IT security is constantly evolving because hackers are always evolving. Every time a vulnerability is patched, hackers get to work finding or making new ones. The consequences of hackers breaching a company’s network can be as minimal as some corrupted software or as substantial as losing the credit cards of millions of customers.
At the forefront of new solutions is software which is constantly being improved to better identify hacks, malware, and other suspicious activity. But according to a recent study by MIT, the next big advancement may not be technology, it may in fact be human intuition.
The study, which used human experts as mentors to a machine learning information security software, concluded that a mixture of human expertise with cutting edge software was three and a half times more effective than unsupervised software. Improvements of that magnitude turn heads, and for several weeks the study was the topic of a lot of conversation.
But before long a number of companies were identified who had already tested this model of security. In fact, more than tested, they had fully deployed and refined it. The human and software combination is currently protecting the networks of thousands of companies in America and people are starting to take notice.
One such company is called Red Canary, a Denver-based firm that has taken part in pioneering this method. Its founders come from the world of satellites and government security and these are three ways they see information security evolving in the coming years:
1. More thorough analysis
Most software solutions will analyze events taking place on a network using one or two different analytic methods. That is likely to become an outdated standard.
“Using just one or two methods of analysis misses a whole litany of options that hackers have at their disposal for penetrating a network,” says Red Canary CEO Brian Beyer. “Good security must be more comprehensive and utilize every analytic method available.”
Beyer goes on to describe the following five methods:
- Look for things that are known to be bad. This includes files and IP addresses that have been flagged as a threat previously and is the most obvious place to start.
- Look for things that resemble bad things. Many hacks or malicious types of software have recognizable earmarks. Knowing what they are and being able to identify them quickly is essential.
- Look for things that behave unusually. This could also be called process behavioral analysis because it looks for software that is deviating from its usual functions or patterns. If software has been corrupted by malware or is being used by a hacker, it may display such unusual behavior.
- Look for unusual behavior. Users (not software) also have predictable habits. They use certain devices regularly, connect to the same networks, and operate during predictable hours. Unusual behavior then is deviation from those practices.
- Look for unusual organizational behavior. Every company operates with a specific set of rules regarding the softwares they employ and what users are allowed to do. Organizational analysis can detect irregular deviations from those rules.
2. Higher emphasis on human expertise
“Hackers are people and they have the benefit of playing offense,” says Red Canary CEO Brian Beyer. “Many security solutions rely too heavily on software to detect suspicious behavior; we have realized that involving experts in the analysis of threats detected by our software drastically increases the effectiveness of our security product.”
By bringing the experts who customize and manage the software in house, Red Canary is ensuring that the software is installed and managed by the people who know it best. That familiarity with the platform, as well as the human role in its execution, is where the benefit lies.
3. Tracking every event
Any single device, such as a laptop, can perform upwards of 250,000 unique events in a single day. Each of those could be a clue that there is malicious activity occurring and should be analyzed. An organization with 1,000 people could generate more than 250 million events of which only a handful are interesting. To find the needle in the haystack, a thorough security company checks every single event through its system and ultimately relies on human expertise to determine if a threat is authentic.
Beyer says, “It is all about depth of visibility. If you are not tracking every event, your visibility is limited. Once you have complete visibility you need to utilize a breadth of detection technology so you know what you are looking at. The two go hand in hand, and we have found that combining human expertise into the equation has been the key.”