No More Paralysis by Analysis: How Security is Evolving to Real-Time Outcomes

A well-known CISO customer was recently telling me about his experience with implementing new security solutions. His consistent feeling? Dread – the security alerts and things that can suddenly break in the beginning can be overwhelming. “Everything goes red,” he said, referring to the immediate influx of red alerts and false positives that seem to accompany each new security deployment.

Imagine installing a new app on your phone that sends push notifications every two minutes. Most are irrelevant, but every now and then one usefully warns that your phone might burst into flames. Such is the experience of many cybersecurity professionals: the flashy new software product may protect you from business-critical threats, but for every alert around a potentially fatal intrusion, expect 10 or 10,000 false alarms – many of them late.

From artificial intelligence to enterprise analytics to cybersecurity, it seems we’re reaching a crossroads: are companies racing to analyze more data for the sake of more data? Or are we focused on outcomes rather than bragging rights?

AI, machine learning and other evolving technologies offer promising new applications. But today, many AI-driven security infrastructures have fatal blind spots: algorithm outputs are often inconclusive and reactive rather than proactive, deepening existing cyber security weaknesses rather than solving them. In many cases, they simply support an already overwhelmed incident response process that is consistently behind the attacker.

In the early 2010s, phrases like “Data is the New Oil” and “Data is the New Gold” indicated, if nothing else, a widespread marketing push for bragging rights on what software engines could make the use of the most data. Yet, like paralysis by analysis for athletes overthinking their golf swing or basketball shot and subsequently underperforming, an overload of data points can choke the gears of an organization by wasting time and energy on information of questionable utility. IBM Watson is in the midst of an advertising push around this topic, including a video spot titled “6 seconds on how Watson learns more from less data.” The message here is clear: avoid distraction and focus on what matters.

In 2018, there’s growing recognition of the importance of analyzing the right data to make decisions: think deep, not wide, and think real-time. As an industry, we’ve created so much noise in cybersecurity – leading to attention difficulties, organizational inefficiencies and ultimately, reduced security posture – that it’s on us to focus on the right information to address security risk, rather than data for the sake of data. From Yahoo’s $350 million drop in acquisition cost (the result of perhaps nearly all of its 3 billion of its users being compromised) to Equifax’s$4 billion hack-related decline in market cap last year, the stakes are clear. As we’re well aware, many of the worst hacks in business history were not only preventable, they were due to basic software issues or the simplest of human errors. Weak passwords and phishing attempts come to mind.

At Preempt, we buy into the less is more. What you need is deeper data with more context rather than many wide data sets that can create clutter and obscure the prize. We see identity as the single most important concept for your organization’s security posture. Identity is your perimeter: who are the people accessing your most sensitive data and applications – are they are who they say they are?

Identity, behavior, devices, anomalies, and risk all play a real-time role – and real-time enforcement is quantifiably more advantageous than reactive response.  And my CISO customer agrees. “It’s a force multiplier.” By having a real-time comprehensive view of identity, behavior and risk its possible to start using that data to gain an advantage and take on a more proactive approach that can work for you 24/7 to preempt threats before impact.

Learn more about the future of cybersecurity: our Security Evolved whitepaper outlines a new approach for enterprises to enhance their existing security infrastructure, rather than outright replacing it. Download it here.


*** This is a Security Bloggers Network syndicated blog from Preempt Blog authored by Heather Howland. Read the original post at: