Using an AI-powered analytics platform, IT organizations can shift from a reactive approach to security breaches, to proactively identifying increasingly sophisticated threat vectors and quickly resolving exploitable vulnerabilities.
Etude PwC/CIO/CSO sur la sécurité de l'information (2014)
http://bit.ly/Cybersecurite-sept14
Etude mondiale de PwC, CIO et CSO réalisée en ligne du 27 mars 2014 au 25 mai 2014. Les résultats présentés ici sont fondés sur les réponses de plus de 9700 CEO, CFO, CIO, RSSI, les OSC, les vice-présidents et des directeurs de l'information et des pratiques de sécurité de plus de 154 pays.
35 % des répondants sont d'Amérique du Nord, 34 % d'Europe, 14 % d'Asie-Pacifique, 13 % en Amérique du Sud, et 4 % du Moyen-Orient et d’Afrique.
The document discusses e-business and online security. It defines key terms and reviews literature finding that lack of trust and privacy concerns are major barriers to e-commerce. The literature review finds that online security risks come from state-sponsored cyber warfare, criminal hacking, identity theft and more. It concludes that current security levels are inadequate given growing threats and calls for more strategic priority and action on online security issues.
A STUDY ON CYBER SECURITY AND ITS RISKS K. Jenifer
Cyber security is a basic term used nowadays by each and everyone in the world. It is appropriate to know about cyber security as everything became digitized in our day-today life, because digital world is the place where cyber crimes emerge. Securing the information has become one of the biggest challenges in the present day. Various measures are taken in order to prevent these cyber crimes, though cyber security is still a very big concern. In this paper I have made a study on cyber security, how far cyber crimes are increasing and what are the threats we should be aware of.
This document evaluates nine leading digital risk monitoring vendors: ZeroFox, Proofpoint, RiskIQ, Digital Shadows, DigitalStakeout, LookingGlass, Crisp Thinking, and ListenLogic. It assesses their capabilities for continuously monitoring digital channels like social media, mobile apps, and websites to detect risks like brand hijacking, cyber threats, and physical risks to personnel. Vendors are evaluated based on their current offerings, strategies, and market presence. The document finds that ZeroFox, Proofpoint, RiskIQ and Digital Shadows currently lead in capabilities, while others offer competitive options or lag behind. It aims to help security and risk professionals select the right solution.
An Analytical Study on Attacks and Threats in Cyber Security and its Evolving...
In today’s dynamic and technologically advanced world, the Internet has become one of the most innovative and rapidly growing technologies. With its rise, it has also become vulnerable to a significant increase in occurrences of cyber attacks, with detrimental effects. Typically, these cyber attacks are targeted at accessing, manipulating, or damaging confidential data, extracting users money, or extorting an organization’s or user’s private information. Sensitive information, whether intellectual property, financial data, confidential information, or other forms of private data are exposed to unauthorized access or disclosure, which can have adverse consequences. Protecting data has become one of the greatest obstacles today as cyber attacks are constantly escalating. Along with the growth of internet services and the advancement of information technology, the importance of cybersecurity is crucial. Cybersecurity aims to ensure that the security interests of the company and users assets are protected and preserved against relevant cyber threats in the digital world. The data and confidentiality of computing assets pertaining to the network of an organization are protected by cybersecurity. This paper mainly focuses on threats and issues in cybersecurity facing modern technologies. It also focuses on the latest cybersecurity strategies and developments that are transforming the face of cybersecurity. Omkar Veerendra Nikhal "An Analytical Study on Attacks and Threats in Cyber Security and its Evolving Trends on Modern Technologies" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-5 | Issue-1 , December 2020, URL: https://www.ijtsrd.com/papers/ijtsrd38195.pdf Paper URL : https://www.ijtsrd.com/computer-science/computer-security/38195/an-analytical-study-on-attacks-and-threats-in-cyber-security-and-its-evolving-trends-on-modern-technologies/omkar-veerendra-nikhal
The document discusses rethinking cyber security approaches for financial institutions. It outlines key factors driving an evolution in how cyber security risks are managed, including emerging threats, increased attacks, higher costs, and greater regulatory scrutiny. The document proposes transforming cyber security programs to employ an enterprise-wide risk management approach with a focus on governance, risk assessment, controls, incident response planning, vendor management, training, threat intelligence, and cyber insurance. Adopting these measures could help address ongoing cyber security challenges.
Invesitigation of Malware and Forensic Tools on Internet
Malware is an application that is harmful to your forensic information. Basically, malware analyses is the process of analysing the behaviours of malicious code and then create signatures to detect and defend against it.Malware, such as Trojan horse, Worms and Spyware severely threatens the forensic security. This research observed that although malware and its variants may vary a lot from content signatures, they share some behaviour features at a higher level which are more precise in revealing the real intent of malware. This paper investigates the various techniques of malware behaviour extraction and analysis. In addition, we discuss the implications of malware analysis tools for malware detection based on various techniques.
The document provides an overview of the Interset platform for advanced threat detection. It discusses how existing data protection methods have largely failed and introduces Interset's behavioral analytics approach. Interset collects metadata from systems, analyzes relationships and activities, and detects anomalies to alert organizations to threats. Using mathematical models, it establishes normal baselines and monitors for deviations that could indicate insider or outside attacks. The goal is to quickly detect threats like data exfiltration in order to stop data from being compromised.
In 2017, there were over 1,765 data breach incidents compromising over 2.6 billion records. The largest breaches stemmed from poor security practices and accidental data exposures, rather than external hacking attacks. Notable breaches included the Equifax breach of 147 million Americans' personal data due to unpatched vulnerabilities, and accidental exposures of personal data by Deep Root Analytics, River City Media, and Alteryx due to misconfigured cloud storage settings. Looking ahead, new regulations like the EU's GDPR have the potential to increase transparency around data breaches.
The document discusses cyber security challenges facing national central banks. It outlines how cyber threats are evolving with more sophisticated attackers and crime-as-a-service economies. Central banks must strengthen governance, risk management, business continuity, and security measures to address growing threats to critical systems. Collaboration and information sharing between financial institutions is also becoming increasingly important to combat cyber attacks.
Потребительские технологические бренды все чаще становятся инструментом для фишинговых атак. Ошибки конфигурации стали причиной более 85% случаев утечки данных. Банковские трояны и вирусы-шифровальщики преобладают среди вредоносных программ
This document discusses the emerging risks of data security and cyber liability. It notes that virtually every business handles sensitive data and can face risks from data breaches or cyber attacks. The costs of a small data breach involving 1,000 records is estimated at $210,000 on average. It also notes that 40% of small businesses with less than 500 employees have experienced a data breach. Data security and cyber liability risks can result in both first-party losses for a company as well as third-party liabilities.
Cyber attacks pose a serious threat to both private sector organizations and governments. Advanced persistent threats can stealthily infiltrate systems over long periods of time without detection. As more business is conducted virtually, cyber crime has become increasingly sophisticated and difficult to combat. In response, there is a growing need for cyber security professionals in India to protect the country's internet economy and users. Cyberfort Technologies offers several industry-driven cyber security courses and certifications to help develop skilled cyber security experts and meet this demand.
This white paper discusses cyber security predictions and trends for the next 18 months. It outlines 5 trends: 1) major mobile exploits due to increased mobility and devices, 2) open source vulnerabilities as adversaries target these, 3) supply chain attacks remaining critical as vendors are easier targets, 4) increased industry-specific attacks and malware, and 5) greater privacy legislation in response to public concerns about data collection. The paper recommends organizations assess their use of open source software, supply chain security policies, industry-specific defenses, and data privacy practices to address these evolving threats.
7 Cybersecurity Statistics You Need to Know in 2023.pptx
Cybersecurity is not merely a topic of conversation within the IT channel anymore. It has become a focal point of concern for companies and
https://www.bluechipgulf.ae/cybersecurity-statistics-you-need-to-know/
https://www.bluechipgulf.ae/cyber-security-solutions-dubai/
Digital Forensics Market, Size, Global Forecast 2023-2028
Global Digital Forensics Market is forecasted to hit US$ 13.93 Billion by 2028, according to Renub Research. The modern world has witnessed an increased dependence on the latest digital technology. With the widespread adoption of the internet, smartphones, social media platforms like Facebook, Internet of Things (IoT), GPS, fitness trackers, and even smart cars, it has become increasingly difficult for digital forensics investigators to retrieve digital data.
The document discusses e-business and online security, defining key terms and reviewing literature on the topics. It finds that lack of trust and concerns over privacy and security are major barriers to e-commerce adoption. Recent cyber attacks targeting governments and corporations demonstrate the strategic importance of online security. Effective security requires a multi-layered approach and cooperation across technical, legal and social dimensions.
Cyber-attacks destroy the trusted relationship with customers and partners, the lifeblood of financial services. The industry is also behind the curve when it comes to adapting to the changes in working practices and consumer behaviour, driven by rapidly evolving smart devices.
