With few exceptions, organizational theory subscribes to the virtues of eliminating silos. That’s becoming true for security platforms, as well. According to Joanne Martin, a cybersecurity expert who spoke at the June UBTech conference, vendors are moving away from products designed to address just one piece of the IT stack in favor of integrated platforms that give staff cross-system visibility.
Accompanying those platforms are tools that leverage automation and machine learning to analyze activity and user behavior on the network.
IDC’s projections about the security market lend credence to the notion of shifting from silos to integration. It is estimated that by 2020, organizations will invest an additional $3 billion in platform-based security models and cloud-based offerings. The beauty of security solutions powered by artificial intelligence and machine learning is that they can visualize things humans can’t — no matter how much expertise we have. As CDW’s “The Cybersecurity Insight Report” points out, “The lesson organizations are quickly learning is that threats aren’t just inevitable, they’re often invisible.”
In light of that reality, together with the fact that many IT teams are overworked and understaffed, it’s worth getting familiar with the next generation of security solutions that may help solve some of these challenges.
Machine Learning and Analytics Provide Scrutiny of Network Activity
Plenty of automated security solutions detect and alert IT staff to suspicious activity on the network. That’s great — except for the fact that staff has to spend time monitoring those alerts. Plus, those alerts are only as good as the rules they’re designed to follow. An autonomous platform, on the other hand, uses machine learning to not only find those cracks, but to fix them in real time. That kind of autonomy is the direction in which cybersecurity strategies should be heading, according to one expert.
Such platforms help make silos accessible by bringing together several threat reduction functions into a single system. In higher education, alleviating some of the burden of an alert response, including false positives, would let staff focus on more strategic initiatives.
San Francisco-based software company Splunk has acquired at least two companies with expertise in these areas. In April, Splunk announced its acquisition of Phantom Cyber. Phantom’s platform, built around its security orchestration, automation and response capabilities, offers the speed, automation and integration that define the next generation of security defenses. By automatically responding to incidents based on more than 1,000 APIs and more than 200 applications, it reduces alert noise and enables systems to react more quickly than they could by relying on manual processes alone.
Phantom complements Splunk’s 2015 acquisition of Caspida, which developed a way to use machine learning to identify security threats. Inherent to these advances is a more sophisticated ability to not only identify threats, but to continually refine threat remediation as the system learns.
Instead of simply screening for suspicious activity based on whether or not a user has valid credentials, Splunk’s strategy (with help from partners like Caspida) is to leverage data science to closely analyze credentials and how a user is behaving on the network. That level of analysis would be prohibitive for IT staff, but it’s one that smart systems can carry out quite nimbly.
The fact is that hackers have become incredibly sophisticated. They, too, are deploying artificial intelligence and machine learning, and institutions absolutely must do the same to keep up. With next-generation security platforms on their side, IT pros will have a better chance of keeping the bad actors out. When these advanced solutions have the added benefit of reducing the workload on staff, that’s icing on the cake.
This article is part of EdTech: Focus on Higher Education’s UniversITy blog series.