This blog was written by Grant Bourzikas, previous CISO at McAfee.
As cyber threats grow increasingly sophisticated, staying ahead of bad actors is proportionately more challenging. Hackers, data theft, and viruses have been around for decades, but the stakes have raised significantly. The WannaCry ransomware attack last year was the first time we’ve seen worm tactics combined with ransomware on a major scale, infecting at least 350,000 victims in more than 150 countries. WannaCry brought sci-fi futuristic threats into the present, and it made the theory of threats personal.
To create a culture of security that extends to every person, our professional cybersecurity defenses need to be as robust and efficient as possible. We need to keep our edge on cybercriminals, ensuring our teams are equipped to anticipate and outwit their next move. At McAfee we operate on the principle that the most effective defense is built on a cybersecurity platform that is both open and integrated. This allows it to accept new technologies as threats evolve as well as work together with other systems as a cohesive defense.
Staying ahead requires more than just keeping up with the current trends on Artificial Intelligence (AI) or advanced analytics. We must employ advanced practices and continually focus on improvement to reduce risk and vulnerability.
Use human-machine teaming
It’s clear that machines alone will not save us from the next cyber threat. With all the benefits of AI and machine learning, we still need humans to match the ingenuity of the criminals on the other side. The concept of human-machine teaming can drive us forward, taking advantage of the strengths of each for a more efficient and effective outcome. The lag between a person noticing an issue and the machine helping address it gives attackers the upper hand. But when we put the human in the AI algorithm loop, the machine is able to learn better to proceed in new scenarios while the human continues to adapt and focus on higher-value tasks.
Evolve the SOC
While endpoint and cloud are the critical control points for cybersecurity, the Security Operations Center (SOC) is the central analytics hub and situation room. This is where dedicated resources reside for incident detection, investigation, and response – and where continuous innovation is vital for keeping ahead of increasingly sophisticated attacks. Unfortunately, research shows more than a third of all companies are approaching cybersecurity manually. This will not be sustainable with the volume of data to keep up with. In fact, 25% of security events go unanalyzed. Establishment of an advanced SOC requires integration of data, analytics, and machine learning.
There are more than 1,200 cybersecurity vendors in the industry, but there are thousands more online dangers ready to challenge them. On top of that, 67% of customer respondents to a McAfee ePO study this year indicated that analytics and operations investments are being impaired because of too many point solutions, instead of using an integrated platform. More than ever, we need to work together – and make sure the tools we’re developing work together too. In support of this, the OpenDXL open source project enables more applications to run across the McAfee Data Exchange Layer (DXL) fabric, building an ecosystem of companies collaborating in an information/intelligence exchange. With more than a dozen participants and new ones ready to join, enterprises gain secure, near real-time access to new data and instant interactions with other products.
The need to continue sharing best practices and collaborate is of paramount importance. We can’t take our eyes of the threats right in front of us, but we must also step back to evaluate the big picture and keep our sights on the future. Only by working together can we create a global culture of security.
Advanced Practices for Keeping an Edge on Bad Actors
As the volume and sophistication of threats increase, we must continue evolving our cybersecurity defenses to stay ahead of attackers. McAfee has identified some key strategies to help be prepared in the face of unknown threats.