Cybersecurity Challenges in Retail 2020: How to Prevent Retail TheftIntellias
While retailers keep opening new stores, hackers continue mastering their skills.
What cybersecurity challenges should the retail industry expect in 2020? It is time to reveal trends and prepare to fight upcoming attacks.
Learn the details: https://www.intellias.com/retail-security-challenges-in-2020-in-depth-security-coverage-to-prevent-retail-theft/
Etude PwC/CIO/CSO sur la sécurité de l'information (2014)PwC France
http://bit.ly/Cybersecurite-sept14
Etude mondiale de PwC, CIO et CSO réalisée en ligne du 27 mars 2014 au 25 mai 2014. Les résultats présentés ici sont fondés sur les réponses de plus de 9700 CEO, CFO, CIO, RSSI, les OSC, les vice-présidents et des directeurs de l'information et des pratiques de sécurité de plus de 154 pays.
35 % des répondants sont d'Amérique du Nord, 34 % d'Europe, 14 % d'Asie-Pacifique, 13 % en Amérique du Sud, et 4 % du Moyen-Orient et d’Afrique.
Online security – an assessment of the newsunnyjoshi88
The document discusses e-business and online security. It defines key terms and reviews literature finding that lack of trust and privacy concerns are major barriers to e-commerce. The literature review finds that online security risks come from state-sponsored cyber warfare, criminal hacking, identity theft and more. It concludes that current security levels are inadequate given growing threats and calls for more strategic priority and action on online security issues.
A STUDY ON CYBER SECURITY AND ITS RISKS K. JeniferAM Publications
Cyber security is a basic term used nowadays by each and everyone in the world. It is appropriate to know about cyber security as everything became digitized in our day-today life, because digital world is the place where cyber crimes emerge. Securing the information has become one of the biggest challenges in the present day. Various measures are taken in order to prevent these cyber crimes, though cyber security is still a very big concern. In this paper I have made a study on cyber security, how far cyber crimes are increasing and what are the threats we should be aware of.
This document evaluates nine leading digital risk monitoring vendors: ZeroFox, Proofpoint, RiskIQ, Digital Shadows, DigitalStakeout, LookingGlass, Crisp Thinking, and ListenLogic. It assesses their capabilities for continuously monitoring digital channels like social media, mobile apps, and websites to detect risks like brand hijacking, cyber threats, and physical risks to personnel. Vendors are evaluated based on their current offerings, strategies, and market presence. The document finds that ZeroFox, Proofpoint, RiskIQ and Digital Shadows currently lead in capabilities, while others offer competitive options or lag behind. It aims to help security and risk professionals select the right solution.
An Analytical Study on Attacks and Threats in Cyber Security and its Evolving...ijtsrd
In today’s dynamic and technologically advanced world, the Internet has become one of the most innovative and rapidly growing technologies. With its rise, it has also become vulnerable to a significant increase in occurrences of cyber attacks, with detrimental effects. Typically, these cyber attacks are targeted at accessing, manipulating, or damaging confidential data, extracting users money, or extorting an organization’s or user’s private information. Sensitive information, whether intellectual property, financial data, confidential information, or other forms of private data are exposed to unauthorized access or disclosure, which can have adverse consequences. Protecting data has become one of the greatest obstacles today as cyber attacks are constantly escalating. Along with the growth of internet services and the advancement of information technology, the importance of cybersecurity is crucial. Cybersecurity aims to ensure that the security interests of the company and users assets are protected and preserved against relevant cyber threats in the digital world. The data and confidentiality of computing assets pertaining to the network of an organization are protected by cybersecurity. This paper mainly focuses on threats and issues in cybersecurity facing modern technologies. It also focuses on the latest cybersecurity strategies and developments that are transforming the face of cybersecurity. Omkar Veerendra Nikhal "An Analytical Study on Attacks and Threats in Cyber Security and its Evolving Trends on Modern Technologies" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-5 | Issue-1 , December 2020, URL: https://www.ijtsrd.com/papers/ijtsrd38195.pdf Paper URL : https://www.ijtsrd.com/computer-science/computer-security/38195/an-analytical-study-on-attacks-and-threats-in-cyber-security-and-its-evolving-trends-on-modern-technologies/omkar-veerendra-nikhal
The document discusses rethinking cyber security approaches for financial institutions. It outlines key factors driving an evolution in how cyber security risks are managed, including emerging threats, increased attacks, higher costs, and greater regulatory scrutiny. The document proposes transforming cyber security programs to employ an enterprise-wide risk management approach with a focus on governance, risk assessment, controls, incident response planning, vendor management, training, threat intelligence, and cyber insurance. Adopting these measures could help address ongoing cyber security challenges.
Invesitigation of Malware and Forensic Tools on Internet IJECEIAES
Malware is an application that is harmful to your forensic information. Basically, malware analyses is the process of analysing the behaviours of malicious code and then create signatures to detect and defend against it.Malware, such as Trojan horse, Worms and Spyware severely threatens the forensic security. This research observed that although malware and its variants may vary a lot from content signatures, they share some behaviour features at a higher level which are more precise in revealing the real intent of malware. This paper investigates the various techniques of malware behaviour extraction and analysis. In addition, we discuss the implications of malware analysis tools for malware detection based on various techniques.
The document provides an overview of the Interset platform for advanced threat detection. It discusses how existing data protection methods have largely failed and introduces Interset's behavioral analytics approach. Interset collects metadata from systems, analyzes relationships and activities, and detects anomalies to alert organizations to threats. Using mathematical models, it establishes normal baselines and monitors for deviations that could indicate insider or outside attacks. The goal is to quickly detect threats like data exfiltration in order to stop data from being compromised.
In 2017, there were over 1,765 data breach incidents compromising over 2.6 billion records. The largest breaches stemmed from poor security practices and accidental data exposures, rather than external hacking attacks. Notable breaches included the Equifax breach of 147 million Americans' personal data due to unpatched vulnerabilities, and accidental exposures of personal data by Deep Root Analytics, River City Media, and Alteryx due to misconfigured cloud storage settings. Looking ahead, new regulations like the EU's GDPR have the potential to increase transparency around data breaches.
The document discusses cyber security challenges facing national central banks. It outlines how cyber threats are evolving with more sophisticated attackers and crime-as-a-service economies. Central banks must strengthen governance, risk management, business continuity, and security measures to address growing threats to critical systems. Collaboration and information sharing between financial institutions is also becoming increasingly important to combat cyber attacks.
IBM X-Force Threat Intelligence Index 2020mResearcher
Потребительские технологические бренды все чаще становятся инструментом для фишинговых атак. Ошибки конфигурации стали причиной более 85% случаев утечки данных. Банковские трояны и вирусы-шифровальщики преобладают среди вредоносных программ
This document discusses the emerging risks of data security and cyber liability. It notes that virtually every business handles sensitive data and can face risks from data breaches or cyber attacks. The costs of a small data breach involving 1,000 records is estimated at $210,000 on average. It also notes that 40% of small businesses with less than 500 employees have experienced a data breach. Data security and cyber liability risks can result in both first-party losses for a company as well as third-party liabilities.
Cyber attacks pose a serious threat to both private sector organizations and governments. Advanced persistent threats can stealthily infiltrate systems over long periods of time without detection. As more business is conducted virtually, cyber crime has become increasingly sophisticated and difficult to combat. In response, there is a growing need for cyber security professionals in India to protect the country's internet economy and users. Cyberfort Technologies offers several industry-driven cyber security courses and certifications to help develop skilled cyber security experts and meet this demand.
This white paper discusses cyber security predictions and trends for the next 18 months. It outlines 5 trends: 1) major mobile exploits due to increased mobility and devices, 2) open source vulnerabilities as adversaries target these, 3) supply chain attacks remaining critical as vendors are easier targets, 4) increased industry-specific attacks and malware, and 5) greater privacy legislation in response to public concerns about data collection. The paper recommends organizations assess their use of open source software, supply chain security policies, industry-specific defenses, and data privacy practices to address these evolving threats.
7 Cybersecurity Statistics You Need to Know in 2023.pptxIT Company Dubai
Cybersecurity is not merely a topic of conversation within the IT channel anymore. It has become a focal point of concern for companies and
https://www.bluechipgulf.ae/cybersecurity-statistics-you-need-to-know/
https://www.bluechipgulf.ae/cyber-security-solutions-dubai/
Digital Forensics Market, Size, Global Forecast 2023-2028Renub Research
Global Digital Forensics Market is forecasted to hit US$ 13.93 Billion by 2028, according to Renub Research. The modern world has witnessed an increased dependence on the latest digital technology. With the widespread adoption of the internet, smartphones, social media platforms like Facebook, Internet of Things (IoT), GPS, fitness trackers, and even smart cars, it has become increasingly difficult for digital forensics investigators to retrieve digital data.
