In a world with driverless cars and package-delivering drones, cybersecurity could be the next industry in which certain tasks are taken over by computers.
Automation and machine learning are certainly not new concepts, but they are relatively recent in the realm of cybersecurity. It is important that organizations understand how these technologies work, to what degree they can be used in security operations, and what some of the potential considerations may be when using them.
First, let’s discuss what automation and machine learning technologies are and their role in cybersecurity. Automation involves taking a manual, potentially time-intensive process and letting a computer handle it. A well-implemented automated solution will increase the speed and consistency of a process. Most cyberattacks today involve some level of automation to attack more quickly and with more persistence. But, automation can also be used in cybersecurity to gather information about an attack or to take preventive action to block an attack.
Machine learning incorporates automation but also has an added level of “intelligence.” Often associated with big data and analytics, a machine learning system takes in large amounts of data – both structured and unstructured – from a variety of sources and develops a model that will aid in decision-making. This model is “trained” over time. As new data is fed into the system, the model will adjust accordingly and become more accurate.
One big reason that these technologies are now being used in cybersecurity is that attackers greatly outnumber defenders. Information security personnel cannot keep up with the volume, complexity, and persistence of cyberattacks that are occurring on a daily basis. Automation and machine learning can augment cybersecurity to provide faster and more accurate detection, analysis, and response capabilities. By aggregating and analyzing the vast quantities of data available, the machine learning systems can improve the model they develop to draw connections and recognize patterns that humans and even security information and event management systems may not be able to recognize. Once an attack has been detected, the system can automatically take action to block or prevent the spread of the attack.
A recent research report by the Internal Audit Foundation and Crowe Horwath focused on the need for a change in the approach to cybersecurity – asserting that it is not possible to achieve 100 percent protection 100 percent of the time. Traditionally, organizations have focused on taking a defensive and reactive approach, but the report advocates for a more proactive approach that includes using automation and machine learning technologies to increase the maturity of an organization’s cybersecurity program.
This kind of proactive approach is reflected in the addition of automation and machine learning systems to the product offerings of several security companies. These companies often deploy automation and machine learning technologies through the cloud, which can give the systems access to data warehouses that have years of threat information from internal sources, customer submissions, third-party intelligence feeds, as well as unstructured sources like blog posts and research papers. All of these sources aid in the ability to recognize and evaluate potential threats. In addition to scans against static features of a file, the systems will also look at file behavior and patterns to assess a potential threat or block an attack as quickly as possible.
In their current state, these technologies do not represent a cure-all for cybersecurity. Several factors are worth considering when it comes to an implementation that uses automation or machine learning.
Organizations should consider automation and machine learning as one part of a layered approach to security. Handing over some of the work to computers can add a level of efficiency to security operations but, as always, it only takes one error to give an attacker access to an organization’s network. However, given the growing amount of data available for analysis and the increasing number of cyberattacks, the future of cybersecurity may lie in systems that can perform analyses quickly and take action on their own.
In accordance with applicable professional standards, some firm services may not be available to attest clients.
© 2017 Crowe Horwath LLP, an independent member of Crowe Horwath International.
As of June 1, 2016, the professionals of AbleBridge have joined Crowe Horwath LLP, a public accounting, consulting, and technology firm. We continue our focus on Microsoft Dynamics® CRM (now Dynamics 365) sales and implementation as well as innovative add-on products.
The personnel of SDGblue have joined Crowe Horwath LLP, a public accounting, consulting, and technology firm with a global risk consulting practice and offices around the world. This move provides SDGblue clients access to a broader range of products, services, and solutions, while expanding the Crowe cybersecurity risk management capabilities with a deeply specialized team.
Looking for the Client Login?
Access the SDGblue Client Portal
As of Oct. 30, 2017, the professionals of Rowbotham International have joined Crowe Horwath LLP, a public accounting, consulting, and technology firm. We continue our focus on domestic and international tax and audit compliance services, as well as advisory services.