Emerging technologies provide quicker countermeasures against security threats
By Eric SchlesingerFeatures Expert Advice Opinion annex containing a security incident countermeasures deception technology eric schlesinger expert advice machine learning security analysts user behaviour analytics visual intelligence
A direct relationship exists between how quickly a business can identify and contain a security incident and the financial consequences. On average, the time to identify and the time to contain a threat are 229 and 82 days, respectively — alarmingly lengthy spans of time.
The following emerging technologies provide countermeasures for quick identification, containment, isolation and elimination of security threats that can significantly minimize the destructive effects of a cyber-attack.
User Behaviour Analytics is a technique that captures the way users interact with systems and devices. Activity such as the amount of pressure exerted on a keyboard, swipe patterns on a touchscreen, and applications typically opened can be identifiers as unique and personal as physical biometrics. Security analysts can leverage these analytics to monitor and identify suspicious behaviour.
Machine learning is a technique that observes the daily operation of a network to create a baseline of what is considered “normal” and compares that baseline against activities, processes and network traffic in real time. When behaviour deviates from legitimate or acceptable performance it is flagged as anomalous and potentially malicious. Security analysts can leverage this knowledge.
Deception technology is a technique that considers the cyber-attacker’s point of view and methodology for exploiting and navigating networks. Attractive traps consisting of systems, users or data are covertly mixed among existing network resources attempting to lure a potential cyber-attack. Security analysts can leverage the alerts generated by these decoys to take the appropriate actions required to stop the threat or perform forensic activities while collecting data for legal or intelligence purposes.
Visual Intelligence is a technique to change abstract data into pictures to visualize patterns and more easily identify key changes. Security analysts can leverage the visualization to contain cyber-attacks by utilizing the patterns of interest to determine if an unwanted threat is moving laterally through the network.
Eric Schlesinger is the Chief Information Security Officer for Polaris Alpha (www.polarisalpha.com).
This article originally appeared in the March/April 2018 issue of Canadian Security.
Print this page
- Book review: newsmakers and fakers
- Three new attempted murder charges for man accused in Toronto van attack