This document discusses cybersecurity trends in India and around the world. It notes that cyber attacks cost an estimated $6 trillion annually and that companies are increasing investments in cybersecurity to protect customer data. The rollout of 5G networks and increased IoT devices will expose billions more devices to threats from hackers. Experts predict a shortage of over 3.5 million cybersecurity specialists by 2021 due to a lack of qualified candidates to fill open roles. The document outlines various cybersecurity challenges and recommendations around 5G, IoT, regulations, and developing cybersecurity expertise.
Proliferation of Smartphones and Rising Incidents of Cyberattacks are resulti...SG Analytics
However, the adoption of cloud-based cybersecurity products and the advent of IoT security across organizations is likely to create lucrative opportunities for the entire ecosystem; businesses, governments, and cybersecurity vendors.
Visit: https://www.sganalytics.com/blog/increasing-cyberattacks-resulting-in-a-demand-for-cybersecurity-solutions/
What Are Cyber Attacks All About? | Cyberroot Risk AdvisoryCR Group
Cyber attacks involve compromising computer systems and networks to cause harm. The rise in cyber attacks has been driven by more people working remotely during the pandemic using unsecured networks, making systems easier to hack. Research shows that businesses are becoming more aware of cyber risks and are purchasing more cyber insurance as a result. Statistics show that cybercrime costs over $1 trillion globally each year and the average cost of a data breach for a business is over $3 million. Certain industries like healthcare, energy, and finance are particularly at risk of costly cyber attacks.
Top 10 Cybersecurity Trends to Watch Out For in 2022ManviShukla4
With the Digital revolution around all businesses, small or large, corporates, organizations and even governments are relying on computerized systems to manage their day-to-day activities and thus making cybersecurity a primary goal to safeguard data from various online attacks or any unauthorized access. Continuous change in technologies also implies a parallel shift in cybersecurity trends as news of data breach, ransomware and hacks become the norms. Here are the top cybersecurity trends for 2022.
The global cybersecurity market is expected to witness high adoption, owing to rapid digitalization, higher spending on information security, and the advent of 5G. Various industrial and commercial sectors are implementing cybersecurity solutions to safeguard their data. The market is anticipated to expand at a compound annual growth rate (CAGR) of 11.6% during the period of 2017 to 2022. Read More: https://www.researchonglobalmarkets.com/global-cybersecurity-market.html
Intrusion Detection System Market Outlook.docxsonubot1
The global intrusion detection system market is expected to grow at a CAGR of 12.5% from 2022 to 2032, reaching a value of $15.62 billion by 2032 from $4.81 billion in 2022. This growth is driven by rising security threats, data breaches, and cyberattacks against companies. North America currently dominates the market due to growth in the IT sector and security solutions adoption, while Asia Pacific is expected to be the fastest growing region due to increased cyber attacks and IT infrastructure development. The expansion of end-use industries like telecommunications and defense will continue to support growth in the intrusion detection system market over the forecast period.
Top 10 cybersecurity predictions for 2016 by Matthew RosenquistMatthew Rosenquist
1. The document outlines 10 predictions for cybersecurity challenges in 2016 and beyond, including the expanding roles of governments, continued evolution of nation-state cyber offenses, and the intersection of life safety and cybersecurity in connected devices.
2. It predicts security expectations will increase while security technologies improve but remain outpaced by adaptable attackers. Attacks targeting trust and integrity will escalate.
3. A continued lack of cybersecurity talent will hinder the industry from effectively addressing evolving threats. New threat vectors are expected to emerge as technologies advance.
This document summarizes cyber risks and data breaches. It discusses the growing threat of cyber crime and costs of data breaches. Mandatory breach disclosure laws have significantly increased costs for US companies, with the average data breach costing $7.2 million compared to $1.9 million in the UK without such laws. Examples of large breaches include Sony, which suffered a breach of 77 million user records costing an estimated $171 million. The document examines risks like hacking, theft, and human error, as well as emerging issues around cloud computing and mobile devices.
As telcos go digital, cybersecurity risks intensify by pwcMert Akın
globalaviationairospace.com
Cyber security for telecommunications companies
The rewards and risks of the cloud, devices, and data
The fastest growing sources of security incidents, increase over 2013
Security strategies for evolving technologies
Strategic initiatives to improve cybersecurity
The frequency and impact of cyber attacks have escalated cybersecurity to the top of Board agendas. Institutions are no longer asking if they are vulnerable to cyber attacks. Instead, the focus has shifted to how the attack might be executed, risks and impact. Most importantly, their organisational readiness and resilience to such threats.
The Role Of Data Analytics In CybersecurityABMCollege2
If you've decided to pursue this path, take a look at ABM College's cybersecurity program. From understanding the fundamentals of security to mastering advanced data analysis and penetration testing, the college equips students with the knowledge to fill the industry's significant skills gap.
Commercial Real Estate - Cyber Risk 2020CBIZ, Inc.
Commercial real estate has always been an attractive cyber target offering sophisticated hackers a wealth of personal information store in banking, lease, and employment records and multiple transaction points. Enter COVID-19. Almost overnight, nearly all routine activities are tied to remote capabilities. Now, it’s cyber threat and cyber risk on steroids. Here's a cyber professional’s view of the situation and links to several additional resources.
Why is cyber security a disruption in the digital economyMark Albala
As we enter the digital economy, companies will quickly realize that the differentiator in the digital economy is information and information being a valuable resource is subject to theft, hacking, phishing and a host of other issues which compromise a company’s ability to participate in the digital economy. Cybersecurity misfires compromise the trust of buyers and partners necessary to participate in the digital economy. It is up to every company to ensure that the information shared with them is protected to the best of their ability and proactively notify persons and organizations who entrust their information necessary to transact business (any personal identity information including but not limited to addresses, credit card information, social security numbers, account information, credit information, medical records, etc.) with any potential compromises which can yield harm to them by that information either being used maliciously or shared with others.
The digital economy is different than other versions of commerce because in the digital economy, information is the lifeblood of digital commerce that passes through the hands of many platforms involved in a digital event. Each of these platforms are an opportunity to wreak havoc on your well-intended but incomplete intents to protect the information contained within the network you control. In the digital economy, it is not only the network you control, but the platforms that touch the personal data entrusted to you as a means of enabling digital commerce, and several techniques have begun to emerge to protect personal information contained within your information domain and the domain of platforms participating in digital commerce.
Because the life blood of the digital economy is information, information hacked in the digital economy is akin to shrinkage in the legacy economy. Both are means to directly attack your bottom line, whether it is redirecting customers elsewhere because they don’t trust your privacy program, ransomware which makes your site or one of your partner platform sites dangerous to use or some other reason which challenges your ability to participate in the digital economy. Shrinking the potential market share because of information safety and security challenges is a disruption, making cyber-security a disruptive activity, particularly if it is not dealt with swiftly.
If your cyber-security program is focused entirely on protecting the information housed in your four walls, you have exposed yourself to problems you will have difficulty in identifying both the source and the entry point of these issues.
AI IN CYBERSECURITY: THE NEW FRONTIER OF DIGITAL PROTECTIONChristopherTHyatt
Artificial Intelligence (AI) fortifies cybersecurity by dynamically identifying and neutralizing cyber threats. With machine learning algorithms, AI analyzes patterns in real-time data, swiftly detecting anomalies and potential security breaches. This proactive approach enhances the overall defense mechanism, ensuring robust protection against evolving cyber threats in the ever-changing digital landscape.
Pat Pather- Cyber Security Unchartered: Vigilance, Innovation and Adaptabilityitnewsafrica
Pat Pather, Chief Executive Officer at Forensic Sciences Institute, delivered a presentation on Cyber Security Unchartered: Vigilance, Innovation and Adaptability- Exploring the Depths of Cybersecurity, at Public Sector Cybersecurity Summit 2023 on the 3rd of October 2023. #PublicSec2023 #Conference #Cybersecurity #PublicSector
Security - intelligence - maturity-model-ciso-whitepaperCMR WORLD TECH
This document discusses the need for organizations to shift from a prevention-focused approach to cybersecurity to one focused on rapid detection and response. It notes that most organizations have mean times to detect threats of weeks or months, leaving critical systems vulnerable. The document introduces the concept of security intelligence and outlines a threat detection and response lifecycle that organizations should optimize to reduce their mean time to detect and respond to threats. This involves processes like discovering threats, qualifying them, investigating incidents, and mitigating risks.
Cyberspace is rapidly transforming our lives – how we live, interact, govern and create value. With the JAM (Jan Dhan, Aadhaar and Mobile) trinity, India is at the forefront of global digital transformation. “Digital India” is being hailed as the world's largest technology led programme of its kind.
While internet, smartphones and modern information and
communication devices have been great force multipliers, endless connectivity and proliferation of IoT devices is giving rise to vulnerabilities, risks and concerns. Cyber security is today ranked among top threats by governments and corporates. Heightened concerns about data security and privacy have resulted in a spate of regulations in India and across the world. India is in the process of discussing and enacting its own comprehensive data security and privacy regulation, as well as vertical specific ones. Cyber security is an ecosystem where laws, organisations, skills, cooperation and
technical implementation would need to be in harmony to be
effective.
