Home Tags Human intelligence

Tag: human intelligence

In A World With Automation, Where Does Human Intelligence Fit In?

For all the talk about robots taking over jobs, there are still important roles for humans in incident response workflows of the not-too-distant future. Here are three. Countless articles have been written about the massive increase in alert volume from detection systems - and the resulting drain on scarce security personnel.

The good news is that as automation begins to play a stronger role in incident response, the dynamic is shifting.

Companies now need to prepare for a world where 99% of time spent investigating and following up on alerts is given back to them. What is the best use of your newly found time and resources? Let’s consider three possibilities.   Process and MethodologyWhen was the last time you reviewed your security policy? It’s a loaded question, but many companies go years without reviewing and changing policies that too quickly become obsolete, given how fast vectors and methods of attack evolve. Key questions to consider when reviewing security policy include: Are we set up for constant improvement? A security policy can’t be written in stone; it must allow for continuous change for improvement.

Do you have a process that lets your security policy match the fluid nature of threats? Are we reactive or proactive? While many companies struggle to react to the volume of threats and alerts they see daily, security policy should be forward-looking, anticipating what’s coming to prescribe a proper course of action before new threats happen. How can security policy be more business-oriented? The idea of simply locking down everything is as quaint as it is impossible.

The speed of business, the need for real-time collaboration, and the hyper-connected nature of how people work require us to strike a balance between security and risk.
Security has to be a business enabler, not an inhibitor. What are we doing wrong? The ability to recognize weaknesses may seem like calling your own baby ugly, but moving past the emotional defense and becoming an objective observer is the only way forward. What’s Falling Through the Cracks?When a company implements automated solutions, they can do away with much of the manual work of investigating alerts and remediating threats.

But automation will never be able to do 100% of the work. Here’s what security teams need to take on: Double-check your automated processes. Randomly check for anything you may have missed.

For example, if a new threat type isn’t accounted for in your detection or response processes, you’ll need to address it.
If you discover  something , update the process and keep improving. Validate what you find. Look at what your automated systems have identified and remediated, then try and understand why the incident made it through your defenses in the first place.

Fixing an issue automatically is great, but understanding why it happened and correcting the problem is the Holy Grail. Hunt! So far, we’ve only touched in dealing with inbound threats, but why not focus on proactive threat hunting? For more on that topic, read Cyber Hunters, Incident Response & The Changing Nature Of Network Defense. Customize Detection MechanismsWhen companies lack the resources to follow up on alerts, they often tune their detection systems to match their capacity.

But in a largely automated scenario, you now have the luxury to: Recalibrate your detection systems. When you no longer need to filter out low-level alerts or false positives, you can open the floodgates.
If you’re no longer dependent on people to investigate alerts, you can get the full value out of your investment in detection solutions by handing all of your alerts (no matter the volume or score) to your automated system. Rethink prioritization and make sure it’s needed. Prioritization is the conscious decision to ignore things based on a score. Reconsider what you aren’t paying attention to now that should be, given your new capacity and automated capabilities. Look at what you’ve paid for but don’t use. We’ve all bought tools that are either sitting on the shelf or not fully implemented. What do you have that could bolster your security posture if you had the time to set it up? In a security environment leveraging automation, there will always be tasks that are better suited for a human than a machine, and vice versa.

By shifting security teams’ focus on these higher level tasks, we will make much better use of our human intelligence to combat the ever increasing cyber threat. Black Hat Europe 2016 is coming to London's Business Design Centre November 1 through 4.

Click for information on the briefing schedule and to register.
Nathan has written extensively about the intersection of collaboration and security, focusing on how businesses can keep information safe while accelerating the pace of sharing and collaborative action.

For 10 years, Nathan has taken on marketing leadership roles in ...
View Full Bio More Insights

CRN Exclusive: Arctic Wolf Names New Head Of Sales, Launches First...

After launching earlier this year, security startup Arctic Wolf Networks is now turning its sights to the channel with the creation of a new partner program and the appointment of a new vice president of sales with a history of growing channel sales. Founded by former Blue Coat Systems CEO Brian NeSmith, Arctic Wolf sells a Security Operations Center-as-a-Service offering that brings together human intelligence and technology, with SIEM technology and a team of security experts dedicated to each customer to analyze logs and flag problems. The Sunnyvale, Calif.-based startup Wednesday said Nick Schneider had joined the company as its first head of worldwide sales.
Schneider started with Arctic Wolf in June.
Schneider joins the company from Code42, where he was vice president of sales for North America. Prior to that, he held a variety of channel and business leadership roles at Compellent (acquired by Dell in 2011). [Related: Fortinet Expands Security Fabric With New Technology Partner Program, SIEM Integrations] Arctic Wolf also launched its new Apex Partner Program, which features two tiers (referral and resale), as well as deal registration, training, tools, data sheets, co-branding and co-marketing activities, field events and more for partners.
Schneider said the program is designed to be simple and straight forward, as well as drive recurring revenue business for partners. Schneider has helped launch multiple channel programs over his career, he said.

That experience has led him to design a simple program that looks to invest in a select group of partners. “My philosophy on building a channel program is to find the mutual fit between Arctic Wolf and the partners were going after and truly investing in the partnership,” Schneider said. “Let’s make sure there’s a mutual fit…and that its good for your customer and your business.

