By Stephen Roostan, VP EMEA at Kenna Security
Today’s cybersecurity teams are faced with an unprecedented number of decisions on a daily basis. To keep the enterprise and its data secure, they need to prioritise which vulnerabilities to fix first. No easy task when up to 18,000 new vulnerabilities are identified each year, adding to the millions already documented.
Little wonder that security and IT teams are regularly at loggerheads over what’s most important to patch? Is it the Zerologon vulnerability that compromises Microsoft’s NetLogon protocol, or or the 10-year old Baron Samedit bug that impacts the Linux ecosystem? That’s a difficult question for many organisations to answer.
This is why a growing number of organisations are turning to data science to enable more effective security decisions – decisions which also optimise the best use of available manpower and defence resources. However, while taking a data-driven approach to decision-making proves a game-changer where cybersecurity is concerned, the problem is that most security practitioners aren’t data scientists.
So simply throwing a mass of data at these teams isn’t going to help them to act any more effectively or empower them to make better, smarter decisions.
The problem with data and cybersecurity
Most enterprise security teams are already drowning in a sea of sensor and scanner data that needs to be manually correlated, analysed, and interpreted. No easy task when you take into account the growing volumes of vulnerability data and the increasing complexity of today’s enterprise IT environments.
For security teams, getting their heads around all this data to gain appropriate and actionable insights is almost impossible. Typically, analysts spend huge amounts of time producing Excel- spreadsheets for remediation teams which contain thousands of so-called ‘critical’ vulnerabilities. Not only is the list long, it provides little indication of where they should begin their efforts.
All this highlights some of the practical realities of dealing with large data sets. Ultimately, making the right business decision is dependent on the quality of data gathered, how quickly it can be aggregated, and the effectiveness of its analysis and interpretation. Without a quantitative understanding of their own organisation’s individual risk, IT and security teams will be unable to confidently identify and prioritise which vulnerabilities pose the biggest threat to their enterprise.
Turning data into value-add and actionable insights
To address the data overload, security teams are adopting advances in machine learning and automation that eliminate the time and effort involved in cleaning and correlating data for routine analysis. Freed from these onerous tasks, security teams are now able to share intelligence they have gathered on the most high-risk vulnerabilities to their colleagues in IT and DevOps, so they’ll understand what to fix, how to fix it and why it’s a priority.
This isn’t the only change on the horizon. Security teams are also finding new ways to harness threat intelligence in real-time. This includes using predictive modelling solutions, featuring supervised machine learning algorithms, that can analyse a vulnerability the moment it is published and determine the likelihood of it being exploited in their environment.
Combined, these capabilities make it possible for security teams to evolve beyond proactive cyber risk management to embark on a predictive approach that will be vital for countering today’s fast-moving threat landscape.
Executing data-driven decisions that deliver true risk reduction
When organisations consume these automation and machine intelligence capabilities via a centralised risk management platform that features standardised, granular risk scoring across their infrastructure, everyone is able to work more efficiently and cohesively when it comes to managing remediation programs.
As well as being able to more efficiently and confidently orchestrate risk management efforts, security teams will gain a universally trusted language and metrics for communicating overall risk levels to management. Meanwhile, remediation teams are now able to visualise and understand which threats need to be addressed at their own group level and how to fix them. Plus, they are able to see how their efforts will reduce their own team’s risk exposure.
Prioritisation to prediction
Vulnerability scoring systems have been around for a long time but increasingly executive teams are discovering how these new systems, which combine cloud security, risk-based intelligence and prioritisation reduce the pressure on security and IT teams while boosting their capability to drive down risk. More are making the leap from prioritisation to prediction to gain greater certainty about the probability of a specific exploit impacting their environment. With everyone singing from the same hymn sheet, resources can be appropriately allocated, and vulnerability management efforts focused with pinpoint accuracy on the risks that really matter.