Overall, a robust regulatory framework based on global and
country-specific regulations, development of a holistic cyber
security eco-system (academia and industry as well as
entrepreneurial) and a coordinated global approach through
proactive cyber diplomacy would help to secure cyber space and promote confidence and trust of key stakeholders including
citizens, businesses, political and security leaders.
CII has been actively working in the cyber security space. The CII Task Force on Public Private Partnership for Security of the Cyber Space has been set up to bring about improvements in the legal framework to strengthen and maintain a safe cyberspace ecosystem by capacity building through education and training programmes. We would facilitate collaboration and cooperation between Government and Industry in the area of cyber security in general and protection of critical information infrastructure in particular, covering cyber threats, vulnerabilities, breaches, potential protective measures, and adoption of best practices.
Similar to Combating Cybersecurity Challenges with Advanced Analytics (20)
Using Adaptive Scrum to Tame Process Reverse Engineering in Data Analytics Pr...Cognizant
Organizations rely on analytics to make intelligent decisions and improve business performance, which sometimes requires reproducing business processes from a legacy application to a digital-native state to reduce the functional, technical and operational debts. Adaptive Scrum can reduce the complexity of the reproduction process iteratively as well as provide transparency in data analytics porojects.
Data Modernization: Breaking the AI Vicious Cycle for Superior Decision-makingCognizant
The document discusses how most companies are not fully leveraging artificial intelligence (AI) and data for decision-making. It finds that only 20% of companies are "leaders" in using AI for decisions, while the remaining 80% are stuck in a "vicious cycle" of not understanding AI's potential, having low trust in AI, and limited adoption. Leaders use more sophisticated verification of AI decisions and a wider range of AI technologies beyond chatbots. The document provides recommendations for breaking the vicious cycle, including appointing AI champions, starting with specific high-impact decisions, and institutionalizing continuous learning about AI advances.
It Takes an Ecosystem: How Technology Companies Deliver Exceptional ExperiencesCognizant
Experience is becoming a key strategy for technology companies as they shift to cloud-based subscription models. This requires building an "experience ecosystem" that breaks down silos and involves partners. Building such an ecosystem involves adopting a cross-functional approach to experience, making experience data-driven to generate insights, and creating platforms to enable connected selling between companies and partners.
Intuition is not a mystery but rather a mechanistic process based on accumulated experience. Leading businesses are engineering intuition into their organizations by harnessing machine learning software, massive cloud processing power, huge amounts of data, and design thinking in experiences. This allows them to anticipate and act with speed and insight, improving decision making through data-driven insights and acting as if on intuition.
The Work Ahead: Transportation and Logistics Delivering on the Digital-Physic...Cognizant
The T&L industry appears poised to accelerate its long-overdue modernization drive, as the pandemic spurs an increased need for agility and resilience, according to our study.
Enhancing Desirability: Five Considerations for Winning Digital InitiativesCognizant
To be a modern digital business in the post-COVID era, organizations must be fanatical about the experiences they deliver to an increasingly savvy and expectant user community. Getting there requires a mastery of human-design thinking, compelling user interface and interaction design, and a focus on functional and nonfunctional capabilities that drive business differentiation and results.
The Work Ahead in Manufacturing: Fulfilling the Agility MandateCognizant
Manufacturers are ahead of other industries in IoT deployments but lag in investments in analytics and AI needed to maximize IoT's benefits. While many have IoT pilots, few have implemented machine learning at scale to analyze sensor data and optimize processes. To fully digitize manufacturing, investments in automation, analytics, and AI must increase from the current 5.5% of revenue to over 11% to integrate IT, OT, and PT across the value chain.
The Work Ahead in Higher Education: Repaving the Road for the Employees of To...Cognizant
Higher-ed institutions expect pandemic-driven disruption to continue, especially as hyperconnectivity, analytics and AI drive personalized education models over the lifetime of the learner, according to our recent research.
Engineering the Next-Gen Digital Claims Organisation for Australian General I...Cognizant
The document discusses potential future states for the claims organization of Australian general insurers. It notes that gradual changes like increasing climate volatility, new technologies, and changing customer demographics will reshape the insurance industry and claims processes. Five potential end states for claims organizations are described: 1) traditional claims will demand faster processing; 2) a larger percentage of claims will come from new digital risks; 3) claims processes may become "Uberized" through partnerships; 4) claims organizations will face challenges in risk management propositions; 5) humans and machines will work together to adjudicate claims using large data and computing power. The document argues that insurers must transform claims through digital technologies to concurrently improve customer experience, operational effectiveness, and efficiencies
Profitability in the Direct-to-Consumer Marketplace: A Playbook for Media and...Cognizant
Amid constant change, industry leaders need an upgraded IT infrastructure capable of adapting to audience expectations while proactively anticipating ever-evolving business requirements.
Green Rush: The Economic Imperative for SustainabilityCognizant
Green business is good business, according to our recent research, whether for companies monetizing tech tools used for sustainability or for those that see the impact of these initiatives on business goals.
Policy Administration Modernization: Four Paths for InsurersCognizant
The pivot to digital is fraught with numerous obstacles but with proper planning and execution, legacy carriers can update their core systems and keep pace with the competition, while proactively addressing customer needs.
The Work Ahead in Utilities: Powering a Sustainable Future with DigitalCognizant
Utilities are starting to adopt digital technologies to eliminate slow processes, elevate customer experience and boost sustainability, according to our recent study.
AI in Media & Entertainment: Starting the Journey to ValueCognizant
Up to now, the global media & entertainment industry (M&E) has been lagging most other sectors in its adoption of artificial intelligence (AI). But our research shows that M&E companies are set to close the gap over the coming three years, as they ramp up their investments in AI and reap rising returns. The first steps? Getting a firm grip on data – the foundation of any successful AI strategy – and balancing technology spend with investments in AI skills.
Operations Workforce Management: A Data-Informed, Digital-First ApproachCognizant
As #WorkFromAnywhere becomes the rule rather than the exception, organizations face an important question: How can they increase their digital quotient to engage and enable a remote operations workforce to work collaboratively to deliver onclient requirements and contractual commitments?
Five Priorities for Quality Engineering When Taking Banking to the CloudCognizant
As banks move to cloud-based banking platforms for lower costs and greater agility, they must seamlessly integrate technologies and workflows while ensuring security, performance and an enhanced user experience. Here are five ways cloud-focused quality assurance helps banks maximize the benefits.
Getting Ahead With AI: How APAC Companies Replicate Success by Remaining FocusedCognizant
Changing market dynamics are propelling Asia-Pacific businesses to take a highly disciplined and focused approach to ensuring that their AI initiatives rapidly scale and quickly generate heightened business impact.
The Work Ahead in Intelligent Automation: Coping with Complexity in a Post-Pa...Cognizant
Intelligent automation continues to be a top driver of the future of work, according to our recent study. To reap the full advantages, businesses need to move from isolated to widespread deployment.
The Work Ahead in Intelligent Automation: Coping with Complexity in a Post-Pa...
Combating Cybersecurity Challenges with Advanced Analytics
1. Digital Systems & Technology
Combating
Cybersecurity
Challenges with
Advanced Analytics
Using an AI-powered analytics platform, IT organizations
can shift from a reactive approach to security breaches, to
proactively identifying increasingly sophisticated threat vectors
and quickly resolving exploitable vulnerabilities.
July 2019
2. 2 / Combating Cybersecurity Challenges with Advanced Analytics
Digital Systems & Technology
Executive Summary
Cyber crimes and security threats have grown at an
exponential rate in recent years, and the momentum is only
growing. According to Juniper Research, over 146 billion
records will be exposed through criminal data breaches from
2018 to 2023, growing at a rate of 22.5% per year.1
This builds on the astounding number of data breaches reported over the past few years.
In a recent report from Identity Theft Resource Center (ITRC), the number of breached
customer records containing personally identifiable information (PII) skyrocketed by 126%
from 2017 to 2018, with a staggering total of around 446 million records leaked.2
Significant
2018 breaches include those experienced by Facebook,3
Under Armour4
and Marriott
International.5
The wreckage of a cyber attack extends beyond the immediate capital losses and financial
consequences to brand credibility, with damages persisting over several years. Facebook’s
shares are reported to have declined by as much as 19%, erasing $120 billion of the
company’s value in the second quarter of 2018.6
A study by Ponemon Institute reports that
the global average total cost of a data breach rose by 6.4% in 2018; in the U.S., the cost
was $7.91 million.7
The study also points out that the resulting customer churn from loss of
brand reputation and consumer trust was a leading contributor to the increased indirect
costs of a data breach.
