‘Extending The Mine’: Inside Day 2 Of The Cyber Security Exchange
Add bookmark
Day 2 of IQPC’s Cyber Security Exchange in Fernandina Beach, Fla. was quite eventful – as interactive presentations informed, diagnosed and offered sound IT advice.
Needless to say, a common thread appeared to connect each event. That is: the rising strength and persistence of cyber-criminals and the sheer frequency of security-related incidents.
The day saw discussions carried out by a wide range of presenters: a CISO and vendors in cognitive technology, identity management, incident response and business continuity.
Most presenters underscored the importance of threat volume, but delivered unique takes on how specific threats affect different business functions.
The day began with a case study on strengthening security through customer programs, from SWIFT’s Deputy Chief Information Security Officer, Stefano Ciminelli.
The next timeslot was dedicated to managed security service providers (MSSP) and the associated opportunities and challenges. The session, conducted by Conagra Brands CISO Jim Kastle and the company’s Manager of Security Operations and Architecture, Don Bacon, touched on the pros and cons of outsourcing an enterprise’s cyber security functions.
One point delivered: You can outsource responsibility but you cannot outsource accountability.
In the MSSP sphere, requirements, expectations and commitment are essential; likewise MSSP demands a partnership model for success, along with visibility with metrics.
See related: Keep Your Enterprise 'Lights' On: Cyber Security Exchange Day 1 Roundup
In a keynote session, IBM Program Director Joe Carusillo, who heads security client initiatives and the security business unit, touched upon “cognitive” cyber security and ways it can enhance existing environments.
Carusillo said that the knowledge service professionals need is growing exponentially. Three related issues remain: the intelligence gap (little resources, little time), the speed gap (reducing time it takes to respond to an incident) and the accuracy gap (optimizing accuracy of alerts, limiting false positives and building staff skills).
Carusillo said that machine learning and AI can be applied to information gathering – making cyber security-related data accessible to the organization.
Cognitive technology can augment the human element of cyber security in “unstructured analysis” capabilities.
Cyber security may benefit from a tool that “can build a growing corpus of knowledge,” Carusillo said. It must also be “consumable and available quickly.”
Further, the emergence of AI is not eliminating the human element of cyber security. In fact, Carusillo said it is “extending the mine.”
This assists the incident response phase, and can reduce research time and false positives. All of it is an effort to enhance an enterprise’s risk profile.
See related: Forward Thinking: 5 Ways To Improve Your SMB Security
In a midday “brain weave” session, Demisto Chief Executive Officer and Co-Founder Slavik Markovich discussed ways to reduce incident response times from hours to minutes.
As Markovich pointed out, it is nearly impossible to handle the thousands of alerts and numerous security tools that enterprises employ. Another challenge includes a tendency for security-oriented professionals to work in a “silo.”
How can these practitioners enhance their security posture, then?
“Pretty much every step that can be automated should be automated,” Markovich said. “You want tier-one analysts to do tier-two stuff…”
Amid an incident, a security pro needs a way to “pivot to do interactive investigations.” One would benefit from a “single place to capture knowledge of a particular incident.”
So, one angle of the solution could be this “interactive investigation” ability – having access to a virtual war room and other standardized tools. The war room improves visibility and can build attack timelines.
Continuity Logic CEO Tejas Katwala leads a BCM masterclass, Dec. 5, 2017.
Following afternoon roundtable discussions, additional masterclasses were held on business continuity management (BCM) and identity management (with Optimal idM).
Tejas Katwala, CEO and co-founder of Continuity Logic, who led the BCM discussion, narrowed down his talk to integrating cyber security with wider resiliency plans.
Katwala outlined keys to success in cyber security and BCM, including having distinct protocols in place in order to combat a threat landscape whose velocity is quite rapid.
The CEO added that improving compliance posture goes beyond the “check-box exercise,” or making assumptions that resiliency plans are both in place and sturdy.
A visible, agreed-upon business continuity plan is crucial for both “upstream” and “downstream” corporate communication, Katwala said. Priorities include making your cyber security data “actionable.”
“When dealing with an actual incident and you don’t have the ability to leverage the information to use during that time...it increases the length and cost of that incident,” Katwala said.
The CEO added that a “mature” business continuity program “connects everything to everything.”
“This is very difficult because the speed of threats comes much faster than other threats to the enterprise,” Katwala later said.
Statistics relayed by Continuity Logic suggest that today’s average data breach costs $3.62 million. To reduce that, much of it relates to BCM.
One solution: table-top tests, that is, taking stakeholders through the plan they’ve built.
It took business continuity almost “two decades” to be able to “talk to” the board,” Katwala said, adding that improvements have been made for BCM and board-level involvement.
Formulated programs cannot be one-dimensional, and must be interdepartmental in order to create a sufficient “roadmap,” Katwala said.
Another factor that could streamline enterprise resiliency includes a shift from qualitative to quantitative analysis – something that may be more actionable or palatable. Further, to reach that point, the proper mindset must be adopted.
The 2017 Cyber Security Exchange is a three-day industry event organized by IQPC, held at the Omni Amelia Island Plantation Resort, Fernandina Beach, Fla.
