maxkabakov - Fotolia

Cyber security innovation is crucial, says security evangelist

Visibility and automation are key areas of cyber security innovation, but firms should concentrate first on the basics and not overlook the human element of security

Innovation in cyber security is crucial in levelling the playing field in the fight against cyber crime, according Ben Johnson, chief evangelist at Bit9 + CarbonBlack.

“The fact that large, well-resourced companies are getting hacked on a daily basis shows the need for innovation because current technologies are not working,” he told Computer Weekly.

“Attackers are continually innovating and evolving their capabilities, so there needs to be innovation and evolution of defence capabilities to achieve any success,” he said.

However, according to Johnson, many companies need to bring their basic security in line with best practices before they consider leading edge cyber security technologies.

“Basic cyber hygiene is typically lacking, and just by getting the basics up to scratch companies could reduce 90% of their cyber risk,” he said.

“We typically see organisations failing on basics such as configuration management, access control, segmentation of networks and network monitoring for anomalous behaviour,” he said.

Other common problems include the fact that many companies are unable to identify or say where their most important information assets are located.

Johnson said there is no point in organisations worrying about so-called “advanced” threats if they have not done the basics properly.

“If you have 1990 infrastructure, it does not mean you are safe just because you install a 2015 tool. Attackers will always use the easiest method to achieve their goals and typically rely on common, well-known vulnerabilities, only using more sophisticated tools as a last resort,” he said.

Improved visibility

An area of cyber where even mature organisations struggle, he said, is visibility and understanding of their key information assets and what is going on in their networks.

According to Johnson, a key area of innovation is focused on enabling organisations to identify and locate their key information and other computing assets, and to see what is executing on company servers, what is making connections, where users are logging in and what data coming into and going out of their networks.

“Improved visibility is important because it enables organisations to remove unnecessary network and access privileges, track data movements, limit what applications can run on particular computing assets and reduce how much control users have over their systems and their ability to install malicious software inadvertently,” he said.

Best-of-breed tools

Another important area of focus for cyber security innovation is automation and orchestration.

“Many companies are no longer buying all the different pieces of their security stack from a single supplier, opting instead to adopt a best-of-breed approach in selecting the best tools and technologies for particular security functions,” said Johnson.

The companies that are doing the best from a security point of view tend to be those with highly tailored or customised security stacks to their strengths and weaknesses, he said, which they are integrating into the workflows of their security teams.

However, this means companies following this best-of-breed approach are increasingly in need of ways of orchestrating all these tools and technologies from different suppliers to create richer security data and enable automated detection of compromise and responses to alerts.

In some instances, where companies are finding emerging technologies that show potential in meeting their needs, they are making investments to help develop these technologies into commercially viable products.  

“There is a growing need and desire to automate and correlate the collection of information from all the different tools and technologies that make up an organisation’s security stack,” said Johnson.

According to Johnson, “enrichment” is the new cyber security buzzword and refers to this idea of alerts made up of data from multiple sources to enable human analysts to make faster and better decisions.

Automation is key

Innovation around the concept of orchestration is also aimed at enabling organisations to roll out remediation actions across all relevant components of their security stack.

“Being able to do things such as blocking websites, shutting down processes and resetting user credentials quickly in an automated or orchestrated fashion is where a lot of cyber security innovation is currently focused,” said Johnson.

Automation, he said, is widely considered to be a key area of innovation because there is a lot more that can be done in this area to counter increasingly automated attacks that are capable of overwhelming security teams and traditional defences.

“Some security suppliers are already building in connectors with products from other suppliers, but there is still no mature enterprise-wide orchestration system or correlation engine where all these different pieces of information are being pulled together to give a better picture of what is going on, so I expect to see things continuing to heat up in this area,” said Johnson.

Cyber security innovation

In addition to visibility and automation, he expects to see an increasing amount of cyber security innovation to support enterprise use of cloud-based services and mobile computing devices.

“Most companies have to deal with the fact that much of the investment they have made in security on-premise computing devices is no longer relevant. This is because employees are increasingly using devices that are no longer plugged into the company network to work remotely,” said Johnson.

This trend in combination with the increasing use of cloud-based services means most companies are looking for new ways of keeping employees secure, which means that these are likely to be the key areas of cyber security innovation in the near future.  

But technology aside, Johnson said it is important for organisations not to overlook the importance of cultural buy-in and the fact that security is a “team sport”.

“Everyone in an organisation needs to understand that security is ultimately about human beings. It is humans that discover breaches, it is humans that do defence, it is humans that get alerts and need to decide how to respond,” said Johnson.  

Understanding the human element of security, he said, typically guides security budgeting, training and recruitment.

Read more about security innovation

Read more on Hackers and cybercrime prevention