Piers Wilson has worked in the security industry for 20 years. After being part of the senior team leading the cyber security practice at PwC, he is currently Head of Product Management at Huntsman Security.
Huntsman® is a defence-grade cyber security platform which includes threat detection, security analytics and incident resolution. The technology is deployed in central government, finance and infrastructure environments in the UK, Japan and Australia.
At Huntsman, Piers is responsible for keeping the technology at the forefront of the threat detection and security intelligence market.
Piers’ work in security has spanned many sectors, including finance, government, healthcare, transportation, manufacturing, utilities, construction, telecommunications and technology.
Writing for AI Business, Piers called upon his wealth of experience to address an important question for the future of cyber security:
Building an Intelligence-Driven Security Operations Centre (SOC): Can Artificial Intelligence fix the Security Skills Shortage?
The global skills shortage of industry-ready cyber security professionals is predicted to rise to 1.5 million by 2020, and there is no immediate solution in sight. Contemporary developments in artificial intelligence, however, could hold the answer. Machine-based learning has been successfully deployed in a number of phases of the NIST (National Institute of Standards and Technology) Incident Management Process. It is one way that security teams have to successfully address the mismatch between vast volumes of threat intelligence to be interrogated and the ongoing reliance on manual analyst processing for timely threat responses.
Over the past five years, the amount of threat intelligence pouring into security operations centres has grown to overwhelming proportions. Dealing with the increasing number of alerts every shift can be exceedingly frustrating for SOC analysts as they all too often chase ghosts that turn out to be nothing but white noise. The lack of adequate security professionals exacerbates the issue, leaving SOC managers with outstanding threats and overworked analysts. Clearly, without an answer, more threats will slip through the net. This will reduce trust in the services provided by the security industry and irreversibly undermine analysts’ confidence in their tools of trade. The time delay between threat infection and resolution can be months, during which time, the enterprise remains at risk. Something needs to be done and fast. The answer can’t be to hire more staff – so technology needs to get smarter. AI can provide part of the answer businesses are looking for to help build better threat detection and response. Automation can help too, by integrating the multiple security processes necessary to deliver the actionable intelligence for analysts to accurately respond to the threats that matter much more quickly.
At last year’s Neural Information Processing Systems conference in Montreal, scientists hailed 2015 as a breakthrough year for AI. Advancements in cloud computing made the astronomical processing and storage requirements needed for AI research much more affordable. Readily available datasets and inexpensive development tools accelerated growth in what was once a very niche branch of computer science. One of the primary areas of AI research has been to teach computer systems to collect and learn from datasets and then, with clever algorithms, make decisions about that data. Alerting analysts to hidden threats adds serious value to the process; so too does detecting unusual behaviour of a system or its users. Being able to do so at high speed is even more powerful. The massive volumes of data collected from networks, appliances and applications across an enterprise, as part of security monitoring, provides a perfect operating environment for AI engines.
Recent developments in automating the Threat Verification stage of the NIST Incident Management process eliminates false positives, ensuring faster and more accurate threat detection and response. This unique combination of contemporary AI and machine learning augments traditional SIEM capabilities to allow supervision of the entire threat management workflow, delivering timely actionable intelligence to analysts and even providing safe automated threat response, at scale. This means that analysts have complete oversight of the system and are able to develop a trust in the technology as an extension of their decision making and response processes. By taking the repetitive tasks out of the analysts’ day, filtering out the noise and automatically remediating the primary threats, a significant proportion of the drudgery is removed. As the technology becomes that trusted partner, the overall service provided by the SOC becomes faster and more reliable with analysts being able to make massive efficiency gains through a seamless process that integrates high speed machine processing and human insight.
In a recent press release, Gartner identified the top 10 technologies that will influence the information security industry in 2016. The release states that “to meet the challenges of the new detection and response paradigm, an intelligence-driven SOC also needs to move beyond traditional defences, with an adaptive architecture and context-aware components.”
By eliminating the time wasted with false alerts and hastening the investigation and resolution process Automated Threat Verification (ATV) enables the security team to provide better, more reliable service to their customers, keep their analysts happy, focus on high-value activities, while reducing the need to hire more staff. Using machine-based learning and automation redesigns the NIST Incident Management Process to dramatically simplify SOC processes, streamline workflows, increase operational efficiency and slash the time-at-risk from cyber threats.
About Huntsman Security
Huntsman Security pioneered intelligent enterprise and cyber security with its landmark platform, Huntsman® Enterprise SIEM, incorporating Behaviour Anomaly Detection (BAD). The Huntsman Analyst Portal™ adds a whole new level of intelligence to automated incident response and the threat resolution process. Huntsman patented key aspects of BAD to detect anomalies in real time and so provides early warning of cyber threats, data leakage, malware and fraud. Huntsman® is a defence-grade cyber security platform which includes threat detection, security analytics and incident resolution. Huntsman is deployed in central government, finance and infrastructure environments in the UK, Japan and Australia. For more information, see www.huntsmansecurity.com.
At The AI Summit in San Francisco on 28-29 September, CxOs from the world’s leading enterprises will gather with the most exciting AI developers to explore the huge opportunity that AI presents the cyber security industry. To find out more, and to join us at the Fort Mason Center in September, visit: theaisummit.com
Logo credit: https://www.huntsmansecurity.com/