Threat vectors are only multiplying as more enterprises move to digital approaches
to doing business, and embrace a wide array of internet-connected devices, fledgling
blockchain networks, cloud and social media. Even as organizations implement emerging
technologies into their core businesses to safeguard their information crown jewels,
malicious agents are also evolving, thereby increasing the nature of deceptive and
automated cyber attacks.
3. Combating Cybersecurity Challenges with Advanced Analytics / 3
Digital Systems & Technology
Cybersecurity now requires advanced
analytics that keep pace with the speed and
scale of digital business.
Given the unprecedented levels of data and analysis involved in a hyper-converged
networked world, we believe traditional defense mechanisms and siloed security tools
are unequipped to address the ever-evolving cyber threat landscape. Cybersecurity now
requires advanced analytics that keep pace with the speed and scale of digital business.
This means IT organizations must leverage big data, cloud and streaming architecture
paradigms in conjunction with artificial intelligence (AI)-powered analytics and edge
analytics to provide predictive insights and threat protection.
This whitepaper examines the emerging cybersecurity challenges faced by digital
businesses, the risk of continuing with conventional approaches, and the imperatives for
adopting an intelligent and integrated strategy for holistic digital security by augmenting
standard security tools with advanced machine learning-driven analytics and automation.
We conclude with an outline of the significant architectural building blocks for a modern
intelligent cyber analytics platform.
4. A mix of cyber threats
EXTERNAL THREAT
Network attack
(i.e., DDoS)
Hacking
(i.e., malware)
Social engineering
(i.e., phishing)
INSIDER THREAT
Malicious
worker
(i.e., disgruntled
employee)
Accidental
exposure
(i.e., human error,
system glitch)
Negligence
(i.e., lack of
governance,
misconfiguration,
insufficient
due diligence)
Figure 1
4 / Combating Cybersecurity Challenges with Advanced Analytics
Digital Systems & Technology
The current cyber threat landscape
As Figure 1 illustrates, cybersecurity vulnerabilities and attacks can be
grouped under two broad threat patterns: internal and external.
A robust cybersecurity defense strategy needs to account for both of these threat vectors, as well as the
more sophisticated attacks possible through the advent of IoT initiatives, cloud enablement, big data
analytics, social media, mobile computing, cryptocurrencies, etc. New attack variants are continuously
appearing, such as “formjacking” and “cryptojacking,” and the list only keeps growing. According to the
Ponemon report, the average global probability of a material breach in the next 24 months is 27.9%.
Top three data breach trends
Additionally, the current threat landscape is characterized by the following three trends:
❙❙ Cyber attack targets aren’t always what you’d think: While it is typically assumed that banking and
financial institutions are the primary target for cyber attacks, the business sector – which
includes e-commerce/retail, hospitality and tourism, trade, transportation, utilities, supply chain
business, etc. – sustained the highest percentage of overall data breaches in 2018, according to the
ITRC study, at 46%. The medical/healthcare industry and banking/credit/financial sector followed in
second and third places, respectively, with 29% and 11% of total reported breaches.
❙❙ Associated costs are increasing. According to Ponemon’s cost analysis, the U.S. and Canada invested
the most in resolving malicious or criminal attacks, at $258 and $213 per record, respectively. Without
a security automation process, these costs will only rise. The cost of Equifax’s data breach in 2017, for
5. 5
Combating Cybersecurity Challenges with Advanced Analytics / 5
Digital Systems & Technology
New attack variants are continuously
appearing, such as “formjacking”
and “cryptojacking,” and the list only
keeps growing. According to the
Ponemon report, the average global
probability of a material breach in
the next 24 months is 27.9%.
6. 6 / Combating Cybersecurity Challenges with Advanced Analytics
Digital Systems & Technology
example, was about $300 million.8
Indirect costs resulting from organizational resources spent notifying
victims and investigating the incident, as well as the loss of goodwill and customer churn, also have
substantial financial consequences.
A churn of 1% due to a data breach can result in an average total cost of $2.8 million, according to the
Ponemon report. Moreover, regulatory changes such as the European Union’s Global Data Protection
Regulation (GDPR) and impending California Consumer Privacy Act (CCPA), will enforce strict
penalties for any privacy lapse.
❙❙ Hacking and insider threats are the most common sources of data breaches. Hacking continues
to be the most common type of cyber attack. According to the ITRC study, 39% of breaches involved
hacking, while 30% were due to insider threats, and 21% from accidental exposure and negligence.
These statistics are consistent with Ponemon’s 2018 report, in which 48% of incidents were caused by
criminal or malicious attacks, 27% by insider threats and negligence and 25% from system glitches.
7. Combating Cybersecurity Challenges with Advanced Analytics / 7
Four major cybersecurity challenges and what to do about them
Cybersecurity programs are failing to keep up with accelerating digital threats. The pivot to
digital introduces new technology and architecture patterns that upend legacy cybersecurity methods
(see Figure 2). Roughly 84% of respondents in a recent McKinsey & Co. study feel companies are
insufficiently prepared for the vulnerabilities caused by IoT initiatives,9
and 49% of CIOs in a Gartner
study say their enterprises have already changed their business models or are in the process of
changing them.10
With connected technologies and IoT, companies must shift from managing security for thousands of
network endpoints, to millions of connected devices. With the adoption of container technologies, IoT
devices, mobile devices and cloud infrastructures, many organizations’ security tools and processes lack
visibility into the new resulting threat vectors.
Action item: Garner clear understanding of your emerging cyber risk portfolio and evolve legacy
security policies. Businesses need to broaden the data points collected for real-time integration, and
employ security automation to centralize management and enable rapid, flexible deployment.
Bots are a blessing and a curse. While advanced analytics and AI are driving digital business
change, malicious agents are reinventing attack algorithms, using AI to create new variants of old
attack models. This adds to burgeoning problems with traditional security tools that rely on human
intervention and manual investigations and don’t always provide 360-degree cyber protection. The
potential misuse of advanced analytics technologies can include automated hacking, email and
1
2
Limitations of traditional cybersecurity approaches
NETWORK AND DNS
TRAFFIC CAPTURE
TOOLS
EMAIL PROTECTION
TOOLS
ENDPOINT TOOLS
CONVENTIONAL SIEM
TOOLS
Fragmentedskillsetondisparatesources
Lackofcomprehensivevisibility
duetosiloedanalysis
Inability to detectadvanced deceptive threats
Inability to support real-time monitoring for cloud, IoT,
big data scale
Figure 2
Digital Systems & Technology
8. 8 / Combating Cybersecurity Challenges with Advanced Analytics
Digital Systems & Technology
social media phishing attacks, speech synthesis to mimic human interaction, and turning consumer
drones, connected devices11 12
and autonomous vehicles into potential attack instruments. Without
security automation to detect threats, the net cost difference of a data breach is $1.55 million,
according to the 2018 Ponemon report.
Action item: Acknowledge the world of sophisticated threats and evolve from a reactive to a
proactive strategy. Organizations need to employ advanced analytics powered by AI and machine
learning to detect deception.
Siloed data analysis generates too much noise. Organizations typically use either traditional
security information and event management (SIEM) solutions such as syslog servers and log
managers, or they utilize multiple cybersecurity products that collect huge volumes of system and
user activity events, independently. This results in disparate and disconnected systems that are not
suited to today’s digital models and fail to present the complete picture of the IT health and risk
posture at any given point in time.
The analysis of huge volumes of fragmented data results in a lack of comprehensive visibility, false
positives and inefficiency. The mean time to identify (MTTI) for a data breach in 2018 was 197 days,
according to the Ponemon report. The failure to quickly detect and contain a data breach also has
huge direct and indirect financial impacts.
Action item: Evolve from a piecemeal process of analysis. Organizations should adopt innovative
thinking to intelligently integrate disparate data to radically increase insight generation and response.
There’s a lack of cyber skills and capabilities in the emerging technology landscape.
Given that the human factor is a significant cause of data breaches – 27% according to the
Ponemon study – there is clearly a critical need to improve awareness among the broader employee
community. Conventional education and standard procedures are simply not enough to face the
mounting challenges in the digital world, where attack models are outpacing acquired skills.
Security operations center (SOC) analysts with knowledge limited to a specific security tool will
struggle to put together a holistic picture from multiple security tools. This will make it difficult to
realize the comprehensive event-chaining behavior and analysis of an incident or anomaly. A lack of
skill and confidence in the cyber defense strategy can also hinder an organization’s IT modernization
and digital growth plans. According to a study by (ISC)2
, there are 2.93 million cybersecurity positions
open and unfilled around the world,13
and according to McAfee, 40% of IT leaders are slowing cloud
adoption due to a shortage of cybersecurity skills.14
Action item: Inform, educate and upskill SOC analysts and avoid internal fragmentation of
cybersecurity skill and knowledge. Organizations need to overcome the lack of human-driven
intelligence with analytics-driven intelligence.
