To defeat cyber crime, humans and robots are going to have to learn to work together. A new McAfee report released today sees a best case scenario where human “threat hunters” team with automation and machine learning technology to fight back against digital thieves.
The Need for Cybersecurity Automation
The report — Disrupting the Disruptors, Art or Science? — makes it clear humans acting without help can’t deal with the volume of data needed to thwart cyber attacks. It also stresses that one hand washes the other when it comes to the partnership between humans and technology in the fight against cyber attacks.
Humans on the Hunt with Sophisticated Tools
The new report classifies companies as mature and immature. The immature ones give their human cyber criminal hunters sophisticated tools and data and turn them loose in an ad hoc manner. But as these businesses mature, they come to rely on automation, analytics and other tools and refine their hunting techniques. The survey shows that once these processes are fully intertwined, the companies that are the most mature are more than twice as likely to automate large parts of their cyber crime investigations.
The results are 70 percent of these investigations are closed in a week or less. This compares with a rate of less than 50 percent for companies that haven’t optimized this balance between humans and machines.
Mo Cashman, Enterprise Architect and Principal Engineer for McAfee makes an important point about not putting the cart before the horse in the company’s Threat Hunting Report Executive Summary.
The Right Technologies
“This research highlights an important point: mature organizations think in terms of building capabilities to achieve an outcome and then think of the right technologies and processes to get there. Less mature operations think about acquiring technologies and then the outcome,” Cashman writes.
The tools these firms use also vary with their maturity levels. For example, the organizations classified as the most mature are more than three times more likely to consider using various automation tools. These include user behavior analysis, endpoint detection and response as well as sandboxing. As the name suggests, sandboxing is about isolating suspicious programs or code so they can be tested separately without endangering your systems.
Customizing and Optimizing
Customizing and optimizing also play key roles for the more successful organizations. Security Information and Event Management (SIEM) coupled with custom scripts are just two of the techniques used to automate processes. The human cybercrime fighters working in more mature firms spend 70 percent more time customizing techniques and tools.
The report also underlines the correct use of threat intelligence as another secret sauce to getting the best results.
Human Decision Making
The processes comes down to combining human judgement and intuition with pattern recognition and speed of automation. The report also stresses that human decision making can make a big difference. It notes successful teams fighting cyber security breaches use a tried and tested process. The Observe, Orient, Decide, and Act template was first documented by U.S. Air Force Colonel John Boyd .
The McAfee report surveyed 700 IT and security experts from firms with 1,000 to more than 5,000 employees worldwide.
Implications for Your Business?
Realistically, if you start your business from a laptop on your kitchen table or in the den, you may not have an IT team. But it’s probably a mistake to believe you’ll be too small to avoid the notice of cyber criminals.
And after your business has lost important client data, it’s too late to be thinking what you might have done. One thing the MacAfee survey highlights is the partnership between human judgement and automation.
Even in the early days, look for software and apps that can help you automate some of your security. You’ll need to pay attention and update your systems regularly when patches and security improvements become available. Combine human judgement and automation to keep your data safe even when you can’t afford an IT team.