Infosec Europe, this year at London’s Excel arena, is an opportunity for those of us working day to day in the infosec space, to hear from experts about how the good guys are battling the challenges posed by cyber attackers.
There is always a lot to learn at events like this, and I wanted to share my view on some of the innovations in the security space and where they may help those trying to tackle cybersecurity threats. The information I have put together came from a mix of vendor briefings as well as more casual conversations at vendor stands.
All Powerful AI
AI/ML and analytics were a constant across all vendors. But this is not without reason. The amount of threat information we are dealing with is vast, too vast. That is where effective use of analytics can have significant value. Vendors are increasingly using analytics tools to do much of the “heavy lifting”. Not to replace human insight and experience, but to augment it. Where threats are known and mitigation steps well defined, analytics can effectively identify risks and nullify them without human interaction. Allowing over-stretched security analysts to focus on critical incidents that “all-conquering” AI can’t fix. It is clear this trend is here to stay, but done well brings real value to cyber defenses.
The Human Element
It’s not a new trend, but it is good to see vendors building more people-centric security tools. People play such a huge part in cybersecurity; they are targeted and cause breaches, but they can also be our best defense. Education is a big part of engaging people in security, and it was good to see the innovation here with vendors looking to improve the efficacy of user education. Analytics played a big part in many approaches to better target user training to exactly where it was needed and would be effective. It was also good to see a move away from just using training videos or phishing campaigns. Instead, there was a focus on new training methods and engaging users. Users should be engaged in any organization’s security efforts. Because if not, every security move you make will be much harder.
One trend that may seem odd is a shift of focus away from security! Organizations are looking at risk rather than just security threats. Vendors are using this shift intelligently and are using risk calculations to provide more context to security decision-making. And in doing so, finding ways to apply security controls more intelligently. Consider data loss prevention. Traditionally a binary process, if it contains sensitive data, then restrict. That approach, however, has led to the poor reputation that DLP solutions have, with over-sensitive controls impacting workflows, making adoption unpopular and difficult. A risk-based approach, however, allows for more dynamic controls. For example, a user working on a known device in an enterprise environment presents less risk than the same user on an unknown device in a random location. Using risk-based context, we can intelligently apply controls with only the more stringent controls applied where higher risk exists. This kind of intelligence can help drive much more effective security.
Do You Measure Up?
Measuring security posture is clearly a growing market. I spoke with many vendors who were providing posture management tools, whether for general security, compliance, or tools with a specific focus, such as data or cloud. But this was not the only use case. An increasing number of vendors were using their data alongside third-party threat intelligence to give their customers insights into how their security posture compares to other businesses of similar size or in similar markets. This kind of information, whether in a standalone posture management tool or part of a bigger solution, is hugely valuable to an organization. If it can be mixed with additional insight showing how security investments and steps are helping to improve an organization’s security, then even better.
Infosec Europe was time well spent. There were a lot of vendors, sessions and opportunities to interact with subject matter experts to exchange ideas with and learn from.
The above is just an overview of some of the key things I took from the event. The use of AI/ML and analytics are core to evolving security tools, driving improved efficacy, adding rich context and insight to help improve our security posture and drive a more risk-based approach. It was also refreshing to see the focus on people and how we can better equip them to be part of cyber security defenses.
The cybersecurity threat continues to be difficult to tackle, but what events like this show is that there is no lack of innovation from vendors and security professionals to tackle it.
Thanks to the following vendors who spent time with me during the event;
Juniper, Bitsight, Mattermost. Axonius, Securityscorecard, Zimperium, Adaptiva, Silverfort, Cybersmart, Ontinue, CultureAI, Securiti, Metacompliance, Dig, Zscaler, Trellix, Cylance, Cymulate, Semperis, Absolute.