New Age Automation May Be the Only Way to Keep up with the Sophistication of Threat Actors Going Forward

  • Self-Defending Networks - Self-defending networks and the technology that will enable them are in their infancy. This is supported by only 15% of respondents who think their importance is "very high." However, significant building blocks are available today like advanced protocols such as 802.1X, host-based IDS/IPS, endpoint firewalls, anomaly detection and new, advanced AV. The real challenge is making these cutting-edge technologies interoperate.
  • Application Level Defense - Companies have spent a great deal of money securing their network perimeters. This is evidenced by the sheer firewall numbers out there. Threat actors now bypass perimeter defenses by targeting the application layer. By exploiting application vulnerabilities, attackers find a plethora of valuable data, connections and cause incredible levels of damage. This area proved to be of moderate/high importance to less than half of companies (49%).
  • Machine Learning with Data Aggregation - Log aggregation was the panacea for security just five years ago. The outcome of the aggregation effort was a arrival of pools of data we could not decipher efficiently. Enter Machine Learning. Now we can look at logs, decide actions, and start execution in milliseconds! And yet, only 43% of companies see this as moderate/high importance.
  • Anomaly Detection Software - Anomalist patterns are the target here. Not compared to a baseline but rather known behavioral patterns. This threat is the most difficult to find as it involves so many systems. This is the direction for many of the largest enterprises, but overall only 50% see this as moderate/high importance.

We as security experts need to inform and educate. A posture of 'status quo' only works when the threat is standing still, and these threats are not. The key to stopping threat actors going forward will be moving quickly to automation.