AI can play a huge role in attack simulation and user behavioural analytics, exposing anomalous situations at scale for more refined analysis, says Marco Rottigni, Chief Technical Security Officer, EMEA at Qualys.
If we look at the security landscape today, there are hundreds, if not thousands, of vendors in the market. What is more concerning is that – on average – a small organisation uses 15 to 20 security tools, a medium-sized one uses around 70 and a large enterprise could be using up to as many as 130 different cybersecurity solutions.
Many of these solutions are specialised, offering very niche functionality but all of them are producing an overwhelming number of events, logs, data. To make matters worse, today’s IT estate is perimeter-less and more ephemeral and geo-fragmented than ever. To combat these challenges, organisations should focus on going back to basics and to develop fundamental capabilities.
This means gaining visibility and awareness of what exists across the digital landscape, understanding vulnerabilities and possible breach-points across their environment and prioritising remediation and response. CISOs today essentially want to achieve three goals — risk mitigation, operational efficiency, and sustainable compliance.
At an operational level, this requires having complete visibility across the very diversified IT estate; accuracy in detection to minimise false positives and negatives; enriched context about data such as exploitation, exposure, non-discoverable metadata and cyber threat intelligence; an integrated or API-based communication within the same platform, or across solutions, in order to guarantee velocity; and controlled automation in response.
Arguably the most important innovation has been better integration among platforms, leveraging API-based integration to reduce the friction, while augmenting the velocity of secure information flows.
To a certain extent, artificial intelligence could play a remarkable role in the field of attack simulation and user behavioural analytics, exposing anomalous situations at scale for more refined analysis. Controlled automation will need to show that a previously existing process or procedure can effectively be executed in less time; a vulnerability lifecycle management solution must prove that the context provided enables proper prioritisation of threats, resulting in a shorter time to remediate.
Future skills
The focus will shift from hard skills towards more soft skills. Example of these are the ability to quickly correlate contexts, to connect the dots and understand a set of events from a higher holistic standpoint; clarity of communication and the ability to express complex concepts while adapting them to different audience types; and the ability to interpret cyber threat intelligence and map it to events detected by the technology stack.
Cybersecurity professionals will need to become a live part of an orchestrated workflow in which they will interact closely with the technology stack — humans will take on the more noble role of making crucial decisions, while repetitive operations and the analysis of large amount of data will be left to an integrated and interoperable technology stack.
Product suite
Qualys is a provider of information security and compliance cloud solutions. Leveraging a cloud platform architecture, built over the last two decades, integrated combination of 20+ cloud apps enable our 15700+ customers in more than 130 countries to harmonise IT, security, and compliance processes, with the lowest impact on resources, while maximising operational effectiveness and efficiency.
Qualys recently announced Vulnerability Management, Detection and Response – a solution that unifies workflows for discovery of what exists in a digital IT estate, detection of the vulnerabilities, enrichment of the context with cyber threat intelligence, understanding exploitability and security posture according to CIS compliance benchmarks, prioritisation of response and remediation with patch management.
By Marco Rottigni, Chief Technical Security Officer, EMEA at Qualys.