In this article for Dark Reading, Force 3 software practice director Charles Fullwood examines why security teams needs to take a cognitive approach to the increasing volumes of data flowing from sources they don’t control.

Every day, IT security teams are inundated with data — security events, network flows, configuration information, and so on — which then must be collected and analyzed for potential vulnerabilities. Your team probably has a solid, established approach or even a documented strategy for doing this. If so, great. But is that enough?

The data collected by most security tools, such as firewalls and antivirus software, is structured — that is, organized in an easily searchable, relational database. Structured data, however, amounts to only a small portion of a larger, more complicated puzzle. It’s the remaining unstructured data that security teams struggle most to collect, analyze, and act upon — and the amount of unstructured data only continues to increase.

Think of how much security data flows from sources you don’t control, including the massive swaths of unstructured data living on the Deep Web — from blogs, forums, or bookmarking sites. This unorganized, often text-heavy data accounts for a majority of the Internet’s data. IDG believes unstructured data is growing at the rate of 62% per year, and that by 2022, 93% of all data will be unstructured. How can IT teams keep pace? The answer could lie in cognitive security — the use of big data platforms, data mining, AI, and machine learning to analyze raw data whether structured and unstructured.

But first, let’s examine the problem.

Why It Matters
Understanding the magnitude of this issue requires examining the foundation of current security measures. Traditional security focuses on mitigating external threats — perimeter defenses to ward off the bad guys. As such, we often focus our security strategies on firewalls, antivirus software, and secure passwords.

Security innovation has almost always had this perimeter philosophy at its core. However, a myopic focus on perimeter protection severely limits the overall security strategy, potentially rendering it ineffective without complementary, proactive measures in place.

Consider the average IT organization’s reaction to the hundreds of thousands of daily security events. The process for today’s security teams involves analyzing data from antivirus software and firewalls, and then correlating that data to create a story, which in turn helps inform a solution.

In the process, security professionals are left with mountains of events to manually analyze and execute. Meanwhile, when they’re busy responding to old threats, new threats continue to arise undetected. Consequently, the entire team finds itself fighting fires instead of solving or preventing problems. That doesn’t leave much bandwidth for data aggregation and analysis.

Unstructured, Untold, Unknown
Next, let’s think about how we, as IT professionals, share and consume security information, particularly during a major crisis. The current norm for security professionals is to update websites and social channels to explain how they’ve addressed a particular security issue and simply hope it reaches all relevant and necessary parties. Take, for example, this year’s WannaCry attack.

The first real solution offered to organizations affected by WannaCry was explained via Twitter, by a user known as MalwareTech. Although certainly helpful, social is by no means a perfect means of circulating widely sought, urgent information to security teams around the world. Merely posting online assumes that in the middle of a major crisis, frantically busy security professionals are manually scouring the Internet for the information you’re providing — something few people have time for in calmer times, let alone when the proverbial sky is falling.

Information sharing is critical to IT security — not only within individual organizations, but in the security industry as a whole. We rely on one another to share information about new and known threats, and often benefit from each other’s knowledge and experience. Unfortunately, the majority of information generated and shared by security professionals about breaches, threats, malware, etc., is unstructured, and thus much more difficult to unearth and apply in real time, particularly during critical security events that require immediate action.

How much time is lost and how much damage done, simply because we lack access to or awareness of viable solutions provided by our industry peers? Or because we lack a strategy for gathering and analyzing the flood of unstructured data at our disposal? This is where cognitive security offers vital, immediate benefits.

Welcome to the Cognitive World
A cognitive approach uses AI, data mining, and machine learning technologies to parse through thousands of security feeds and data sources — including the low-key, often invisible world of white- (and black-) hat bloggers and discussion forums — to aggregate and analyze unstructured and structured security data. Meanwhile, a security professional works to perform predictive data analysis, ultimately training the system on best practices, organizational policies, and more.

Over time, the system begins to learn on its own, including how to prioritize events and recommend responses. While cognitive security cannot replace existing security tools — antivirus software, for instance, or intrusion prevention systems — the data generated can be plugged into traditional perimeter defenses. As a result, IT pros gain a better understanding of their data’s meaning and how to convert insights into action.

