HomeFeaturesExecutive Viewpoint 2018 Prediction: Demisto – The Evolution of Incident Response in 2018

Executive Viewpoint 2018 Prediction: Demisto – The Evolution of Incident Response in 2018

As the most devastating year so far in terms of cyberattacks, 2017 was punctuated by the WannaCry ransomware, the CIA Vault 7 hack, and the Equifax data breach among others.

Consequently, enterprise incident response in 2018 must have the necessary tools and approaches that can assist security teams to effectively and quickly respond to the perpetually evolving threat landscape.

IoT connectivity and the cloud mean better data and analytics, but they also open the door for data breaches. The highly publicized breaches in the recent past have made it clear that despite the critical nature of encryption in securing these devices, it will never be enough.

Perimeter security is supposed to block access attempts and other risky activity at the enterprise network perimeter. Unfortunately, traditional approaches have become woefully inadequate since IoT, the Cloud and BYOD/mobility have effectively dissolved that known security perimeter. The increasing numbers of attack vectors combined with increased incidence of attacks via each vector requires advanced technologies that can provide intelligent detection and countermeasures in the age of Cloud, IoT and Big Data.

Though the adoption of cloud computing has increased in recent years, the “shared responsibility” model of the public cloud is still a challenge for enterprises, and as a consequence, they have yet to add necessary additional security layers to their public cloud deployments. As the perimeter is overcome in a sea of expanding endpoints, the challenges are making it hard for security experts to catch their breath.

Enterprise cybersecurity teams must have access to threat intelligence about the latest types of attacks and tactics. However, intelligence alone isn’t enough. Beyond simply controlling access, security tools must also provide highly granular continuous monitoring & blocking capabilities for risky and malicious activities.

TheCisco 2017 Midyear Cybersecurity Reportlays out why and how security is IoT’s Achilles heel due to lack of built-in IoT System security features as well as patch and access challenges. To avoid breaches caused by IoT security exploits, Cisco recommends organizations adopt a “proactive and dynamic approach” of tracking IoT device behavior to flag suspicious activity among others.

Threat-hunting automation that can augment expert decisions in support of human expertise will become more prevalent and accurate in 2018. The most effective of these automation tools will utilize machine learning algorithms to learn security team patterns as well as patterns within the enterprise ecosystem. This will enable them to continuously improve and become more accurate as they can automatically scan an organization’s environment and report on any changes that might indicate a potential threat. It’s clear that the shift from a proactive to a predictive/reactive security approach will increase in the coming year and beyond.

While SIEM and other security management platforms have been critical tools for the SOC, they are no longer sufficient for managing incident response. The age of IoT and the maturation of the cloud requires a constantly evolving and comprehensive picture of the entire threat landscape to detect threats proactively. That means adding an investigation layer to SOCs through automation, orchestration, andcollaborative investigation tools.

Machine learning, AI and automation are perfectly positioned to provide the support needed to existing security analyst teams, where chronic security skills shortages exist, through proactive threat intelligence that becomes better over time. Of course, while machine learning should be used as part of a layered approach to threat prevention in spotting things humans might miss, it must be designed to augment rather than replace human expertise.

Per their previousforecastsand in their latest updates, IDC predicts that 70% of enterprise cybersecurity environments will use cognitive/AI technologies to assist humans in dealing with the vastly increasing scale and complexity of cyber threats in 2018. This machine learning approach to InfoSec will increasingly become part of a holistic and integrated automatedsecurity orchestrationapproach in 2018 and beyond.

The benefits are enormous in a landscape where cybersecurity analysts and other experts are in short supply. In fact, the non-profit information security advocacy group ISACA predicts there will be a global shortage oftwo millioncyber security professionals by 2019. It’s clear that need to provide real-time, proactive insights and the ability to support and streamline security team communications will only grow in 2018 and beyond. These types of machine learning approaches will only grow as small security teams look for more effective ways to thwart the growing incident response needs.

The need for incident response platforms based onmachine learningwill become imperative for security teams because of the rate and growth of attack vectors in the age of IoT, Cloud, Mobility and BYOD, not to mention the growing proliferation of applications. Coupled with the escalating rate and scale of cyberattacks, threat detection and communication support automation built on machine learning algorithms will be crucial for effective incident response.