Emerging technologies provide quicker countermeasures against security threats
A direct relationship exists between how quickly a business can identify and contain a security incident and the financial consequences. On average, the time to identify and the time to contain a threat are 229 and 82 days, respectively — alarmingly lengthy spans of time.
The following emerging technologies provide countermeasures for quick identification, containment, isolation and elimination of security threats that can significantly minimize the destructive effects of a cyber-attack.
User Behaviour Analytics is a technique that captures the way users interact with systems and devices. Activity such as the amount of pressure exerted on a keyboard, swipe patterns on a touchscreen, and applications typically opened can be identifiers as unique and personal as physical biometrics. Security analysts can leverage these analytics to monitor and identify suspicious behaviour.
Machine learning is a technique that observes the daily operation of a network to create a baseline of what is considered “normal” and compares that baseline against activities, processes and network traffic in real time. When behaviour deviates from legitimate or acceptable performance it is flagged as anomalous and potentially malicious. Security analysts can leverage this knowledge.
Deception technology is a technique that considers the cyber-attacker’s point of view and methodology for exploiting and navigating networks. Attractive traps consisting of systems, users or data are covertly mixed among existing network resources attempting to lure a potential cyber-attack. Security analysts can leverage the alerts generated by these decoys to take the appropriate actions required to stop the threat or perform forensic activities while collecting data for legal or intelligence purposes.
Visual Intelligence is a technique to change abstract data into pictures to visualize patterns and more easily identify key changes. Security analysts can leverage the visualization to contain cyber-attacks by utilizing the patterns of interest to determine if an unwanted threat is moving laterally through the network.
Eric Schlesinger is the Chief Information Security Officer for Polaris Alpha (www.polarisalpha.com).
This article originally appeared in the March/April 2018 issue of Canadian Security.
Most Popular Stories
ASIS Toronto - Student Appreciation Event
March 21, 2019
Canadian Technical Security Conference
April 2-4, 2019
April 10-12, 2019
26th Annual ASIS Toronto Best Practices Seminar
April 17, 2019
Security Canada East
April 24, 2019