Survey Finds Security Teams Betting on Machine Learning
Machine learning is being tapped as a way to cut through the security data deluge
A global survey conducted by Enterprise Strategy Group (ESG) of 456 cybersecurity and IT professionals on behalf of Oracle and KPMG has found organizations are being overwhelmed by data and are hoping to get some help via machine learning.
According to the survey results, fewer than one-third of respondents can analyze more than 60 percent of the security event and telemetry data they collect. Only 12 percent can analyze more than 75 percent of the data they collect.
More than half of survey respondents (53 percent) said they plan or have started to invest in machine learning technologies to help analyze that data. Top use cases for machine learning within the context of cybersecurity include embedding these technologies within a security analytics and operations platform (23 percent), within an identity and access management solution (17 percent), as part of larger cloud security strategy (16 percent) or within a managed security service (15 percent).
The survey suggests much of the need to rely on machine learning algorithms is being driven by lack of visibility into and control over an IT environment that has become highly distributed. A full 70 percent reported their organization is making greater use of cloud applications year over year, with 93 percent saying that rogue use of cloud applications is an issue in their environment.
Cybersecurity teams continue to wrestle with issues related to a shared security model implemented across internal IT teams and cloud service providers. A full 82 percent of respondents said their organization has experienced a security event that can be traced to confusion stemming from that shared security model. That issue is likely o become even more difficult as more data moves into the cloud. Nearly half of respondents (49 percent) said they expect their organizations to store more than half their data in a public cloud by 2020, and 71 percent described their data stored in public clouds as sensitive.
On the plus side, nearly three-quarters of respondents (72 percent) said they view public clouds as much more or somewhat more secure than what can be achieved in an on-premises IT environment.
The top cloud security challenges identified by survey respondents included detecting and reacting to security incidents in the cloud (33 percent), lack of skills (29 percent), lack of alignment between security and IT operations teams (27 percent), unauthorized usage of cloud services (26 percent) and lack of visibility across the data center and endpoint surface (24 percent).
Not surprisingly, survey respondents identified email phishing with malicious links (27 percent), malware that moves laterally across their data center (23 percent), the misuse of privileged accounts (19 percent) and zero-day exploits (18 percent) as cybersecurity issues they have dealt with during the past two years. Typed of threats identified as most concerning are known vulnerabilities and lateral malware, tied at 58 percent, followed closely by credential stuffing (57 percent) and zero-day vulnerabilities (53 percent).
Respondents cited a number of reasons why they aren’t able to implement patches to potentially address theses issues, including the adverse impact of downtime on service level agreements (46 percent), software compatibility (45 percent), lack of approval (40 percent) and the low ROI on risk versus effort (40 percent). That said, a full 89 percent have or plan to implement automated patch management.
Greg Jensen, senior principal director of security at Oracle, said given all the cybersecurity risks and challenges organizations face, there should be little wonder why in some quarters these days the title CISO stands for Crisis Induced Sacrificial Offering rather than Chief Information Security Officer. Regardless of who is held accountable for cybersecurity, however, it’s apparent that much is riding on investments in machine learning and other forms of automation to level a playing field that currently is tipped against cybersecurity professionals.
— Michael Vizard