Beyond the Perimeter
Unstructured data will only continue to proliferate. It’s time to get ahead of it so that security teams can better locate analyze and respond to threats. That requires thinking beyond the perimeter and embracing security technologies that will bolster traditional defenses and provide a more proactive, intelligent security strategy.


This article first appeared online at www.darkreading.com, a publication of Information Week.


 

Related Blog Posts

See All Blogs

GCN: Protecting Critical Internet Infrastructure From IoT Device Risks

As the infiltration of internet-connected devices into nearly every aspect of daily life continues to expand, so do the vulnerabilities and security risks they create for their operational networks. That includes the devices and networks used by federal agencies that…

Federal Times: Ignore the Workforce at Your IT Modernization Peril

Federal agencies are currently faced with the daunting task of modernizing billions of dollars’ worth of outdated technology. On the path to IT modernization success, the investment in technology represents only half the battle though — agencies also need to…

WBJ: Here’s What it Takes for a Mid-Tier Maryland Contractor to Compete in Evolving Federal IT Marketplace

More than three-fourths of federal government agencies — about 77 percent, according to a Government Accountability Office report — will not meet their planned technology modernization goals by the end of the year. Our CEO, Mike Greaney, recently sat down…

The Rally Call for Digital Transformation Is Here: Are You Ready for the Journey?

Today, digital transformation has become the rallying cry for government organizations aiming to innovate and improve operations. The promise of digital transformation is profound: faster and more informed decision-making, improved customer insights, greater cost savings, more reliable products and services,…

3 Tactics to Avoid Insider Threats Posed by Third-Party Contractors

"The balance between too much security and too little is delicate. Overzealous access policies can bring efficiency and productivity to a screeching halt. But an overly lax approach can expose sensitive data to people who don’t need it and shouldn’t…

Improving Insider Threat Detection with Security Integration

With cyber-attacks like Nyetya and WannaCry dominating headlines over the last several months, you’d think malware would top the list of security pro’s biggest concerns. But you’d be wrong, according to the SANS Institute’s 2017 annual data security survey. While…

Expect security, cloud spending in 2018 Federal IT Budget

In recent interviews with TechTarget, industry leaders--including Force 3's Greg Kushto--cited an uptick in federal IT procurement activity during the government's fiscal fourth quarter and expected FY 2018 to feature security and cloud investments. IT solution providers planning to pursue…

NextGov: How to Unleash Federal IT Workers as Changemakers

Written by Force 3's vice president of client solutions Jason Parry, this article was originally published at www.NextGov.com. The public-sector workforce has always been plagued by stereotypes. To the layman, “government job” calls to mind images of a middle-aged bureaucrat,…

SearchITChannel: New tech, old virtues keep server virtualization going

"Server virtualization is well past the peak of the technology adoption curve, but SMB customers, open source technology and hybrid clouds keep demand going." —John Moore, SearchITChannel Server virtualization platforms have been around for ages and would seem to be old…

FedTech: How to Make the Most of the Federal Hiring Freeze

Although the freeze may constrain resources, it is also an opportunity to conduct an IT inventory, invest in training and prioritize projects. In this article for FedTech, writer Phil Goldstein addresses how federal agencies are handling the recently announced federal…

3 Opportunities for IT Teams Dealing With Federal Hiring Freeze

With a federal hiring freeze ordered across the board for federal agencies, government organizations find themselves rethinking operations—including IT. It’s a tough reality for federal IT teams, with civilian agencies seeing the deepest impact. The order heavily affects IT professionals,…

DevOps: An Evolving Approach for Evolving IT Teams

By promoting collaboration and better communication, DevOps practices can help IT teams raise their profile and generate better outcomes for their organization. And here's how: Imagine you’re an architect tasked with designing a massive mixed-used building in Washington D.C. It’s…

Federal Times: Contractors Can Help With Feds’ Security Fears

In a single, average day, the Department of Defense alone experiences an estimated 100,000 cyberattacks. Meanwhile, with accusations of Russian election hacking dominating our national dialogue and new breaches constantly being reported, federal agencies have developed a real and justifiable fear:…

Promoting a Workplace Cybersecurity Culture

Cybersecurity awareness ranks high on the federal government’s agenda and rightly so. Data breaches at federal agencies affect not only the entity in question, but potentially countless U.S. citizens whose private information it might possess. Earlier this year, a hack…

