Perhaps the most resource-intensive task required of security teams is the correlation and analysis of the massive volumes of data being produced by security devices and network sensors. This challenge is probably most apparent in the fact that network breaches often remain undetected for months, allowing cybercriminals to plant time-bombs, establish elaborate botnets, and slowly exfiltrate millions of records containing customer information and intellectual property. This challenge is compounded with the growing skills shortage the cybersecurity industry is facing globally, further adding to organizations’ risks. In fact, a recent Fortinet survey found that 73% of organizations had at least one intrusion or breach over the past year that can be partially attributed to a gap in cybersecurity skills.
There are steps organizations can take to close the cyber skills gap. The first is to ensure that security tools don’t operate in isolation. If a security tool or sensor detects an anomalous behavior, it needs to be able to share that with other tools so that data can be correlated and compared against other data, as well as be cross-referenced against external threat intelligence feeds. This process is accelerated and suspicious activity can be detected faster when these tools are, by design, tightly integrated together.
Of course, data also needs to be gathered from network devices, access control points, and other sensors to see the bigger picture. SIEM and SOAR solutions are designed to bridge the gap between these non-integrated solutions, helping to identify indicators of compromise and respond to identified threats. Behavioral analytics can baseline normal traffic to identify abnormal activities, such as data moving upstream out of the data center, or devices or applications probing the network looking for ways to connect to other devices or services that are not part of their usual domain of activity.
While these solutions can help assess large volumes of data from a variety of locations, they still have their limitations. This is because today’s networks are in a state of constant flux. Dynamic cloud environments, remote offices, mobile workers, SaaS applications, DevOps projects, and shadow IT complicates the ability to monitor and process data. The network is not only constantly reconfiguring itself to optimize connectivity or support complex workflows, many of those connections – especially in hyperscale environments – are temporary, which means there isn’t enough time to baseline traffic and behavior or provide deep SIEM and SOAR analysis.
And none of this eliminates the need for having human analysts to supervise, review, manage, and respond to events detected by this collection of distributed solutions. The cybersecurity skills gap is part of the problem. There simply aren’t enough cybersecurity professionals to fill critical roles.
Fortunately, artificial intelligence (AI) and machine learning (ML) are poised to help resolve these issues. ML already supports things like behavioral analytics, the detection of zero day threats, and the detection of threats hidden inside correlated data. The advent of deep neural networks has improved the detection of threats comprised of billions of nodes with its mature AI capabilities. Fortinet’s FortiGuard Labs threat research team has been leveraging mature AI for years to not only detect threats in the wild, but also provide deep insights into its origins and threat vectors.
As organizations are forced to operate exclusively in reactive mode, they position broad-brush security tools to close the most common avenues of known attacks. Sometimes having to wait until an attack was actively targeting their devices and systems in order to repel them, or far too often, clean up the mess after a stealthy attack was able to break into their system and get out with the data it was looking for.
The skills gap remains a growing challenge for organizations. One way organizations are tackling this is by having all employees, not just IT professionals, take cybersecurity training. It’s important for everyone to have cybersecurity awareness and understand the threat landscape to minimize risks.
In addition to having a trained and knowledgeable workforce, AI-based security stands to play an increasingly critical role in supporting the skills required by digital innovation efforts. The smart businesses, cities, and infrastructures of tomorrow will all require AI-based security analysis and response to fend off the speed and sophistication of the threats of tomorrow.
Find out more about Fortinet’s NSE Training Institute programs, including the Certification Program, Security Academy Program and Veterans Program, which provide critical cybersecurity training and education to help solve the cyber skills gap and prepare the cybersecurity workforce of tomorrow.