Companies turning to cognitive computing and AI to perform and optimise everyday tasks

Rahul Arora, Regional Director, India & SAARC at Skybox Security tells VARINDIA of what the new IT function looks like and how IT is becoming a board agenda in his organization -

How is IT becoming a board agenda in your organisation?

Change is the only constant in today’s globalised world. Every business must make innovation a priority if they want to keep upthe pace with the competition. Consequently, a frequent topic of discussion at board meetings is these developments making them more vulnerable to cyberthreats. Any good business leader understands that security plays a crucial role in ensuring constant revenues and places it high on their priority list. They need to know if they have the right security management program in place equipped to take on their unique threats.The board and leadership as a whole should realize the need for visibility of their attack surface - to understand what the organisation’s unique cyber-risks are. CIOs today need contextual intelligence gained from the consolidation and analysis of a variety of data sources to create a visual, interactive model that links network topology, connections and organizational hierarchy so that they understand indicators of exposure (IOEs) - such as unsecured device configurations, risky access rules and exposed, exploited and exploitable vulnerabilities - to give the CIOs deep insight into the state of their security from the broadest possible range of sources. 

With advances in big data, open-source software, cloud computing, many firms are using cognitive computing and artificial intelligence to perform everyday tasks, what is your take on it? 

We understand the need of companies to turn to cognitive computing and artificial intelligence to perform and optimise everyday tasks. While not undermining the importance of AI, we would re-iterate that for the best cognitive computing and artificial intelligence soft-wares to work - basic security standards are a must.  For example, according to the report, Understanding Security Processes and the Need to Automateby Skybox Security and Osterman Research, which surveyed 465 Cyber security practitioners in large companies, it confirmed that they are still deficient in understanding network context and having visibility of firewall and security policy, including why firewall rules exist. Even more surprising, 39 percent of APAC respondents said they have only minimal or some understanding of how security changes impact their business. And it appears that identifying vulnerabilities continues to be a challenge, with 42 percent in APAC having only minimal or some understanding of what vulnerabilities exist on network devices.

Evidently, security staff are bogged down with incident response processes, compliance management and making changes to the security infrastructure. In APAC, respondents said they spend a “substantial” amount of time compliance management and security changes. 

What does the new IT function look like?

For any IT function to be effective, it is imperative that they put cybersecurity as a priority. A good cyber defence starts with good data. Having the capabilities to centralise and merge data between multi-vendor solutions will streamline analysis of firewall rulesets, vulnerability scan data, etc. However, being able to correlate disparate data and break down traditional silos - especially between data from the network layer and asset layer - are the first steps toward actionable intelligence. 

A threat-centric vulnerability management (TCVM) approach is the best practice because it analyses vulnerabilities from the perspective of potential business impacts, network exposure and exploitability. This way, TCVM is able to prioritise by risk unique to an organisation rather than generic severity scores and focus attention on the most dangerous threats. TCVM is also a proactive approach built to neutralise potential attack vectors before an attacker can leverage them. 

The TCVM process starts with centralised, up-to-date vulnerability occurrence data that is automatically correlated with CVSS scores, asset criticality and exploit availability and activity in the wild. Vulnerabilities are further analysed via attack simulations on an offline network model to identify which vulnerabilities are exposed to threat origins outside or within the organisation. Exposed vulnerabilities with active exploits in the wild represent the most critical risks and imminent threats to the organisation. Remediation is aligned with these priorities, and vulnerabilities are automatically matched to available patches and IPS signatures; the network model can also be used to plan network-based mitigation options that effectively shield vulnerabilities until they can be fully remediated.