Federal Times: 4 Ways Contractors Can Help Alleviate Feds’ Security Fears

In a single, average day, the Department of Defense alone experiences an estimated 100,000 cyberattacks. Meanwhile, with accusations of Russian election hacking dominating our national dialogue and new breaches constantly being reported, federal agencies have developed a real and justifiable fear:…

Channel technology trends 2017: Cloud, cybersecurity & automation

Channel partners can expect to see plenty of activity next year in cloud computing, multi-cloud in particular, as well as cybersecurity and IT automation. When it comes to channel technology trends, 2017 seems likely to showcase some familiar developments —…

An Ounce Of Prevention Is Worth A Pound Of Reaction

Imagine you’re at a seafood restaurant. One look at the menu, and you know exactly what you want: lobster. Your food arrives, you clean your plate, and then proceed to pull out your EpiPen because you also happen to have…

How to improve government services delivery

It’s a truth as inherently American as NASCAR and as inscrutable as pop music: When it comes to providing citizen services, the government can be technologically challenged.In a recent interview with Wired magazine, even President Barack Obama acknowledged the government’s…

Full speed: Cisco Partner Summit sets the tone for the future

Full speed: The theme from last month’s Cisco Partner Summit speaks volumes about the company’s vision—not to mention it’s understanding and embrace of how quickly our industry is evolving. Most of all, it gives Cisco’s partners in the security and…

Transitioning from the server room to the board room

How can IT professionals balance business goals and information security?For years, businesses and their IT operations experienced a strained symbiosis — each needing the other to thrive, but frequently at odds in matters of prioritization, budgeting, and resources.Fast-forward to the…

If Target or Sony can be a target for cyber criminals, so can you

When hackers breached Sony or Target or the IRS or the U.S. Office of Personnel Management, you probably heard about it.Without fail, data breaches at major organizations always rank high in the news, particularly because so many citizens are often…

Cybersecurity, the election & the conversation we’re not having–but should

Putting aside political discord or controversies (and certainly this year has offered plenty of both), the 2016 election has made history—not to mention provided a major sense of validation—for those of us working in the information security realm.89hsxnWNever before can…

Protecting critical IT infrastructure in the federal realm

For nearly every federal agency, critical IT infrastructure plays a pivotal role. From tax and social security information to connecting military personnel around the world, federal agencies’ networks contain some of the most sensitive, confidential data and are constant targets…

IoT: Mitigating the risks of the revolution

In 2015, the U.S. government increased its spending on the Internet of Things (IoT) by 20 percent—nearly $9 billion—according to a report released last year. It’s a great step forward as the federal space increasingly looks to IoT to increase…

Ransomware infections: Channel toils to defend besieged customers

As ransomware attacks continue to proliferate and escalate, organizations increasingly turn to channel partners to help defend against potential infections. In some cases, companies find themselves reconsidering their IT security posture, Force 3 senior technical consultant Chris Crider tells TechTarget's…

Preparing for and combatting 21st century cyber threats

A report released earlier this year suggests that cybercrime costs consumers and companies between $375 and $575 billion annually. Despite billions of dollars spent fighting it every year, cybercrime continues to rise with another report estimating 200-percent growth in just…

How to Spend It: The Federal Budget Edition

Last year, after five years of decreasing budgets, federal IT departments finally began seeing an influx of funds. Now, with a new budget year on the horizon, they need to decide how to spend it. Of course, with an ever-growing…

Cybersecurity must-haves: What every federal agency needs to stay protected

For federal agencies, the crux of an effective cyber security strategy is both obvious and challenging: a valid, enforceable security policy. But what does that kind of strategy look like, and how do you achieve it? A meaningful, successful security…

IBM & Cisco: A data-driven partnership made for IoT

In a time when smart phones and the cloud have achieved ubiquity, most of us take internet connectivity for granted. Yet for many organizations, connectivity remains as problematic as it is critical, particularly in today’s data-driven tech climate. Consider, for…

IT hardware sales endure as channel partner business

For years, channel partners avoided focusing on IT hardware sales because it’s a low-margin, commoditized business. But industry executives say hardware remains a key part of channel partner business, even as services sales generate a rising monthly recurring revenue. In this article…

How can we help your agency achieve its mission?

Maximize your IT investments. Learn more about solutions and services from Force 3.