Accelerating the Road to Risk ManagementRSA and Secureworks Chief Technology Officers, Dr. Zulfikar Ramzan and Jon Ramsey, discuss next-gen technologies and how taking a risk-based approach is critical as businesses face an evolving threat landscape. By: Secureworks and RSA
In cybersecurity, new threats and vulnerabilities are appearing at a break-neck speed – faster than any one security team or analyst can manage. And as new technologies create opportunities to innovate and streamline, businesses must weigh the benefits against the associated security risks.
If the security incidents of the past 12 months have taught organizations anything, it's this: it's not a matter of if, but when an incident will occur. As such, cybersecurity is becoming a top-of-mind business imperative – even at the C-Suite and Board levels.
As organizations adopt next generation technology, such as machine learning, artificial intelligence (AI) and Internet of Things (IoT), business leaders must work with their security teams to ensure risk management isn't an afterthought.
What risks should organizations be preparing for, and what trends should security teams begin embracing to manage digital risk?
Highlights from this discussion:
What should organizations be doing to better security their organization when pursuing digital transformation?
- Zulfikar Ramzan: I think having a security mindset from the beginning is very powerful. As we think about new technologies to adopt, we have to think about how to adopt those technologies in a safe-to-save fashion. So, the first step is taking a step back, identifying what matters most to the organization (at a business level) and making sure the security strategy aligns with the overall business strategy.
- Jon Ramsey: A business-driven approach to security is crucial. I would say that the strategy also needs to include not just technology, but the people and process components to really be effective – and you probably want to include threat intelligence with that. So, you’re not defending yourself from everything all the time; you’re defending yourself from the things you need to defend yourself. You need to defend the things that are important to the business.
With the proliferation of IoT, connected devices and AI, do you think there’s a need now for standardized security guidelines?
- Jon Ramsey: In the IoT space, it’s important that it’s a market-led initiative and not necessarily a regulatory compliance initiative and that the market, when necessary, like in medical devices, will force the kind of resiliency and security you would need in a device like that. I think what’s happening now in that market is the IoT providers are assuming that the environment is going to defend the IoT device and the environment providers are assuming that the IoT devices are secure. And so, the assumption between the two is causing an issue where there’s a lot of vulnerability.
- Zulfikar Ramzan: The average consumer doesn’t understand the nuances of security. So, I think it’s going to have to be a healthy balance between trying to create some guidelines. I don’t want say the word “standard” because that’s too force-fitting and too rigid, but maybe guidelines. Maybe there’s some equivalent of a UL certification of some sort related to IoT devices, and people who are certified against it can find ways to market that as an advantage. But I’m not sure if that’s the right solution. I think that’s one of many possibilities, but without some type of overarching framework to think about IoT security, our consumers are going to be left in the dust in terms of figuring out the right thing to do.
In thinking about IoT and AI, there’s real opportunity in the security operation center (SOC) environment to leverage these tools. Do you agree?
- Zulfikar Ramzan: I think the reality is that we don’t have enough analysts out there to deal with every single security issue that we can possibly handle. And what artificial intelligence does is it acts as a force multiplier. It makes analysts, to some degree, more powerful. Because on the one hand you could use AI to surface the most relevant, interesting events. You could use AI to detect interesting events, as well, and reduce the load on the analyst. To me the third place where AI will be used in the SOC, is learn how you do effective response automation and orchestration. That is a burgeoning area because the reality is, everyone’s got all these vendors and they’ve got to make all these technologies work together. By applying analytical techniques, including machine learning and AI, we’re going to be able to find new ways to orchestrate technologies and really help the security operation center out considerable.
- Jon Ramsey: We want analysts spending time - as threat actor tactics change - studying the threat actor tactics and then supervising the machine learning model to be able to learn those new tactics, to then be able to effectively drive the competence of the artificial intelligence systems up.