As a Platinum sponsor for SecureWorld 2015 events, we have discussed the need to quickly detect and mitigate security threats that are both automated and intelligent. Our message? That essentially no company will be able to survive going forward with manual event correlation and incident response, much less blind spots in data collection and detection analytics.
Here’s more about the session we shared.
The world changes very fast and so should your security construct to keep up, but how and why? There are 3 macro level disruptive business trends that factor into the biggest nemesis of information security officers globally.
- Artificial Intelligence (AI): Automation overall is giving rise to AI in everything we do.
- Humans are the Best Attack Vector: Automation is driving de-humanization and accelerating non-technical vulnerabilities. These non-technical vulnerabilities are, ironically, accelerating the idea that data privacy and confidentiality are not the sole responsibility of infosec pros.
- Lights-Out Security: Ironically, our future threat is also our answer. Haste, waste or delay in automation defines future failure.
Artificial Intelligence (AI): Threats are automated, defenses are manual.
Everywhere we look automation is upon us. Once automated, the environment is rife for a ‘thinking’ fabric over which it will drive its efficient operation. Humans have been automating work for a long time, but we’ve never had the capability to really automate *thinking*. From this perspective, the natural inclination is to believe that “we’ve been here before,” however, this concept is both new, a serious threat and, ironically, our biggest breakthrough technical opportunity.
Most of us have become so numb to the omnipresence of bots in nearly all security attacks that we haven’t bothered to look deep at how bots themselves have evolved. They’ve evolved into highly efficient tools which automate nearly everything an attacker might want to accomplish, from escalating privileged access, to decrypting traffic, to driving volume in DDoS attacks.
Most of the major security threats such as application DDoS, brute force, and SQL injection are executed at least in part through botnets. These tools are designed to select actions based upon the anticipated responses from you— the defender. As people have become more and more predictable in detection and mitigation, the bad guys are designing tools to adjust to our defenses faster than we can detect their changes.
Humans are the Best Attack Vector – And in Ways you Haven’t Thought About!
From socially-engineered attacks like Phishing to USB drive attacks, humans have distinguished themselves as being highly vulnerable creatures and not easily secured.
Automation addresses two human behavior security issues.
Security Bots would dramatically improve Identity and Access Management (IAM): Let’s face it – no humans, no need for human-esque passwords. In addition, scores of security technologies (and security teams by extension) continue to rely on the IP address, as a primary means of identifying legitimate users and blocking malicious traffic sources. Security professionals need new, more accurate technologies that are not prone to error caused by the myriad of ways an IP address can be spoofed or obfuscated.
Security bots can deprecate or remove much of the human’s training, performance unpredictability and reliability: The sobering truth is that to err is human and there is no patch or process which will solve this problem no matter how much training or effort. Intelligent and predictable ‘bots’ or AI are solutions are being deployed in highly successful environments which both give us hope and have dramatic implications for the future of information security. Replacing humans is already occurring in high risk “human” industries such as trading exchanges and transportation.
Lights-Out Security: Help me Security bots! You are our only hope!
The truth is that the future of information security will look dramatically different. We make a case here that nearly every facet of security will eventually remove humans, from penetration testing and vulnerability testing to Security Operations Center (SOC) operations to incident response. The role of humans will focus on the architecture, design, and automation of security, not in the actual testing or operational management of security.
New automated paradigms are being spawned and aided by newer technologies which enable automation and orchestration such as Software Defined Networking (SDN), Network Feature Virtualization (NFV), Cloud Services, Application Program Interface (APIs), and of course, algorithms with intelligence.
In addition to process changes, there will also need to be huge overhauls in technology and attention to four major areas of security changing the paradigm from “defense in-depth” to defense in what we call Attack Mitigation Pillars: Collection, Detection, Command and Control and Mitigation.
In the end, there is a lot of good news for security, including the variety of new tools like device fingerprinting that employs methodologies to gather IP-agnostic information about a source. The device fingerprint uniquely identifies a web tool entity by combining dozens of attributes of a user’s device to identify and then track their activities, generating a behavioral and reputational profile of the user. In addition, there are powerful cross-vendor automation and orchestration tools which are dramatically assisting the security professional in automating their collection and mitigation.
The growth in algorithms and the adoption of these new powerful toolsets will be the difference between the future successful and secure company, as opposed to companies like Ashley Madison that clearly define the way of the past. However, if we don’t see the need to remove people from security operations, testing and auditing and install instead lights-out security centers we will not be able to handle the future AI-driven attack landscape.