{"id":456,"date":"2020-10-05T15:30:54","date_gmt":"2020-10-05T10:00:54","guid":{"rendered":"https:\/\/tech9labs.com\/blog\/?p=456"},"modified":"2020-12-11T15:48:19","modified_gmt":"2020-12-11T10:18:19","slug":"how-to-solve-cybersecurity-challenges-with-ai-and-ml-part-2","status":"publish","type":"post","link":"https:\/\/tech9labs.com\/blog\/2020\/10\/05\/how-to-solve-cybersecurity-challenges-with-ai-and-ml-part-2\/","title":{"rendered":"How to solve cybersecurity challenges with AI and ML (Part-2)"},"content":{"rendered":"

Five foundations for tackling cybersecurity challenges<\/strong><\/p>

  1. Scale up data integration\nand management<\/strong><\/li>
  2. Automate collection and\ningestion of data at data Lake<\/li>
  3. Capability of fast data\nretrieval and search.<\/li><\/ol>

    Cyber\nanalytics platforms must be able to spot threats across a wide variety of data\nsources \u2013 both internal and external to the enterprise \u2013 be it real-time\nstreaming data or batch data (i.e., structured, semi-structured and\nunstructured data formats). Most important, these platforms must work with data\nthat is beyond the traditional purview of security operations teams, such as\nemail content, social media feeds, user metadata from a human resources\ndatabase, web server and system logs of user activity, as well as critical\nauditing databases managed by IT teams. <\/p>

    Furthermore,\nmany systems are inherently limited in terms of the amount of data they can\nstore, ranging from a week to a month in some cases. Imagine the scenarios when\na vulnerability is discovered 100 days after the fact, and the source data is\npurged every 90 days. Adding to this is the data associated with mobile\ndevices, IoT devices and cloud-based services, totalling thousands of gigabytes\nevery second. Therefore, it is critical to anticipate potential future use\ncases and source the data in real-time and scale and store it in a manageable\nway. This will enable security teams to establish historical baselines to\nperform investigative experiments and historical analysis.<\/p>

    • Utilize an integrated\nadvanced analytics-driven platform.<\/strong><\/li>
    • De-fragment and reconcile\nsiloed data for rapid insight generation.<\/li>
    • Power analysis with ML and\nother advanced forms of AI.<\/li>
    • Use AI and automation to\nclose skills gaps.<\/li><\/ul>

      Fragmented\ndata results in fragmented investigation and forensic analysis. Cybersecurity\nrequires an integrated and intelligent analytics-based platform that can\nautomate scanning at the scale and speed required to process increasingly data patterns.\n<\/p>

      The\ncyber analytics platform must be able to crunch massive volumes of disparate\ndata and derive meaningful insights, convert data into intelligent information\nand detect advanced threats using data science, deep learning, edge analytics\nand AI. By applying advanced analytics technologies user behaviour and risk\nquotients; proactive identification of vulnerability gaps; and use of social\nmedia data to track potential local security incidents. <\/p>

      Automated\norchestration is critically needed in the case of zero-day exploits. <\/p>

      • Seek real-time data\nenrichment. <\/strong><\/li>
      • Add structure and context\nwith metadata such as geo-IP lookups.<\/li>
      • Add streaming analytics for\nreal-time alerts.<\/li><\/ul>

        Simply\ncollecting large volumes of data without preparing it for analysis can result\nin a data burst and huge issues of storage. The cyber analytics platform must\nbe able to correlate patterns among disparate sources of data. For example,\nlegacy systems often send data with timestamps but no indication of time zone.\nWithout that information, SOC analysts cannot be certain of where and when an\nevent was triggered to correlate it with events from other sources with\ndifferent time zones.<\/p>

        The\ncyber analytics platform must enrich enterprise event data by tagging critical\nmetadata such as unique host names, geolocation, time zone, etc. as soon as it\nis ingested. <\/p>

        • Apply intelligent\nvisualization.<\/strong><\/li>
        • Create a customizable\ncommand centre view for comprehensive security dashboard.<\/li>
        • Facilitate integrations for\nbusiness intelligence tools.<\/li><\/ul>

          With\ntraditional SOC dashboards and vendor-specific information security tools,\nincident analysis involves switching between several consoles and user\ninterfaces and performing manual checks and static analysis on data to\ndetermine root cause while maintaining sequence of investigations. Each step\nneeds to be repeated for each triggered alert. This manual method of analysis\nand reporting is highly time-consuming, prone to human error.<\/p>

          It takes\ndedicated personnel to maintain and monitor such siloed dashboards and perform\nanalysis. An SOC analyst specializing in an individual vendor-based information\nsecurity tool may not be able to correlate the events from a parallel source of\ninformation from a different tool.<\/p>