3
4
9. The potential misuse of advanced
analytics technologies can include
automated hacking, email and
social media phishing attacks,
speech synthesis to mimic human
interaction, and turning consumer
drones, connected devices and
autonomous vehicles into potential
attack instruments.
9Digital Systems & Technology
Combating Cybersecurity Challenges with Advanced Analytics / 9
10. Many systems are inherently
limited in terms of the
amount of data they can
store. Imagine the perplexity
when a vulnerability is
discovered 100 days after
the fact, and the source data
is purged every 30 days.
10 / Combating Cybersecurity Challenges with Advanced Analytics
Digital Systems & Technology
11. Combating Cybersecurity Challenges with Advanced Analytics / 11
Digital Systems & Technology
Fivefoundations for tackling cybersecurity challenges
Inthecurrenttechclimate,it’snotaquestionof“if”but“when”adata
breachwillhappen.Whileit’simportantfororganizationstocontinuously
refinetheirsecurityprotocolsandgovernancestrategytofaceemerging
challenges,it’salsoimperativetobuildanddeployadvancedthreat
protectionmodels.Thisrequiresatransformativesecurityanalyticsagenda
thatincorporatesacyberanalyticsplatformthatintegratesdisparatedata
inreal-time,enrichedwithmetadataandartificialintelligence/machine
learning(AI/ML)analytics,aswell assecurityorchestrationautomation
andresponse(SOAR)forexpeditedthreathandling.
As threats evolve in scale and sophistication, organizations need to ensure they’re aware of the
predominant security challenges they face and implement the key foundational building blocks to make
data-driven, informed decisions and derive proactive critical insights. We advise organizations to take the
following actions:
Broaden the data integration and management horizon.
❙❙ Automate collection and ingestion of data at big data scale.
❙❙ Store data in a manageable manner, supporting data lake patterns.
❙❙ Break traditional information barriers with fast data retrieval and search.
Cybersecurity defense is a moving target, and so is the data used for analysis. Isolating analysis to data
generated by traditional information security tools and processing in predetermined ways creates rigid
boundaries when the data sources are evolving and multiplying.
Cyber analytics platforms must be able to spot threats across a wide variety of data sources – both
internal and external to the enterprise – be it real-time streaming data or batch data (i.e., structured,
semi-structured and unstructured data formats). Most important, these platforms must work with data
that is beyond the traditional purview of security operations teams, such as email content, social media
feeds, user metadata from a human resources database, web server and system logs of user activity, as
well as critical auditing databases managed by IT teams.
Furthermore, many systems are inherently limited in terms of the amount of data they can store, ranging
from a week to a month in some cases. Imagine the perplexity when a vulnerability is discovered 100
days after the fact, and the source data is purged every 30 days. Adding to this is the data associated
with mobile devices, IoT devices and cloud-based services, totaling thousands of gigabytes every
second. Therefore, it is critical to anticipate potential future use cases and source the data in real-
time and scale and store it in a manageable way. This will enable security teams to establish historical
baselines to perform investigative data science experiments and retrospective analysis.
1
12. Digital Systems & Technology
12 / Combating Cybersecurity Challenges with Advanced Analytics
Utilize an integrated advanced analytics-driven platform.
❙❙ De-fragment and reconcile siloed data for rapid insight generation.
❙❙ Power analysis with ML and other advanced forms of AI.
❙❙ Use AI and automation to close skills gaps.
Fragmented data results in fragmented investigation and forensic analysis. Cybersecurity requires an
integrated and intelligent analytics-based platform that can automate scanning at the scale and speed
required to process increasingly agile digital data and workload patterns.
The cyber analytics platform must be able to crunch through massive volumes of disparate data and
derive meaningful insights, convert data into intelligent information and detect advanced threats
using data science, deep learning, edge analytics and AI. By applying advanced analytics technologies
to threat data at big data scale, this type of platform could enable automated correlation of events
from multiple data sources across hundreds of dimensions and generate deep intelligent insights
such as event-chaining, user behavior and risk quotients; activity patterns and deviation from a normal
sequence; proactive identification of vulnerability gaps and weak links; and use of social media data to
track potential local security incidents.
Automated orchestration is critically needed in the case of zero-day exploits. A platform that goes
beyond traditional analyst tools and capabilities can bridge the gaps that human efforts struggle to fill.
Seek real-time data enrichment.
❙❙ Add structure and context with metadata such as geo-IP lookups.
❙❙ Correlate disparate data to derive meaning.
❙❙ Add streaming analytics for real-time alerts.
Simply collecting large volumes of data without preparing it for analysis can result in a data deluge. The
cyber analytics platform must be able to correlate patterns among disparate sources of data, using the
required metadata to connect the dots.
2
3
Cybersecurity requires an integrated and intelligent
analytics-based platform that can automate
scanning at the scale and speed required to process
increasingly agile digital data and workload patterns.
13. Combating Cybersecurity Challenges with Advanced Analytics / 13
Digital Systems & Technology
For example, legacy systems often send data with timestamps but no indication of time zone. Without
that information, SOC analysts cannot be certain of where and when an event was triggered to correlate
it with events from other sources with different time zones. If there is inherent system latency, the
analysis is completely skewed.
It isn’t viable to create a comprehensive master database in a networked world. With the large data
payloads generated by the cloud and IoT, absence of sufficient metadata elements can lead to
ineffective triaging of an incident. The cyber analytics platform must enrich enterprise event data
by tagging critical metadata such as unique host names, geolocation, time zone, etc. as soon as it
is ingested. Real-time metadata tagging is critical to understanding the context of an incident and
determining the complete picture surrounding the data.
Apply intelligent visualization.
❙❙ Create a customizable command center view for holistic security.
❙❙ Facilitate egress integrations for business intelligence tools.
❙❙ Enable seamless collaboration with the data scientist community.
With traditional SOC dashboards and vendor-specific information security tools, incident analysis
involves switching between several consoles and user interfaces, and performing manual checks and
static analysis on data to determine root cause while maintaining chain of custody. Each step needs
to be repeated for each triggered alert. This manual method of analysis and reporting is highly time-
consuming, prone to human error and limited in the amount of data available for analysis at any given
point in time.
It takes dedicated personnel to maintain and monitor such siloed dashboards and perform analysis.
An SOC analyst specializing in an individual vendor-based information security tool may not be able to
correlate the events from a parallel source of information from a different tool. Search capabilities are
inherently limited in terms of the amount of historical data that can be queried for analysis and the ability
to collaborate easily with fellow members of the team.
The cyber analytics platform must provide SOC analysts with a single view of current IT risk and health
scores, as well as a digital map connecting the dots between thousands of people, machines and
devices and their interactions. It must also provide the flexibility to create purpose-built dashboards that
present intelligent information from correlated data and insights derived from advanced analytics such
as real-time behavior profiling.
Interactive development tools such as notebook interfaces (i.e., web-based collaboration tools for data
engineers and data scientists) can be used to provide capabilities for real-time and ad hoc AI/ML model
creation.
4
14. Digital Systems & Technology
Expand the security analysis surface via the cloud.
❙❙ Extend the boundaries of data gathering.
❙❙ Augment security by deploying cloud-native security tools.
❙❙ Cross-validate with in-house data to get a comprehensive view.
As enterprise perimeters expand to the cloud via IoT, IT organizations need solid cloud security
protocols and a holistic view of the user and system activity patterns across on-premises and cloud
environments. With immature security auditing and governance capabilities in the cloud, threat vectors
for data leakage and exfiltration can increase substantially.
Consider a scenario in which an employee uploads data and files from the office laptop to cloud storage
that is open to public access. Without end-to-end visibility of the event chain, vulnerability checks and
analysis would be inaccurate and time-consuming. Simply leaving the liability in the hands of cloud
service provider expands the risk of cyber threats to a whole new level.
Security and compliance analysis can be augmented with cloud-native security products feeding cloud
event data into the cyber analytics platform. The result is a comprehensive picture of overall user and
system behavior, which helps to minimize the attack surface and protect against vulnerabilities, identify
theft and data loss.
With cloud-native security products, organizations can better identify cloud assets, which is critical
when dealing with vague cloud-generated private IPs across multiple cloud accounts.
5
14 / Combating Cybersecurity Challenges with Advanced Analytics
15. Combating Cybersecurity Challenges with Advanced Analytics / 15
Bringing it all together
Figure 3 depicts an end-state high-level reference architecture
of a conceptual next-gen cyber analytics platform.
Such a platform can now be conceived and built easily by integrating industry-standard advanced analytics
tools and big data technology. This is even more possible today with rapid advancement in advanced
analytics technology in community-driven development, commercial products and public cloud services.
Organizations can leverage available tools to prototype and validate best-of-breed technologies to quickly
deliver on the cyber analytics platform vision while also addressing business priorities. These include a
plethora of options available for an on-premise model, such as Apache open source products, and cloud-
native products such as Databricks and Snowflake. Competitive options are also available from popular
public cloud vendors such as IBM QRadar on cloud, AWS SageMaker, Azure Analysis Services and Google
Cloud ML.
