The security industry has historically worked under the assumption that it was possible to prevent breaches. And we’ve been largely successful stopping bad things from happening by designing products to keep our customers safe from cyber attacks.

However, with the unprecedented rise in data breaches, the old mantra of detect and respond is overdue for a rethink.

Cyber criminals have revealed new levels of ambition, marked by extraordinary attacks like the weaponization of IoT devices (Mirai botnet), those targeting Yahoo, Equifax, and the attempts to disrupt the U.S. electoral process. Ferocious attacks have become the new norm and such a common staple of the nightly news that even my grandmother is aware that we live in a dangerous era of global cyber threats.

As a result, many organizations around the world are revisiting their traditional security posture - and for good reason. In today’s world where it takes, on average, 256 days to detect an attack and 96% of alerts are not even investigated, boards are questioning their companies’ security effectiveness and demanding answers from IT to figure out how to extract better value from their current investments.

Increasingly, we are seeing the industry move toward the notion that if bad things are inevitably going to happen, then what is the right way to think about security?

This marks a shift in how security practitioners approach the question of cyber security. While they still need to adopt steps to detect and respond to potential threats, they also need to stay informed about looming threats to better predict and ultimately prevent the attack from happening with an effective cyber defense system.

This approach borrows a page from the art of war, where understanding your enemy is key to defense. In today’s world, we need to move from our reliance on technology alone and start to cultivate our security IQ, taking a different approach to emerging threats and cyber criminal tactics to ultimately predict and prevent a compromise from happening.

Analytics, Machine Learning & Orchestration Key Cyber Defense Enablers

Some ideas about where all this is heading:

The future of cyber security will be less around manual process and the different capabilities offered by different solutions. Today where most security is forensic, and a look to the past, moving forward IT will automate where it can with the help of orchestration and data analytics will become the new arsenal. The new approach will have the goal of freeing up the organization’s human resources to focus on key areas of security to learn if something is going to happen.

Organizations will seek to stitch together platforms where machine learning is a real enabler of AI and analytics systems. The goal will be to continually understand what is going on in the threat landscape and then take appropriate action across the entire supply chain to make security more predictive.

• Detection and response will continue to converge - Gartner refers to this new space as MDR or managed detection and response. The idea is to better tie technology and humans together from detection all the way to incident response and remediation. MDR has the potential to be an imminent disruptor, delivering capabilities like advanced threat hunting, which continuously assesses the environment to extend what the SOC does today beyond alerts and recommendations to better prevent security breaches.

As enterprises turn increasingly to Analytics, ML and orchestration, the people who staff SOC operations will shift from being the primary points of analysis to the primary points of interpretation. Today we view people as a key indicator of risk, but analytics can change this as people are less overwhelmed, false positives are largely removed and those people can focus on looking for potential problems.

• Customers will further benefit from machine automation. The promise of orchestration is that you won’t need people for many aspects of security. Rather, enterprises will be able to connect their platforms so that when something bad happens, systems will automatically detect the breach and automatically act to quarantine infected computers and remediate viruses.

• Traditionally, security operations have been about detecting intruders trying to break into a network. But with the emergence of the public cloud, mobile devices and IoT, the notion of inside and outside makes increasingly less sense as all of these markets are essentially converging. Therefore, security will continuously adapt and be risk based across internal and external installations ranging from on-premises to their cloud infrastructure. Analytics and automation will be key enablers of this capability. Applying advanced analytics across both on-prem and cloud environments will improve security operations by enabling effective and higher fidelity anomaly detection, will help to identify complex, low and slow dispersed attacks previously unknown, and highlight user behavior anomalies indicating insider threats.

Given the pace of threats and how much attacks are growing, the truth is that it is Impossible for today’s organizations to effectively detect and respond to attacks.

Adopting a cyber defense strategy that is risk-based, continuously adapts and leverages machine learning, analytics and automation as key enablers is a step toward a required new understanding of cyber security and an effective cyber defense strategy.