Predictive Protection: Info Security’s New Tool

One lesson easy to learn at any point on the path from an information management degree to a senior position in an IT organization: cybersecurity is a critical issue. Unfortunately, as time goes on, the problem becomes more acute. But there are some new tools on the horizon that could help.

The advantage of a predictive analytics approach is two-fold.

In the last 12 months alone, eBay, Target, Adobe, Michaels Stores, AOL, Snapchat, and Neiman Marcus all experienced severe breaches. According to the Ponemon Institute, 47 percent of adult Americans lost personal information to hackers in that time. And according to the 2014 U.S. State of Cybercrime Survey — undertaken by PwC, CSO Magazine, CERT at Carnegie Mellon’s Software Engineering Institute, and the Secret Service — “only 38 percent of companies have a methodology to prioritize security investments based on risk and impact to business strategy.”

The typical tools and methodologies for addressing cyberattacks are not enough. Even as new weaknesses and attacks appear, many organizations find it impossible to keep up with the flood of software patches the average IT shop is expected to apply across an enterprise on a continuing basis.

The status quo cannot continue. A growing number of vendors are developing a different approach from the ones they’ve used in the past. Instead of constantly reacting to the latest specifics of threats, they’re turning toward predictive protection. Systems look for patterns of behavior and activity that could indicate a threat. The concept goes back decades, but it is starting to be implemented and developed widely.

Symantec has unveiled its roadmap for security products and services, which will include a cloud sandbox that analyzes the behavior of software to help pinpoint threats. The company will also use an intelligence network that “collects data from customers and sensors” to analyze attack networks and develop predictive responses.

In Israel, predictive alerts have been employed in the energy infrastructure, based on data pulled from connected devices. Cisco recently invested in OpenDNS, a startup specializing in predictive threat intelligence.

The advantage of a predictive analytics approach is two-fold. First, it can help keep security professionals from always playing catch-up because they are always responding to what attackers have done. Second, it means that security systems do not necessarily have to wait for patches against new attacks to be effective against them, opening the door for zero-day attacks. Instead of focusing on static signatures, companies can look for suggestive behavior.

The change means that IT professionals will have to learn new ways to approach cybersecurity. Effectiveness will depend on data analysis and modeling. Because predictive security is still relatively new, now is the time to learn about the technology and how to integrate it into a security infrastructure. By expanding their knowledge and abilities, professionals both help their organizations and improve their career opportunities.