Blog article
See all stories »

Bringing foresight to bear on security performance

Much is made of the ability of Artificial Intelligence to improve business performance in many different ways and places in organisations.  Financial Services as a sector is no stranger to these claims but remains some way off realising the full business benefit which the technology promises.

One area of very high potential benefit which appears only now to be coming into focus is to improve security performance across the organisation by creating and applying foresight to digital risks, particularly cyber risks.

It appears that the key attributes of technologies most able to shift an organisation’s security performance from reaction to prevention are augmented intelligence and, as a result, prescription

Augmented intelligence, created by combining artificially intelligent tools and techniques, enables more data sources in widely differing formats to be ingested and applied through machine learning to identify and expose otherwise hidden relationships in data sets.

The nature of these relationships, once identified, is tested and refined through the operation of supervised and unsupervised learning models, enabling expert cyber security specialists to receive, interpret and act quickly to neutralise more threats to data security than would have been possible without the augmented intelligence. 

This looked interesting to me, but not without its challenges to today’s security systems and operations.  I wanted to understand how augmented intelligence related to prescriptive actions in a security context.  Here’s what I learned.  

Prescription, the semi- or completely autonomous machine decision to act to neutralise a threat immediately, or subject to further controls, is a step which can therefore follow the receipt of newly identified threats to data.  The degree of freedom to act granted to the machine remains firmly under the control and management of the organisation. 

These two attributes are encapsulated in the term Prescriptive Security.

So, what is Prescriptive Security in practical terms?

Prescriptive Security is a state towards which forward-looking financial services organisations will  work to achieve a step-change in data security performance.

To the familiar attributes of Security Incident and Event Management (SIEM) services - firewalls, malware protection, mail and web gateways, logs, audits, events and alerts –  Prescriptive Security adds four new, broad dimensions:

  • Enhanced analytics
  • Artificial intelligence
  • Enhanced threat intelligence
  • Security orchestration, automation and response.

Enhanced analytics combines the ability to ingest and analyse multiple massive and heterogenous data sets on an Advanced Analytics Platform, including the analysis of user behaviours to identify and distinguish genuinely threatening attributes from apparently threatening, but innocent attributes.

Artificial intelligence directs computing power to mimic human intelligence to carry out deductive and interpretive tasks through a range of technologies and techniques including machine learning, which uses algorithms to analyse and draw deeper inferences from data to enable it to make a decision or prediction about something. 

Machine learning includes Deep Learning which uses neural networks and very large data sets to train the system progressively to improve the accuracy and utility of its results.

Enhanced threat intelligence extends and integrates the range of internal and external sources of threat information including semi- and unstructured data sets.  Enabled both by artificial intelligence and advanced analytics, enhanced threat intelligence is made available to the network of security systems either as a starting point for a machine-led investigation or as corroborative data during one.

These services are coordinated and directed by a Security Orchestration, Automation and Response platform, a single, comprehensive incident response engine which can deliver major - and accelerating - improvements to security performance over time.

Central banks have now started to turn their banks towards creating and acting with security foresight, rather than hindsight.  They’re doing it for a reason.

I hope the industry is listening.

 

5608

Comments: (0)