In this Help Net Security interview, Mick Baccio, staff security strategist at Splunk SURGe, talks about the future of cybersecurity and highlights the importance of data analytics and automation in dealing with evolving threats.
He points to changes in threat tactics, the importance of automation to reduce human error, challenges in implementing data analytics, and envisions a future where AI assistants transform cybersecurity operations.
How have cybersecurity threats evolved in recent years, and what role do data analytics and automation play in addressing these evolving threats?
Cybersecurity threats have undergone a significant evolution in recent years, featuring more sophisticated tactics from mature attackers and fewer artifacts to analyze. The old metaphor of “looking for a needle in a haystack” (representing the detection of malicious activity) is now more like “he looks for a needle in a haystack.”
This change requires establishing additional context around suspicious events to effectively distinguish between legitimate and illegal activities. Automation has emerged as a critical element in providing this context enhancement, ensuring that analysts can identify relevant context within the rapidly expanding landscape of modern enterprises.
The cyber threat landscape continues to evolve, and recent high-profile data breaches (such as MoveIT, accelion, and goanywhere) highlight the magnitude of that change. To address these challenges, data analytics and automation play a critical role in detecting lateral movement, privilege escalation, and leaks, especially when threat actors exploit zero-day vulnerabilities to infiltrate your environment.
Moreover, the introduction of AI and LLM is revolutionizing the field of cybersecurity. Attackers are leveraging his AI and LLM to enhance the speed and effectiveness of their attacks, such as using tools like GenAI to create more convincing phishing emails. To effectively counter these evolving tactics, network defenders must embrace automation to stay ahead of the dynamic threat landscape and protect against advanced cyber threats.
How can automation reduce the risks associated with human error in cybersecurity?
Automation serves as a valuable asset in mitigating the risks associated with human error in cybersecurity. Because humans are inherently more error-prone than robots, a strategic approach involves identifying areas where analyst misclassification is costly or likely to occur. By pinpointing these weak points, automation can be effectively employed to replace tasks where cognitive biases and decision fatigue can lead to errors.
For example, automate complex multi-step incident response workflows such as isolating hosts, blocking indicators, and searching for additional compromised assets to minimize the chance of costly oversights or missed steps. I can. This targeted application of automation aims to improve the accuracy and efficiency of cybersecurity processes.
It’s important to recognize that automation is most effective when used as a tool to enhance human workflow, rather than completely replacing tasks and responsibilities. To combat decision fatigue and bias, automation becomes a helping force, allowing security analysts to work seamlessly with automated tools. This collaborative approach simultaneously accelerates and scales operations and reduces the potential for human error. In this way, automation becomes an essential ally in strengthening cybersecurity resilience.
What are the most prominent challenges organizations face when implementing data analytics into their cybersecurity protocols?
Implementing data analytics into cybersecurity protocols presents several notable challenges for organizations. One of the key challenges is the dilemma of effectively prioritizing threats. Organizations are grappling with the question of which threats to prioritize among a vast array of potential risks. This decision-making process involves determining the importance of different threats and allocating resources accordingly.
Another key challenge involves handling the large amount of security detection content available both in products and in open source repositories. Organizations must navigate this wealth of information to identify effective security measures related to their specific cybersecurity needs.
Allocating analyst resources across disciplines poses yet another challenge. Determining how to efficiently distribute and leverage the expertise of cybersecurity analysts is an important consideration. Organizations must balance resource allocation to effectively address various aspects of cybersecurity.
Additionally, organizations face challenges in scoping and quantifying, especially with respect to frameworks such as MITER ATT&CK TTP (Tactics, Techniques, Procedures). Understanding the scope of coverage and ensuring comprehensive protection against potential threats within such a framework requires careful assessment and strategic planning.
Additionally, fine-tuning data analysis over time presents challenges involving trial and error. Learning and perfecting techniques such as prioritizing data, leveraging tools to get the best insights through queries and dashboards, and refining analytical processes requires a significant investment of time and effort. This iterative process is essential to increasing the effectiveness of data analysis as organizations strengthen their cybersecurity protocols.
How do you envision the future of cybersecurity with advances in data analytics and automation technology?
Imagining the future of cybersecurity in light of advancing data analytics and automation technologies reveals a transformative outlook. In the short term, the integration of AI assistants could revolutionize the way analysts explore and interpret data. These AI tools serve as invaluable aids that streamline the analysis process and improve the efficiency of cybersecurity operations.
Looking further ahead, we can expect further changes as AI assistants evolve to triage and investigate alerts on their own. Analysts may transition into roles that primarily focus on final classification decisions and remediation actions.
What advice would you give to cybersecurity professionals who want to strengthen their data analysis and automation skills?
Steal Ted Lasso’s line, “Be curious.” I’ve spent my career in this field, and I think that curiosity has led me to success. experiment. Much of cybersecurity is “learn by doing,” and with the exponential growth in technology, technical curiosity is driving not only advances in cybersecurity, but also solutions that improve the security posture of organizations around the world. It will lead to