          The\ncyber analytics platform must provide SOC analysts with a single view of\ncurrent IT risk and health scores, as well as a digital map connecting the dots\nbetween thousands of people, machines and devices and their interactions. It\nmust also provide the flexibility to create purpose-built dashboards that\npresent intelligent information from correlated data and insights derived from\nadvanced analytics such as real-time behaviour profiling. <\/p>

          • Expand the security analysis\nsurface via the cloud. <\/strong><\/li>
          • Extend the boundaries of\ndata gathering never exclude or ignore cloud. <\/li>
          • Deploy cloud-native security\ntools. <\/li><\/ul>

            As\nenterprise perimeters expand to the cloud via IoT, IT organizations need solid\ncloud security protocols and a holistic view of the user and system activity\npatterns across on-premises and cloud environments. With immature security\nauditing and governance capabilities in the cloud, threat vectors for data\nleakage and exfiltration can increase substantially. <\/p>

            Consider\na scenario in which an employee uploads data and files from the office laptop\nto cloud storage that is open to public access.<\/p>

            With\ncloud-native security products, organizations can better identify cloud assets,\nwhich is critical when dealing with vague cloud-generated private IPs across\nmultiple cloud accounts.<\/p>

            Bringing it all together<\/strong><\/p>

            Below\nfigure depicts an end-state high-level reference architecture of a conceptual\nnext-gen cyber analytics platform.<\/strong><\/p>

            Such\na platform can now be conceived and built easily by integrating\nindustry-standard advanced analytics tools and big data technology. <\/p>

            Organisations\nshould deliver the capability and try to avoid the intervention of dedicated\npersonnel\u2019s for preparing the customised dashboards for the enterprises need.\nThey should try and deliver the KPI\/Matrices in the dashboard which should\nupdate automatically and should be pivoted to the last level of reporting. This\nway, Organisation can resolve the talent issues in the cyber security space\ndedicate resource in the required field which is protection mitigation and if\nneed in the investigation area.<\/p>

            A next-gen cyber analytics platform- Enterprise Wide<\/strong><\/p>

            \"\"<\/figure>

            Organisation\ncan either built SOC\/SIEM combination by creating the bespoke data-lake, Analytics\ntool, log servers, SOAR, UEBA, threat feeds and intelligence and best of breed\nselection of SIEM tools like Qradar, Splunk, Fireeye- Helix, LogRhythm, Gurukul\netc. other option is to evaluate the capability of the above mentioned features\nin the proposed SIEM\/SOC products mentioned earlier. Organisation need to\nintegrate multiple technologies, special attention to the dashboard requirement\nof a top management e.g. CXO\u2019s and Board and continuously find out the\neffectiveness of the SIEM and SOC of the organisation in view of the latest\nattacks.<\/p>

            Organizations\ncan leverage available tools and validate best-of-breed technologies to quickly\ndeliver on the cyber analytics platform vision while also addressing business\npriorities. Competitive options are also available from popular public cloud\nvendors such as IBM QRadar on cloud and use capability of AI\/ML and data\nanalytics of multiple public cloud offering of AWS SageMaker, Azure Analysis\nServices and Google Cloud ML.<\/p>

            *NIST\ncybersecurity framework: https:\/\/www.nist.gov\/cyberframework. <\/p>","protected":false},"excerpt":{"rendered":"

            Five foundations for tackling cybersecurity challenges Scale up data integration and management Automate collection and ingestion of data at data Lake Capability of fast data retrieval and search. Cyber analytics…<\/p>\n","protected":false},"author":2,"featured_media":459,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[67],"tags":[],"class_list":["post-456","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security"],"_links":{"self":[{"href":"https:\/\/tech9labs.com\/blog\/wp-json\/wp\/v2\/posts\/456","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/tech9labs.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/tech9labs.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/tech9labs.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/tech9labs.com\/blog\/wp-json\/wp\/v2\/comments?post=456"}],"version-history":[{"count":2,"href":"https:\/\/tech9labs.com\/blog\/wp-json\/wp\/v2\/posts\/456\/revisions"}],"predecessor-version":[{"id":485,"href":"https:\/\/tech9labs.com\/blog\/wp-json\/wp\/v2\/posts\/456\/revisions\/485"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/tech9labs.com\/blog\/wp-json\/wp\/v2\/media\/459"}],"wp:attachment":[{"href":"https:\/\/tech9labs.com\/blog\/wp-json\/wp\/v2\/media?parent=456"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/tech9labs.com\/blog\/wp-json\/wp\/v2\/categories?post=456"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/tech9labs.com\/blog\/wp-json\/wp\/v2\/tags?post=456"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}