnetsecurity.com/special/rsaconference2018/>, 27 percent of
enterprise security teams are hit with more than one million alerts per
day. Additionally, more than half of IT professionals admit they have
difficulty differentiating between critical incidents and false positives,
sending these workers in a furious tailspin that leads to alert fatigue
<https://www.helpnetsecurity.com/2018/04/25/avoid-analyst-fatigue/>.

How quickly security professionals can detect and mitigate threats is
essential to preventing significant damage to the organization, with
consequences impacting customers, reputation and product development.

In this stressful
<https://www.helpnetsecurity.com/2018/04/23/it-workforce-stress/> and
highly vulnerable environment, security teams are forced to follow standard
frameworks and processes to protect their organizations. It’s a rigid
mindset that’s been around for years, so there is comfort in adhering to
industry standards and implementing traditional cyber security control
frameworks. The problem is this necessary process of monitoring the data
and reacting to alerts is no longer good enough. We are in an age where
it’s cheap to be a “bad guy” and it’s easy for them to evolve quickly. This
leaves the organization steps behind and even more vulnerable to
experienced hackers who know how to game the standard frameworks.
Setting intelligence free

It’s time for the security world to shift its approach from just standard,
static dashboards and monotonous procedures to more creative and strategic
methods. Forward-thinking companies are starting to augment human intuition
with machine learning to create a more proactive organization that’s ready
for the ever-shifting threats of today. Thus, strengthening their security
posture, better supporting business innovation, up-leveling talent and
increasing job satisfaction. Security teams need to be able to color
outside of the lines by infusing new and independent thinking, essentially
setting data and intelligence gathering free.

Here are three building blocks to help you get started down the path of
being more creative, proactive and comprehensive in threat detection
<https://www.helpnetsecurity.com/2017/08/14/ai-threat-detection-response/>.
By implementing these strategies, security teams can transform into the
curious problem solvers they are meant to be.
1. Embrace a culture of data curiosity and continuous learning

Analysts of all levels have hidden capabilities. They aspire to be heroes
by protecting the security of their organization. However, they struggle to
unleash their inquisitive minds often due to the difficulty of mastering
complex search query languages. Technologies such as natural language
processing (NLP) have made it easy for analysts of all levels to ask
questions of their machine data. Imagine the creativity that your analysts
could demonstrate by communicating with their data as naturally as they
communicate with each other. This approach is a game-changer — by embracing
a culture of data curiosity and continuous learning, your security team can
be inspired to investigate deeper and faster. One question of your data
sparks the next for intelligent insights, impossible in a strict automated
environment. Analysts can explore the data, map findings into context, ask
new questions, and save the alerts they surface. New insights lead to
valuable outcomes.

Now you can work with your team to up-level your analysts, helping them to
ask the right questions and reviewing standard playbooks to uncover gaps.
2. Adopt a Dynamic Security Stance

Security teams should adopt technologies that will augment human
intelligence and create a dynamic environment. Imagine setting up automated
queries to run at intervals, asking probing questions of your data. This
automated capability can replace static dashboards and quickly surface
anomalies. Security teams should also experiment with new detection
approaches, using data-driven metrics that are based on past threat
activity. Another creative approach is to explore the dark corners of your
data for “cold cases,” investigating past threats that have not been
discovered yet.

I have witnessed the best organizations who enable people outside of the
securities operations center (SOC) to help investigate their data with
tremendous success. Physical security teams and their inquisitive mindset
for example can immediately contribute in an environment where they can
easily ask questions of the data and bring different perspectives to
identify and prevent threats.
3. Make sure your data is in good shape

For security teams to better support the business, they need to get their
data in good shape. Having the forethought to dig into your data store to
figure out what is there is essential. Think of it as a data classification
exercise, enabling security teams to better balance security measures and
protect the company’s most critical information assets while enabling
business innovation.

At the same time, security teams need to challenge data source assumptions.
Unleashing data curiosity always uncovers data quality or data visibility
problems in every organization. It’s critical for security teams to
collaborate with data source owners to dive deep and get all their data to
peak performance.

No doubt, there are many advantages to applying AI to cyber security. By
adopting this technology and following the suggestions outlined above,
security teams can augment human intelligence with machines to inspire more
creative thinking in threat detection. What’s important to understand is
that these machine learning systems won’t work right out of the box. AI
models require oversight and collaboration with data analysts to produce
meaningful results. Only when humans work alongside machines will we
achieve the desired results.

Security teams want to enhance security efficacy, improve operational
efficiency and deliver IT business initiatives, but the majority are stuck
in old processes using static systems. Advanced technologies like NLP
search eliminate the need for complicated and stodgy queries and instead
results in data investigation that’s as natural, flexible and responsive as
dynamic human conversations.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20180610/80fe30c2/attachment.html>