The story of the last decade is one of data. In 2010, the world collectively generated two zettabytes of data. In 2018, that number jumped to 33 zettabytes of data. By the end of 2019, the world will have generated, in the space of 12 months, an estimated 41 zettabytes of data. By 2025, that number will grow to 175 zettabytes generated in a single year.
Out of opportunity and necessity, this data has given rise to an entire field dedicated to mining and leveraging it for business insight and acceleration. Solutions aimed at marketing, finance, operations, and of course, IT and security, have proliferated alongside the data itself. The evolution of those technologies itself tells a story about how the world views data, and what lies ahead for the next decade.
It started with analytics. Analysis tools promised to mine burgeoning data sets for insight. As the data grew, technologies increasingly incorporated machine learning to bring greater scale to the task of transforming data into knowledge. The next frontier is automation, putting data to work to scale human capacity.
In 2019, one of the hottest topics in automation was around it’s potential for security operations – and it’s no wonder. SecOps teams are fighting a losing battle against an increasingly powerful enemy.
According to Cybersecurity Ventures, global damages from cybercrime are expected to exceed $6 trillion by 2021 – more than the global trade of all major illegal drugs combined. That’s double the $3 trillion in damages reported worldwide in 2015.
At the same time, the cybersecurity skills shortage already strains enterprise resources. According to ESG Research’s Jon Oltsik, 53 percent of organizations report “a problematic shortage of cybersecurity skills.”
For security, response automation promises to serve as a critical first line of defense, quarantining potentially affected systems before threats have a chance to spread further on the network. In 2019, many cybersecurity companies actively started to promise advanced response automation capabilities supported by AI, but it’s not that straightforward.
A Well-Oiled Machine
Peter Sondergaard, a senior vice president at Gartner, once wrote: “Information is the oil of the 21st century, and analytics is the combustion engine.” Just like real oil and actual combustion engines, the quality and purity of the oil matters when it comes to the performance of the engine. It matters a lot.
Nowhere is this more obvious than in response automation. Responses are automated based on data, and if data quality is poor or incomplete, the response may not have the desired effect. Low quality oil results in low quality performance. This is particularly true in the realm of security. Traditional threat detection methods often result in thousands, if not tens of thousands, of daily alerts, only a fraction of which can be investigated and many of which are false. Automating response based on these alerts is – at best – a blunt instrument, taking down systems and quarantining applications that may not be compromised – and degrading performance and user experience in the process.
For this reason, response automation increasingly involves technologies that rely on machine learning (ML) to produce higher-fidelity alerts. ML is adaptive, refining itself as it learns an environment to surface only truly anomalous behavior. As many organizations have learned in recent years, just like automation itself, ML is only as smart as the data from which it has to learn.
For this reason, in 2019 many organizations started to look at reframing their security strategy around data. 2019 was the year that Gartner introduced the concept of the SOC Visibility Triad, which recommends building a security strategy around SIEM, Endpoint Detection and Response (EDR), and Network Detection and Response (NDR) – technologies which leverage three key data sources: logs, agents, and the network.
As we’ve learned, visibility is only a part of the equation. In 2020, the focus will be on how that visibility can be transformed into action, and no data source is better suited to response automation than network data.
Network data is objective, observed, and complete, encompassing every communication between every device and application wherever they exist – whether in the data center, the cloud, or the branch location. Applying sophisticated ML to this data set produces reliable detections – the kind on which response can be automated with precision.
Building Your 2020 Response Strategy: Robust Automation Through Integration
Security and IT leaders today don’t lack for choice when it comes to security solutions. Even as security expertise and skill has struggled to meet demand, security technology companies have proliferated, promising the magic bullet that will detect any threat – promises that rarely deliver. Now, more and more of these companies promise a soup-to-nuts security platform that can detect threats and automate response.
One problem with this approach is that most organizations today already have response automation solutions in place. From solutions like IT Operations Management (example: ServiceNow), to cloud provider tools like AWS Quarantine, there is already a whole category built around response.
Adding yet another response automation tool exacerbates the problem of sprawl. It also ignores the opportunity to integrate multiple data sets to inform response actions within these automation platforms, and approach that promises to improve the accuracy and efficacy of response.
In 2020, security and IT leaders should focus less on whether the tool itself automates response, and more on whether it integrates with existing best-of-breed response automation solutions already deployed within the organization.
The Age of Automation Dawns
As we close out 2019, and with it, the decade, it’s clear that the next ten years will be about transforming “actionable information” into actual action. With threats proliferating, automation will play a pivotal role in that action, scaling not only human knowledge but human capacity.
For security and IT leaders, the key to success is combining best of breed response automation tools with the high-quality data that can reduce the overall risks to their organizations.