How AI-enabled security can turn cyber novices into security ninjas

Featured eBooks
The State of Trust in Government
Cybersecurity in State and Local Government
Building Data Literacy in the State and Local Workforce
By Darien Kindlund and Grant Wernick
 

Connecting state and local government leaders

By Darien Kindlund and Grant Wernick

|

When security analysts are freed from the technical shackles of traditional data science, they can harness their expertise and creativity to rapidly ask questions of big data, test theories, explore and validate their ideas.

We all like to think that government agencies have the edge when it comes to delivering the latest and most innovative cybersecurity management and threat detection. However, a recent White House report of cyber risks across 96 federal agencies revealed a slew of legacy IT systems that fall short in delivering critical results, and a significant shortage of trained cybersecurity personnel.

Just as in corporate environments, the security operations center of a government agency is a barrage of alerts that turn SOC professionals into traffic coordinators rather than intuitive and investigative defenders of an enterprise. And the complex process of building lengthy queries to dig into the swamp of security data leads to many inefficiencies in protecting data and identifying risks. When time is of the essence, it's critical to have the ability to stop security threats before they become a real problem.

Instead of staring at static and outdated security dashboards or waiting on the too few technical experts to run their queries, what if security analysts -- including novices and non-technical users -- could ask questions of their data and get answers, no matter where the data resides. They could find out:

  • Which hosts are vulnerable this week versus last week?
  • Which users have successfully logged in during non-business hours today?
  • Which vulnerable hosts have failed updates this week?
  • Which users successfully logged into infected systems today?
  • Which users successfully logged in more than 5 times within a 15 minute timespan this week?

A transformative interface that allows security analysts to quickly expand, pivot or correlate related intelligence using plain-English questions is critical for agencies countering an evolving threat landscape. 

Addressing cybersecurity challenges

Successful cybersecurity operations consist of effective tools, efficient processes and highly skilled people.  In today’s threat landscape, achieving these goals remains elusive to most chief information security officers, partly due to an increasing shortage in talented staff.  In 2017, the National Initiative for Cybersecurity Education reported that 285,000 cybersecurity roles went unfilled in the U.S. alone.  The specialized skillset required to respond, investigate and remediate cyber threats has become highly valued -- and all sectors struggle to keep pace with demand.

To address this widening gap, security organizations within government agencies have turned to various training and certification programs and rely on rigid structures and alert frameworks.  Rather than hire experienced cybersecurity staff, non-traditional workers are trained, certified and now protect the enterprise -- by following static procedures and watching prebuilt security metrics.

But as the threat landscape evolves, these newly minted analysts are not prepared to harness their intuition and truly succeed in the timely manner that’s needed.

Turning novices into ninjas

To change this familiar pattern, we recommend a whole new approach for creating a threat detection skillset that is more creative, proactive and comprehensive. By implementing the following three strategies, security teams can become the ninja warriors, threat detectors and the problem solvers their agencies are counting on them to be.

1. Unleash curiosity and creativity. Security teams aspire to be heroes by protecting the security of their organization, yet they struggle with complex search query languages. Natural language processing (NLP) has made it easy for analysts of all levels to ask questions of their data in plain English. By embracing a culture of data curiosity and continuous learning, security teams can be inspired.  One question of the data sparks another one, and before long, analysts can explore the data, map findings into context and uncover valuable results.

2. Augment human intelligence. Security teams should adopt technologies that will augment human intelligence and create a dynamic environment of automated queries running at intervals, asking probing questions of the data. This automated capability can replace static dashboards and quickly surface anomalies. Security teams should also experiment with new detection approaches, using data-driven metrics that are based on past threat activity. Another creative approach is to hunt for "cold cases," investigating new variations of tactics used by past threats in order to uncover related activity.

Only by thinking like attackers, can security teams start to focus on new, creative ways to improve cybersecurity measures and operations within the agency.  The flexibility to experiment, test and validate is crucial, as most ideas are costly to operationalize.

3. Know what the data can do. Before security teams can ask questions of their data, they first need a good understanding of what data they have, how it’s organized and what questions that data can and cannot answer. A data assessment exercise helps security teams get their data in peak performance.

Applying AI for intelligence augmentation

Intelligence augmentation allows analysts to harness their expertise and creativity to rapidly ask questions of big data, test theories, explore and validate their ideas -- free from the technical shackles of traditional data science.  IA methods empower analysts to use artificial intelligence,  or more specifically NLP search interfaces, as a tool for exploration of data sets and domains that might be unapproachable otherwise.   Envision an immersive interface where security teams can ask very specific, creative questions like, “Show me systems with failed logins from China followed by network traffic to China within the next 5 minutes.”  The interface seamlessly translates the question to multiple big data queries, generates multiple interactive visualizations in seconds and inspires the analyst to explore further.

Many analysts have great ideas, but few can quickly act on them.  To succeed and grow, this must change.  IA empowers teams to experiment, explore, anticipate and think beyond the status quo. 

In government, decentralized security operations centers and the lack of standardized IT capabilities makes it challenging to adopt new technologies. Effective cybersecurity requires organizations to identify, prioritize and manage cyber risks across the enterprise. With the rise of cybercrime -- predicted to hit global damages of $6 trillion annually by 2021 -- bold steps must be taken to improve security and protect data. Advancements in IA offer one of those bold moves, which starts by simply asking questions of the data.

NEXT STORY: National lab eyes blockchain for energy grid security

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.