As the Internet of Things (IoT) continues to gain traction, organisations will have to reassess their security practices to accommodate the increase in security alerts.
According to Patrick Rhude, head of product management in Nokia’s Security Product Unit, security organisations already find themselves overwhelmed with the volume, variety and velocity of security data alerts.
“It is not uncommon for a large organisation to receive over 10 000 security alerts a day,” he says. “Duplicate information and false alerts from faulty intelligence data, combined with the limited capacity of security analysts, means that only a small portion of alerts are investigated. It is therefore crucial that security analytics, machine learning and automation are incorporated into security management.”
Jon Tullett, research manager of IT Services Africa at International Data Corporation, says the increase in security incidents is due to several things. “There’s an increase in security incidents, but we’re also getting a lot more data from infrastructure and applications. That data may be security specific, performance or usage data that can be analysed to identify security incidents. Put all that together and you have an increase in alerts, making analysis very difficult.”
Globally there is a massive cyber security skill set shortage, rendering human-centric and manually-intensive incident response strategies insufficient.
“For organisations to adequately protect themselves in the IoT era, they will have to move from static defence to agile and adaptive responses to security threats by incorporating workflow automation and orchestration into their security operations,” says Rhude.
Automation allows for the execution of repeatable actions without human intervention and orchestration chains these automated tasks into executed playbooks to perform workflows, speeding up the investigation and mitigation of incidents. Adding machine learning to the mix enables organisations to identify potential compromises by using threat intelligence information across the network, device and cloud layers.
Tullett believes that right now it’s an analytics problem and that it’s almost a perfect example of big data. “A lot of data is moving too fast and this needs more correlation and cleaning. Like any big data situation, you can throw money at the problem to try to keep up, or you can invest in better technology and practices at the source. Most organisations do a bit of both right now.”
Experts around the globe believe more than 10 billion devices will connect to networks around the world this year. This number is expected to grow tenfold over the coming years, making it impractical to rely on human-centric practices when it comes to security management.
“In any given generation of security technology, the next generation breaks the bigger or faster cycle and focuses on different capabilities. The moves from firewalls to deep packet inspection to application firewalls is such an evolution,” says Tullett.
“Right now, there are interesting developments in behavioural analysis, machine learning, mitigation or containment controlling an attacker’s lateral movement, advanced threat detection and so on.
“If you are not evolving your security technology and adopting next generation solutions, you’re basically a sitting duck. There are parallel priorities in modern security solutions. You must protect yourself against as much of the known threats as possible and keep pace with attackers as they develop new techniques.
“Secondly, organisations must focus on detecting and mitigating new threats, reducing the vulnerable surface area, increasing transparency and improving analytics,” he says.
“We have already seen a shift towards adopting multi-dimensional security analytics,” says Rhude. “This enables security organisations to correlate data from multiple domains and helps identify suspicious, malicious or inadvertent anomalies.”
Through in-depth security analytics, organisations can extract intelligence about the nature of the threat, threat vectors used, associated business risk and recommended mitigation.
“When you combine threat intelligence data and security analytics, you can detect threats and prescribe the appropriate response more effectively, providing strategic mitigation to strategic threats.”