The Evolving Ecosystem of Security Technologies
The unexpected and the unknown are a hacker’s best tools, so they should be given their due priority in your team’s cybersecurity efforts.
Using risk identification and incident response to frame their roundtable presentations, industry experts predicted how security technologies will adapt to become more effective against these unexpected and unknown threats.
In his discussion of current and emerging security risks, Ladi Adefala opened by calling risk identification “Mission: Impossible.”
The threats we never thought could happen are exactly the ones we need to guard against, he said.
Adefala is a security strategist for FortiGuard Labs.
He went on to point out that the newer the technology, the more unexpected and unknown it is. A great example is 5G technology.
5G, the fifth-generation mobile network, will handle 1 million devices in 1 square mile. With all that traffic in such a small space, the attack surface for cybercriminals has widened significantly.
In that space, Adefala predicted the biggest risks for attacks will be found in technology designed to do good – for example, augmented reality, connected cars, smart speakers and drones.
It would be unexpected for a car’s dashboard computer system to infect an organization’s network from a nearby parking lot, but it’s possible.
Adefala offered strategies to handle these seemingly impossible outcomes. Most importantly, he said, practice what he called 20% cyber time.
That is, grant your team members 20% of their time to focus on emerging risks, the things you never thought could happen. Giving credit to Google’s 20%-time policy, Adefala adapted the exercise to better prepare cybersecurity professionals for cyber threats.
Dave Hull conveyed a similar message when he took the floor to discuss the future of endpoint detection and response. Hull is senior director of EDR at Tanium.
In the case of EDR, time needs to be spent finding ways to add context to data so investigators can respond quicker to breaches.
Right now, alerts are often reviewed in isolation, but incident response teams need context to respond to breaches.
Hull acknowledged the roles that machine learning and artificial intelligence play in adding context, and he pointed to security orchestration automation and response (SOAR) to better integrate with different systems and tie them together.
“One who can automate oneself out of a job will always be employed,” he said.
He went on to explore the idea of “system one” as the direction he believes EDR is going.
System one is based on the book “Thinking, Fast and Slow” by Daniel Kahneman. Kahneman’s research led him to define two thought processes – fast thinking, or system one, that allows us to respond quickly and confidently, and system two, in which we must devote more focus to solving a problem.
Hull believes we need to make our EDR tools work more like system one to reduce alert fatigue among incident response teams.