That takes longer but you get a lot more out of it.” He said Arctic Wolf is working to build its sales team in different geographies, with a focus on hiring channel expertise and a goal to move towards a majority indirect go-to-market.   Since its official launch in February, the company has seen “exponential” year over year and quarter over quarter sales growth, Schneider said. However, he said the new partner program will help accelerate that growth, as the company is only just starting to ramp its channel business and start active recruitment under this new “foundational program.” Schneider said the company’s ten or so channel relationships had been largely “ad hoc” to date. Schneider said Arctic Wolf will be looking to recruit partners selectively, choosing traditional VARs with knowledge of the security space or MSSPs that can fit the SOC-as-a-Service solution into their business model.   “What we’re looking for is a partner that understands our space, that sells to a customer that finds value in our product. We know it’s a good partnership when the end user sees the value for their business and then we see value in both the partner business and to Arctic Wolf.
It’s a win-win,” Schneider said.

CRN Exclusive: Ironscales Launches MSSP Program For Anti-Phishing Technology

Ironscales, an Israeli security startup, launched its first Managed Security Service Provider partner program Thursday, a move CEO and founder Eyal Benishti said would allow MSSPs to help clients fight back against phishing attacks. Ironscales’ technology uses human intelligence and machine learning to automatically identify and respond to phishing attacks in real time.

The company’s products include offerings for organization risk assessment, training and simulation, phishing remediation and global phishing intelligence for what the company says is a “layered approach” to preventing and remediating phishing attacks. Under the new program, MSSPs can now offer these products to their clients as an as-a-service offering. MSSPs can use the API and unified dashboard to automatically or manually manage phishing simulation and training, as well as detect and remediate phishing incidents at the client.
Ironscales will also be offering technology training under the program, Benishti said. [Related: CRN Exclusive: BeyondTrust Launches MSP Program And Amazon Marketplace Availability] Benishti said Ironscales has already signed up a handful of MSSP partners to the program, including smaller MSSP partners and two large regional MSSPs. He said Ironscales would like to add more than 50 MSSP partners to the new program in the next six months.
Ironscales plans to push most of its SMB and SME go-to-market through partners, including MSSPs and traditional resellers, he added. “We believe it is the perfect match for us to use [MSSPs] as a channel to reach more customers and enhance their offerings.

And, for them, to increase their offerings and stay on top of the market,” Benishti said. For MSSPs, Benishti said this type of program and offering is important because it allows them to distinguish themselves from other MSSPs in their area. “MSSPs are always looking for new, innovative solutions and exciting technology to bring to their customers. … In most cases for our partners, the customers are proactively approaching them and asking for this type of solution,” Benishti said. “It is a very trending demand out there with MSSPs.

There are a lot of MSSPs coming up every day because companies in the market in general are starting to realize that there is no way small and medium companies can handle all these security issues.

They need someone they can trust to manage all these operations for them in a comprehensive and professional way,” he said. Keith Christie-Smith, sales manager at South Africa-based Performanta, said in an email that the company chose to partner with Ironscales because phishing and spearphishing attacks have “become one of the biggest threats to our customers.

According to a study by security startup Barkly, the number of phishing attacks in first-quarter 2016 was up 250 percent, with targeted spearphishing attacks up 22 percent year over year.

US Politicians tell DEF CON it’ll take Congress ages to sort...

Congressmen want to protect commerce, but also give law enforcement powerful tools DEF CON It’s going to be at least a year or so, and probably a lot longer, before the United States Congress gets around to ruling on the second war on encryption, two members of the US House of Representatives told the DEF CON event. Alex Stamos, chief security officer (CSO) of Facebook, hosted a panel with Representatives Eric Swalwell (D-CA) and Will Hurd (R-TX) to examine the current battle between some elements of law enforcement and technology communities over backdooring encryption standards and the news isn’t good. Swalwell, a member of the House Permanent Select Committee on Intelligence and the Committee on Science, Space, and Technology, has co-sponsored a bill to set up a year-long consultation period to examine the issue, with technical experts and law enforcement weighing in.

But with the US currently in election mode it’s unlikely to get started soon. He said that the country has to avoid banning end-to-end unbreakable encryption on which ecommerce depends, but also had to take into account the needs of law enforcement to track suspects and bring them to justice. “As a prosecutor the last three cases I got convictions on then the lynchpin was cellphone data; without that evidence we wouldn’t have had what we needed to prosecute,” he said. “But the San Bernardino case highlighted the challenge, with the FBI using the 1789 All Writs Act.

That they had to rely on legislation from 1789 is a failure of congress to update the law as it is related to technology," Swalwell said, "we’ve done nothing legislatively since encryption was built and we owe it to the technology community to make sure they know their rights.” His opposite number Hurd, who consulted for a cybersecurity firm and served in the CIA before going into politics, agreed. Hurd pointed out that the San Bernardino iPhone turned out to have contained nothing of use to investigators and law enforcement has a duty to concentrate on traditional police work before it calls for encryption to be broken. “Encryption is good for national security and for the economy, we should be spreading encryption not weakening it,” he said. “You don’t have to get into technology by these means, that has already been debunked. You just have to utilise old techniques.” He pointed out that there was an international aspect to the case that is harming America. Non-US companies, particularly in Europe, were using the issue to introduce protectionist policies that are hurting American companies trying to sell their services abroad. Hurd, who worked undercover in the Middle East and South Asia during his time at the CIA, also offered an interesting perspective on using technology to counter the machinations of medieval terror bastards ISIS. While the Daesh-bags have been very smart about using social media to recruit worldwide, these techniques could be a two-edged sword. “In 2005, if you were an American and went into tribal areas of Pakistan offering to fight for Islam you’d get your head cut off,” he said. “Now people can, thanks to social media, but when you think about it that’s also an opportunity to insert human intelligence operatives.” ® Sponsored: 2016 Cyberthreat defense report