Cloud security management
Indeed this is already the case with the cloud, where any leak or exposure of sensitive information – such as usernames, passwords, credit card numbers, social security and health records – constitutes a data breach. Mid-way through 2017, there had been 456 data breaches worldwide according to the Identity Theft Resource Center (ITRC).
Wool added: “Since technologies are being developed rapidly, and there are financial and other incentives on the side of the bad guys, we can see that we will be challenged for some time to come.”
On the bright side Wool believes that cloud technologies themselves will also be able to counteract cyber threats.
He explained: “Cloud is going to be huge. It’s already huge, but it’s going to get more important. It’s going to change the threat landscape along with the security industry’s answer to the challenges it poses.”
According to Algosec, because the cloud can be based on a software-defined security architecture it’s fundamentally different from that of physical networks. Network operators struggle to then manage network security policies cohesively across their entire hybrid enterprise environment. However, cloud technology can counteract cyber threats, be it by, unifying security policy management across the hybrid enterprise cloud environment or automate security policies.
Wool added: “To some extent, I also think that IoT is significant but possibly less than the hype of the last few years. I don’t think that IoT is going to radically change our world in terms of security, but the rush to produce IoT things has resulted in these things being unsecured and the source of lots of headaches.”
AI and machine learning
Michael Wignall, CTO, Microsoft UK, believes AI and machine learning will be central to tackling cyber treats in the future.
He said: “At the moment we get telemetry, we get signals from billions of endpoints around the world, anti-virus logs when Windows fender goes off or people trying to do password authentication or brute force attacks on log-insurance, office 365 or even in the consumer world, people using Xbox and Hotmail and those types of things. People attack that stuff all the time and try to use it to do bad things.”
“So we collect a lot of those signals and telemetry but our personal people can’t interpret those billions of data points. So you have to use technology like machine learning to reason over that data and then to flag, automatically do things to prevent stuff, to stop a loss again and prompt someone to be multi-factor, or block an account for a period of time. Or then flag serious incidents or patterns or trends back up to analysts or people who might do something programmatically off the back of it.”
“I think a combination of signals coming from IoT with more and more devices around this space with signals across the IT infrastructure, and then using AI and machine learning on those signals will be some of the biggest tech innovations in the future of this space.”
Sridhar Muppidi, CTO of IBM Security, also believes AI will have a key role in the future of cyber security. He also thinks predictive analytics will be central.
He said: “They help to find things and evaluate risk faster. It’s also not just about being able to find out about an attack before it happens, it’s also about being able to reduce the risk of a transaction.”
“AI will also be used for intelligence consolidation; how do you use things like natural language processing? How are you able to consolidate all the things that are going on in the world from Twitter and LinkedIn to published documents and create a knowledge graph?”
“However, It’s not enough to say ‘here are the four things wrong with my company and here’s what I should worry about.’ It’s about how you take action, how do you instrument your automation around your administration and AI.”
“AI is fairly broad, it’s not about just being a defender. Attackers are using it too, they are trying to figure out how to launch an attack.”
Muppidi thinks there a number of steps which can be taken to improve the security of AI. He thinks it is essential to have trusted data sources as a core foundation. He also believes that having a design that is constantly adapting is another essential for success with AI.
Uri Sarid, CTO, Mulesoft, argued: “It’s interesting to talk about disruption in this industry because I think in some sense, the industry is constantly being disrupted; it’s almost anticipating being disrupted. One of the more obvious ones I think that is nonetheless disruptive is the way in which automation and machine learning will be applied to this field.”
“As we build out application networks that have very well declared intent, it will become more and more mandatory to leverage machine learning and then automation to secure these landscapes. These landscapes are just far too complex, far too diverse, for people to do anything manually and so what you’ll start to see is with all this declared intent, there will be machine learning that looks at this and understands, okay, here is what’s normal and here is what’s not. Nobody needs to tell it what’s normal, it will observe, and it will ask humans when necessary, and it will define the normal in a dynamic way. The normal will evolve over time.”
“Then you will take the output of those anomalies and initially through humans and eventually automatically you will go and rewire the application network to automatically shut down security issues. So when you see that 100 devices are reacting all together, you will be able to trigger a backup system that says wait automatically. I’m not going to allow more devices to act this way; I’m going to, for example, do a few at a time, to make sure that there isn’t damage on the grid. That kind of automation requires both the machine learning and the ability to reprogram the way that your applications are wired together, to reprogram the application network.”
“So I think that’s going to be a long-term disruptive trend, as people move from the call infosec when a problem happens to automate the response as much as possible.”