Rise of the Machines – on Both Sides of the Cybersecurity War
The theme of the recent ICIT Forum was “Rise of the Machines”, a call to recognize the vulnerability of an infrastructure increasingly under control of computers. The steady increase in connected systems mandates a broad range of strategies – managing supply-chain risk, analysis of huge amounts of data through machine learning, dealing with the insider-threat problem, sealing up holes in applications. I had the privilege of discussing threat intelligence sharing on a panel with Todd Helfrich of Anomali, John Kupcinsky of KPMG, and Ana Beskin of Amazon.
First, we looked at the role of threat intelligence in overall risk strategy. While threat intelligence can help guard against current attacks, it can also identify trends and form part of an overall predictive analytics system to mitigate risks in advance – a key goal in getting ahead of the bad guys.
Threat intelligence is gaining traction in the market, but there are still some barriers to adoption, especially for government agencies operating in classified environments. Consuming threat intel from the outside is helpful, but sharing out can be a problem. Indicators of compromise typically identify the targeted organization, and can thus be helpful to potential attackers. Anonymizing threat data would help, but the technology for anonymization is still deficient.
To leverage threat intelligence fully, think in strategic terms and consider adjacent technologies as force multipliers. Machine learning systems can correlate external threat intelligence data with internal telemetry to identify, or even predict, attacks. Your sandbox can analyze and identify malware, and either share the information with the outside world, or incorporate it into your own internal risk and vulnerability management program.
Strategically, think about a crawl/walk/run approach. Start with the essential plumbing: the systems that consume and share out threat data. From there, look to make the threat data actionable, manually at first, then automatically. With a firm foundation, predictive analytics approach becomes feasible.