Author: Madhukar Govindaraju, Senior Vice President of Engineering
It is a well-known fact that computing has become part of the fabric of our everyday lives, and the foundations of modern society are becoming more digital every day. Data, information, knowledge and communication platforms, and networks have — for the most part — transformed how we live for the better, but society must still confront some long-standing and evolving challenges. As the number of people, computers, and devices that connect to the Internet continues to increase, cyber threats and attacks are becoming more sophisticated in their ability to gather sensitive data, disrupt critical operations, and conduct fraud.
Data Strategy & The Quest for a Reliable Source of Truth
Although most CIOs today are generally very excited about data and analytics, they are all facing the persistent reality that there are still too many silos of data, i.e., too many sources and versions of “truth.” The quest for the “network of truth” — where all unprocessed data resides in the same place and serves as the foundation for dynamic business/security intelligence — has forced many companies to start revisiting their investments around so-called best-of-breed data stovepipes.
These stovepipe systems were chosen by individual business units, but never matured into a single platform to drive business growth across an entire organization. Even global software corporations, such as Microsoft or SAP — that have no lack of database technologies and analytics platforms — struggle to find accurate knowledge about their customers. The glamour and promise of leveraging new Big Data management platforms and machine learning, AI, and analytics, across a global enterprise has unfortunately not resulted in sound, future-proof strategy from a CIO’s perspective.
Although it is 2017, a CIO is still faced with the same dilemma they encountered in 2007. For example, should they invest in best-of-breed data lakes based on organizational silos, or should they deploy a scalable data management platform that could be used company-wide to grow the business?
This question is very analogous to the dilemma faced by CIOs in mid-90’s and the decade following Y2K: invest in best-of-breed CRM, HR, financial, and supply-chain applications separately, or invest in an ERP system that is fully integrated company-wide? And will the latter allow them to adapt and scale as the business grows, or should they move to the cloud and invest in best-of-breed SaaS applications? These questions should have been framed, then, within the context of supporting the business for the next decade, as they should be now.
Data Security Strategy & ROI
Today, CIOs are faced with a similar dilemma in this new area of cybersecurity. Cyber threats are often characterized as technically advanced, persistent, well-funded, and motivated by profit or strategic advantage. Behavioral analytics has become a valuable asset to all Internet users, organizations, governments, and consumers, who all face a myriad of threats that are anything but static.
CIOs are now asking their teams, “Should I buy best-of-breed endpoint systems, malware detection/isolation systems, firewalls, etc.? Should I invest in an enterprise-wide Big Data platform, where I can identify all the users and devices, and their behaviors, and build our knowledge of what good behaviors are, so I can allow my security operations teams to detect, identify, and isolate bad behaviors?”
Most savvy CIOs are choosing to invest in all of the above: best-of-breed defenses augmented by enterprise-wide User Entity Behavior Analytics (UEBA) platforms that can scale as the business and the network of connected users and devices grows.
Big Data & Machine Learning
Large companies are beginning to realize that multi-year investments in stovepipe cybersecurity tools are lacking, especially when Big Data and machine learning platforms are helping the leading companies more effectively identify insider threats, as well as lower their long-term costs. As companies grow and their networks and proliferate across the world, security operations costs will continue to increase if log-data-centric analytics tools require a large trained team of SOC analysts and threat hunters to manually identify cyber threats. CIOs need to rethink this strategy and leverage modern machine learning-based platforms to continuously detect threat-like activity and model new threat behaviors as their business grows. Savvy CIOs are investing in comprehensive platforms for enterprise-wide behavioral analytics with user and device intelligence to help their organizations:
- Learn how their users and devices behave to provide accurate internal intelligence and risk scoring
- Automatically analyze past user behavior over multiple years to detect indicators of account takeover, compromised machines, etc.
- Rank suspicious accounts and devices based on their severity, activity, and criticality
- Provide security analysts with immediate context around any suspicious activity for root-cause analysis, such as function and location
- Investigate historical patterns
- Leverage Big Data analytics and machine learning for building advanced threat models based on continuous, closed-loop learning to evolve as the organization grows
- Rely on machine learning capabilities and machine-delivered intelligence to streamline and build best-in-class security operations teams
There is No Success Without Effective Communication & Leadership
All too often companies misunderstand the value of their cybersecurity teams and underfund their development. At the same time, many of these teams struggle to communicate to leaders the importance of having a well-funded security program. These struggles can lead to serious gaps between the resources allocated to cybersecurity and the actual support needed to properly protect corporate and customer information.
In one of their cybersecurity reports, Harvard Business Review points out:
“The prevailing approach to security is compliance-focused, cost-constrained, peripheral to the core business, and delegatable [sic] by C-suite leaders. Working on a team like that isn’t fun inside any enterprise, and it loses against 21st-century adversaries who know that it’s more fun to be a pirate than to join the Navy. Any defense is only as good as the people doing the defending. The new model of security needs to be about mission and leadership, ensuring that we have the best defenders up against the best attackers. Security is no longer delegable, and the mission of security teams must be synonymous with the mission of the company.”
So, the big question for all CIOs becomes: Is now a good time to be paranoid about cybersecurity risks and tackle this dilemma head-on? We’d say yes. The recent wave of ransomware attacks clearly make this a must-solve for all CIOs — and we recommend sooner than later.