What a year.
That’s really the only way to put it. It was a once-in-a-generational experience to say the least.
With the global pandemic impacting every corner of the world, companies and employees made incredibly hard decisions on the pivots and adjustments they needed to make to keep people safe and, in the best of circumstances, employed.
The transition from office to remote environments was abrupt and one of the most defining moments that the cybersecurity industry and professionals faced in 2020. We wrote about the top issues CISOs were facing throughout the year but also doubled down on sharing insights about the evolution of next-generation SOCs, the failure of SIEM platforms as organizations are experiencing them today, and how self-supervised AI fits into the equation.
To put a bow on the end of our year, we thought to share again our choices for our top 5 cybersecurity insights of 2020:
Whitepaper: The Failed Promises of SIEM
While security information and event management (SIEM) vendors continue to insist their technology is sufficient to meet the dynamic challenges and exceptionally complex threatscape faced by cybersecurity teams today, their behavior in the marketplace and overall performance tells a different story.
If these platforms are as robust as vendors claim, it’s puzzling why their approach is to continually tack on “features” that enable SIEM to perform somewhat adequately as effective security tools. If SIEM is effective, why do vendors recommend upgrading to network analysis or threat detection tools?
How can a SIEM offer real-time threat detection or predictive analysis, like some vendors claim, when these platforms rely on historic data logs that are outdated as soon as they are fed into the system?
In truth, these systems are inadequate in their simple form and even when enhanced by add-ons. The answer to the issue of ineffective security solutions is not simply to increase cybersecurity spending. Surprisingly, the best solution for many organizations could be a lower overall cybersecurity investment.
Guide: How to Choose an AI-Based Cybersecurity Platform
Most cybersecurity vendors today tout some form of “Artificial Intelligence” as an underlying mechanism for the differentiation of their product among the market. But if everyone is saying they have AI, and everyone is also claiming theirs is the “best,” how can they all be telling the truth?
Many currently available cybersecurity solutions are based upon off-the-shelf technologies, loosely cobbled together, which require as much, if not more, operator intervention than the legacy systems they are meant to replace.
Those interventions do not come cheap. The overall resource cost involved with maintaining and tuning these so-called solutions can far exceed the initial installation fee.
There are several red flags organizations should keep in mind while shopping for a cybersecurity system. The list of questions in our newest guide, “How to Choose an AI-Based Cybersecurity Platform,” can help steer you away from inadequate, expensive products and toward more capable, modern AI technology.
On-Demand Webinar: The Next-Generation AI Powered SOC Platform
MixMode teamed up with 5Q Cyber to host a webinar focused on the convergence of legacy network security monitoring tools like SIEM with the advent of Network Traffic Analysis (NTA) and Network Detection and Response (NDR) tools, where there is overlap, and the next generation of cybersecurity tools needed to upgrade your SOC.
Geoff Coulehan, Head of Sales and Strategic Alliances at MixMode, co-hosted with 5Q Cyber CEO, Don Goldstein. Their discussion centered on how enterprise cybersecurity spend is higher than ever, but despite multi-million dollar cybersecurity investments into legacy systems like SIEM (Security Information and Event Management), organizations remain vulnerable to attacks.
One thing is clear: more spend does not equal more security and the next generation of cybersecurity tools will route out these inefficiencies.
During the webinar, Coulehan and Goldstein explored multiple topics including:
- The challenges with current SIEM technologies
- The overwhelming false positives problem in cybersecurity
- Legacy SIEM limitations
- How new technologies like NTA and NDR tools provide improved visibility and security posture
- NTA vs. Real-Time, Generative AI Security
- Why a generative, real-time network baseline matters in security platforms
Watch the full webinar replay here
The Case Against Using a Frankenstein Cybersecurity Platform
The cybersecurity industry has flourished over the past decade with thousands of single-point solutions developed only to address functional gaps missing in their predecessor’s solutions.
The formal recommendation from top analysts at the world largest IT and Cybersecurity firms is to use 5-6 separate platforms for threat detection in an enterprise SOC: SIEM, Log Management, NDR, NTA and SOAR.
This has been the accepted best practice. Cyber teams purchase, configure, train, and maintain multiple siloed cybersecurity platforms for threat detection and response. But is this actually necessary when you solve the functional problem with one purpose built next-generation cybersecurity platform?
The cybersecurity market has, simply put, been cobbled together.
A tangled web of non-integrated systems and alerts from siloed systems. Enterprises are now being forced to utilize a “Frankenstein” of stitched together tools to create a platform that might cover their security bases.
Just as Mary Shelley’s Frankenstein was constructed in a laboratory through ambiguous experimentation, chemistry and alchemy, never able to completely “operate” in real-world society, so are internal cybersecurity systems built by stitching together multiple independent tools with reactive, feature-specific rules and algorithms that when operating in a rapidly changing environment require constant oversight and maintenance to actually perform their threat detection duties.
There may be an explanation for this: traditional software development (and the data analysis and machine learning behind it), has been a reactive process. Customers ask for new features, user experiences become glossier over time, and data insights drive feature updates.
But cybersecurity platforms are different in one simple but very important way: they must be proactive in their defensive capabilities against unknown, never-before-seen attacks. Therefore they cannot be maintained by a traditional reactive process.
What is Predictive AI and How is it Being Used in Cybersecurity?
The predictive AI field of machine learning collects, analyzes, and tests data to predict future possibilities. AI’s neurological network is patterned on the human brain. But AI works on a scale that goes far beyond what is humanly possible. The top uses for predictive AI technologies to protect sensitive data and systems are in network detection and response (NDR), threat detection, and cybercrime prevention.
As the COVID-19 pandemic increases the world’s digital dependency, businesses become more vulnerable to cyberattacks attempted every 39 seconds. Cyberattacks, data theft, and data fraud are among the top five global risks in the next 10 years.
Odds favor hackers. Worldwide network traffic growth makes data more widely accessible. Security teams must find and protect every possible weak point in massive systems. But hackers only need to find one vulnerability to breach a network.
Skilled worker shortage. A global shortage of over 40 million IT security workers makes it hard for businesses to stop the unending flow of cyberattacks. The exponentially greater power of predictive AI solves this problem.
MixMode Articles You Might Like:
Russian Hack of U.S. Federal Agencies Shine Spotlight on SIEM Failures in Cybersecurity
Techiexpert: How Predictive AI Protects Against Ransomware, GANs and More
Featured Use Case: Why a Large Government Entity Replaced Their SIEM with MixMode