Our Cyber Threat Defense is one such envisioned platform available as a service with ready-to-use threat
analytics providing actionable insights. (For more insight, please visit us at our website.)
Envisioning a next-gen cyber analytics platform
THREAT INTEL FEEDS
IoT Data
(sensors, camera,
devices, etc.)
Identity & access
management
(Active directory, human
resourcesDB,cloudIAM,etc.)
Endpoint security
(Tanium,Bluecoat,Lumension,
Qualys,Cylance, Trendmicro,
Dome9, etc.)
Machine generated logs
(system logs, proxy, firewall,
VPN, DNS, DHCP, printer
events, etc.)
Threat Intelligence Feeds
(Fireeye, Proofpoint,
Qualys, etc.)
Mobile security
(Airwatch, Zscaler, etc.)
UNSTRUCTUREDSTRUCTUREDSEMI-STRUCTURED
Streaming
Data
Batch
Data
On-premise
Cloud
IoT
DATA INGESTION:
HIGH THROUGHPUT
LOW LATENCY
DATA TRANSFORMATION:
RULES APPLICATION, CORRELATION, ENRICHMENT
DATA ANALYTICS: MACHINE LEARNING, AI, DEEP LEARNING
DATA STORAGE
Real-time big data analytics engine ADVANCED
VISUALIZATION
Points of Ingress
DevSecOps Automation, Orchestration, Governance
Real-time IT assets,
health vs. risk score
dashboard
Threatintelligence,
alerting,remediation
platform
Security data
science workbench
for collaboration
Security analytics
model as a service
Self-service BI,
drill-down search, IT
digital map topology
Triaging &
alerting rules
Raw &
transformed
incident events
Metadata
lookups
(geo-IP, asset
inventory)
Incident alerts,
remediate
status
Historical
vulnerability
patterns
Event-
chaining &
sequencing
User
behavioral
profiling
Threat
pattern based
hunting
Cloud API
calls
inspection
Endpoint
enrichment(map
latestpatchstatus
acrossvariousintel
sources)
User activity
enrichment(map
useractivityacross
devices&perrole)
Network traffic
enrichment(map
networkpackets
withDNSevents)
Metadata tagging
(asset/hostname
mapping)
Metadata tagging
(geo-IP lookups)
Streaming analytics
(recurring events
counts, anomalous IP)
NEXT-GEN CYBER ANALYTICS PLATFORM
Figure 3
Digital Systems & Technology
16. Digital Systems & Technology
Next-gen analytics platform in action
Let’s look at how organizations can solve two prominent security use cases using a next-gen analytics-
based paradigm.
Endpoint reconciliation
The majority of attacks occur at the enterprise endpoint level. With bring your own device (BYOD), remote/
mobile employees and cloud initiatives, the network security perimeter for most enterprises has all but
dissolved. It’s critical to establish an effective endpoint security measure and understand the complete
picture of endpoint security health at any given point to prevent cyber attacks.
Using security products such as Tanium, Cylance, Cisco AMP and Qualys as agents in endpoint devices
(on-premises and cloud), organizations can monitor and capture the vulnerability and compliance
status of the device in real-time, along with last-logged-in user identification. Microsoft’s System Center
Configuration Manager (SCCM) handles Windows patch management and anti-malware policies, while
Dome9 gathers cloud traffic data. These tools together generate millions of events in real-time.
Identifying system health and user access at any given time is time-consuming when the data from these
tools is not integrated. The cyber analytics platform can help to automatically identify and holistically
visualize enterprise security and IT health by providing a single-view dashboard of the IT assets’ health
status and vulnerability score generated using advanced analytics.
Organizations can improve risk analysis and make faster decisions by automatically capturing, integrating
and correlating real-time event data with the look-up data from an enterprise asset inventory master
database and human resources data (see Figure 4). They can also incorporate a single-view dashboard of
the IT assets’ health vs. risk score.
Endpoint reconciliation via a next-gen cyber analytics architecture
THREAT INTEL FEEDS
On-premise
Cloud
Points of Ingress
Streaming
Data
Batch
Data
NEXT-GEN CYBER ANALYTICS PLATFORM
Comprehensive assets
patched/non-patched status
Compliance overview, validate
assets hardened with Tanium, Cylance,
Qualys
Cloud assets compliance audit
across accounts
Geo site location and user map of the
vulnerable asset
Anomalous asset identification or
outdated patch alert notification
Automated alerts & remediation based on
outdated patch policies and calculated
risk score
CMDB
(assets inventory master)
Qualys
(Vulnerability scanner)
Tanium
(endpoint security
management)
SCCM
(Windows patch
management)
Cylance
(malware detection,
threat intelligence)
Infoblox
(IP address management)
Dome9
(cloud endpoint security
management)
Workday
(HR data for
employee ID,
role and department)
Figure 4
16 / Combating Cybersecurity Challenges with Advanced Analytics
17. Combating Cybersecurity Challenges with Advanced Analytics / 17
This approach could have prevented the worldwide WannaCry worm cyberattack in May 2017, in which
over 300,000 systems running the Microsoft Windows operating system were compromised.15
The
exploitation – which impacted major organizations including FedEx, Nissan and Britain’s National Health
Service – was caused by a Windows vulnerability in the implementation of the Server Message Block (SMB)
protocol.
A month before the outbreak, Microsoft discovered and released a security patch for the vulnerability;
however, organizations that failed to update their patches were exposed.
An intelligent and integrated cyber analytics platform could have helped identify such a lapse at an early
stage by proactively tracking and managing endpoint reconciliation, enabling faster security control
measures (In this case, either decommissioning the outdated machine or updating the OS patches) to
better protect the enterprise.
Data loss prevention
Enterprise endpoints are points of egress for business data. It is critical, therefore, to monitor endpoints for
user behavior patterns and prevent insider threats causing data exfiltration or accidental data leakage or
exposure. Cloud, mobile and BYOD adds complexity to this problem.
In hybrid environments, millions of user activity data points collected over thousands of endpoints and
devices by disparate security monitoring tools do not reveal the sequence of events in a comprehensive
way. Tracing the data loss to a specific employee and device creates a needle in the haystack situation for
SOC analysts.
A cyber analytics platform can mitigate this visibility gap by enabling collection, aggregation and
correlation of events from multiple data sources, providing a better representation of malicious or
negligent insider behavior.
It’s critical to establish an effective endpoint security
measure and understand the complete picture
of endpoint security health at any given point to
prevent cyber attacks.
Digital Systems & Technology
18. For example, a cyber analytics platform can combine internet activity data from proxy monitoring tools
such as ZScaler with user activity data from Microsoft Sharepoint, OneDrive and other cloud collaboration
tools and add intelligence from endpoint user activity monitoring security agents. Such agents include
Lumension, which tracks universal serial bus (USB) security, and Varonis, which detects unauthorized
access to file servers, email systems and Microsoft Active Directory.
Organizations can further enrich this data with VPN and geolocation data to check remote access by
users and human resources data to validate users’ authorized role and department. This helps to create a
comprehensive user behavior analysis and validate operational sequences of an employee in real-time.
By incorporating advanced analytics such as deep learning and AI, it is now possible to identify and isolate
anomalous user behavior when compared with past behavioral patterns and current role privileges. This
approach of user and entity behavior analytics (UEBA) helps organizations quickly identify and classify
high-risk activities and user accounts. Automated security policies can be integrated to notify or suspend
high-risk user accounts or change vulnerable security access controls for the user.
Data loss prevention using a next-gen cyber analytics architecture
THREAT INTEL FEEDS
On-premise
Cloud
Points of Ingress
Streaming
Data
Batch
Data
NEXT-GEN CYBER ANALYTICS PLATFORM
Data exfiltration to unauthorized sites
Unauthorized access to mission-critical
files and folders
Anomalous user activity profile detection
based on historical patterns
Large uploads/downloads from new IP, at
unusual hours or weekends, to USB, over
VPN, etc.
Inconsistent geolocation indication for
critical access patterns
Automated alerts & remediation based on
critical risks and vulnerabilities
Active Directory
(login and audit tracking)
ZScaler
(proxy logs to detect user
activity to internet)
Sharepoint
(user activity on
Sharepoint, OneDrive)
Varonis
(email data loss prevention)
Juniper
(VPN data to track remote
access user activity)
Lumension
(USB drives activity tracking)
Dome9
(cloud endpoint security
management)
Workday
(HR data for employee ID,
role and department)
Figure 5
18 / Combating Cybersecurity Challenges with Advanced Analytics
By incorporating advanced analytics such as deep
learning and AI, it is now possible to identify and isolate
anomalous user behavior when compared with past
behavioral patterns and current role privileges.
19. Taking a data science
approach to security
In recent years, the topic of security analytics has become
closely interrelated with SIEM products, with most vendors
in this space launching products built around native AI and
ML analytics capabilities, such as the Cylance AI platform.
Concurrently, security analytics players are launching into the
SIEM market.
In the early days of security analytics, the platform had to be developed from scratch. But
as a result of the challenges outlined in this white paper, organizations invariably struggled
to build and maintain these environments. In fact, some have been inching away from
ground-up custom analytics platforms to commercial off-the-shelf (COTS) solutions.
By far, the greatest failure is not clearly defining the security control use cases for
analytics. Entire companies have been founded to address this need with commercial
threat intelligence services such as Anomali, which generates up-to-date blacklists to
refine the event data in the platform. Customers also struggle to not just detect but also
respond to the overwhelming number of security incidents, so the connection to security
orchestration automation and response (SOAR) is the future, at least circa 2019.
Designing these kinds of technologies is not as simple as previously considered. Recruiting
data science expertise to mine the data lake is difficult – this skillset is one of the rarest and
most expensive in the industry. This can be easily avoided if an organization focuses on
addressing the security events rather than analyzing and detecting them, which can easily
be handed off to a more specialized partner or vendor.
Therefore, we recommend applying the next-gen cyber analytics building blocks where it
makes sense and extending these with COTS solutions.
Finally, fully managed security services, which provide organizations with business
outcome-driven, orchestrated security operations based on multi-tenant analytics
platforms, such as our Cyber Threat Defense, provide an effective response for
organizations that have struggled with implementation of analytics platforms.
Combating Cybersecurity Challenges with Advanced Analytics / 19
Digital Systems & Technology
Quick Take
20. Digital Systems & Technology
20 / Combating Cybersecurity Challenges with Advanced Analytics
Looking ahead
Organizations need to assess their cyber risk from an organizational,
cultural, structural and talent perspective and evolve their security
practices and polices to weather the cybersecurity storm and be
positioned for success.
❙❙ By adopting an AI-driven security automation framework, organizations can align their
cybersecurity maturity with digital maturity. Such a platform must be able to crunch and correlate
threat patterns on massive volumes of disparate data, which introduces opportunities for advanced
cybersecurity without business disruption. Using sophisticated alerts and prescriptive analytics for
dynamic policies to address identified risks, organizations can speed deployment of threat-blocking
measures – thereby increasing the agility of security operations.
❙❙ Security automation can help mitigate skill gaps and cybersecurity knowledge fragmentation.
This can expedite threat hunting, insight generation and remediation. Moreover, organizations must
cross-train SOC analysts and upskill team members to face digital threats and elevate security best
practices and awareness among the broader employee community.
❙❙ The current threat environment requires a more proactive and adaptive approach that
incorporates continuous monitoring and real-time assessments. Guidelines recommended by
industry-standard risk assessment frameworks like the National Institute of Standards and Technology
(NIST) CyberSecurity Framework provide best practices to manage cybersecurity-related risk.16
❙❙ Cybersecurity is an evolving and moving objective. Organizations must continuously adapt their
cybersecurity models to improve their preparedness and build confidence in their ability to face, detect
and thwart potential cyber threats.
Digital business requires digital cybersecurity that makes the best use of advanced analytics and intelligent
automation to achieve their digital objectives at a pace and scale that outsmarts threat vectors.
21. Digital Systems & Technology
Combating Cybersecurity Challenges with Advanced Analytics / 21
22. Endnotes
1 “Juniper Research: Cybersecurity Breaches to Result in Over 146 Billion Records Being Stolen by 2023,” MarketWatch,
Aug. 8, 2018, https://www.marketwatch.com/press-release/juniper-research-cybersecurity-breaches-to-result-in-over-
146-billion-records-being-stolen-by-2023-2018-08-08.
2 “2018 End-of-Year Data Breach Report,” Identity Theft Resource Center, 2019, https://www.idtheftcenter.org/wp-content/
uploads/2019/02/ITRC_2018-End-of-Year-Aftermath_FINAL_V2_combinedWEB.pdf.
3 Louise Matsakis and Issie Lapowsky, “Everything We Know About Facebook’s Massive Security Breach,” Wired, Sept. 28,
2018, https://www.wired.com/story/facebook-security-breach-50-million-accounts/.
4 Tony Bradley, “Security Experts Weigh In On Massive Data Breach of 150 Million MyFitnessPaul Accounts,” Forbes, March
30, 2018, https://www.forbes.com/sites/tonybradley/2018/03/30/security-experts-weigh-in-on-massive-data-breach-
of-150-million-myfitnesspal-accounts/#16776e223bba.
5 “Marriott Announces Starwood Guest Reservation Database Security Incident,” Marriott International, Nov. 30, 2018,
https://news.marriott.com/2018/11/marriott-announces-starwood-guest-reservation-database-security-incident/#.
6 Vibhuti Sharma and Munsif Vengattil, “Zuckerberg Loses More than $15 Billion in Record Facebook Fall,” Reuters, July
26, 2018, https://www.reuters.com/article/us-facebook-results-stock/facebook-braces-for-stock-wipeout-as-lower-
margins-loom-idUSKBN1KG1TN.
7 “Cost of a Data Breach Study,” Ponemon Institute, IBM, July 2018, https://www.ibm.com/security/data-breach.
8 Jeremy C. Owens, “The Equifax Data Breach, In One Chart,” MarketWatch, Sept. 10, 2018, https://www.marketwatch.com/
story/the-equifax-data-breach-in-one-chart-2018-09-07.
9 9 “Six Ways CEOs Can Promote Cybersecurity in the IoT Age,” McKinsey, 2017, https://www.mckinsey.com/featured-
insights/internet-of-things/our-insights/six-ways-ceos-can-promote-cybersecurity-in-the-iot-age.
10 10 “CIO Agenda 2019: Digital Maturity Reaches a Tipping Point,” Gartner, 2018, https://www.gartner.com/
smarterwithgartner/cio-agenda-2019-digital-maturity-reaches-a-tipping-point/.
11 Mark Austin, “Hackers Broke Into a Casino’s High-Roller Database through a Fish Tank,” Digital Trends, April 15, 2018,
https://www.digitaltrends.com/home/casino-iot-hackers-fish-tank/.
12 Jeff John Roberts, “Killer Car Wash: Hackers Can Trap and Attack Vehicles,” Fortune, July 27, 2017, http://fortune.
com/2017/07/27/car-wash-hack/.
13 13 “Cybersecurity Professionals Focus on Developing New Skills as Workforce Gap Widens,” (ISC)2
,
2018, https://www.isc2.org/-/media/ISC2/Research/2018-ISC2-Cybersecurity-Workforce-Study.
ashx?la=en&hash=4E09681D0FB51698D9BA6BF13EEABFA48BD17DB0h.
14 “Navigating a Cloudy Sky,” McAfee, 2018, https://www.mcafee.com/enterprise/en-us/assets/reports/restricted/rp-
navigating-cloudy-sky.pdf.
15 15 Chris Graham, “NHS Cyber Attack: Everything You Need to Know About ‘Biggest Ransomware’ Offensive in History,” The
Telegraph, May 20, 2017, https://www.telegraph.co.uk/news/2017/05/13/nhs-cyber-attack-everything-need-know-
biggest-ransomware-offensive/.
16 16 NIST cybersecurity framework: https://www.nist.gov/cyberframework.
Digital Systems & Technology
22 / Combating Cybersecurity Challenges with Advanced Analytics
23. Combating Cybersecurity Challenges with Advanced Analytics / 23
Digital Systems & Technology
About the author
Archana Rao
Principal Architect, Cognizant Digital Technology Consulting
Archana Rao is a Principal Architect within Cognizant Digital Technology
Consulting. She has 15-plus years of cross-industry IT experience, developing
and providing solutions focused on architecture and design of enterprise high-
performance computing and analytics applications using big data, AI/ML and
public cloud native services, to help clients implement strategic technology
initiatives. Archana has considerable experience involving batch and streaming
architecture patterns serving high-throughput/low-latency requirements,
including architecting a next-gen cyber analytics platform on AWS public cloud
for a large car manufacturer in the U.S. She holds a B.E. in electrical engineering
and electronics from University of Madras, Chennai. Archana can be reached
at Archana.Rao2@cognizant.com | Twitter: https://twitter.com/ArchanaRA0 | LinkedIn: www.linkedin.com/in/
raoarchana/.
Acknowledgments
The author would like to thank Alan Alper, Vice President, Cognizant Thought Leadership programs, and subject
matter experts within the Cognizant Digital Security Practice for their valuable contributions to this white paper,
including Harry Bannister, CISSP, CCSP, Associate Director, Portfolio Strategy and Positioning, and Sam Dillingham,
CISSP, Associate Director, Managed Security Services Strategy & Product Positioning.
Special thanks also to Cognizant Digital Technology Consulting’s Mahadevan Krishnamoorthy, Assistant Vice
President, and Sathish Kumar Muthukaruppan, Senior Director, for their guidance in the writing of this white paper.