Chief Technology Officer,
LookingGlass Cyber Solutions
In many respects, solving cybersecurity problems requires an understanding on how best to solve large scale distributed system challenges. The other key challenge I find exciting is how to harness machines and human behaviors in such a way to make organizations and their networks safer from attack. Building complex systems that harness data processing, data distribution and enrichment has been something I've worked on since the early days in my career. From the days of working on military grade network communication buses, RMON network monitoring systems all the way through to larger systems providing coordinated security telemetry and analytics, they all shared common traits on how to design and build scalable, secure systems. So, working in cybersecurity in many respects is a natural evolution of many projects that I've been part of most of my career.
First off, the industry needs to start thinking differently. Continuing to invest in the same silo-d technology stacks and isolated products for different aspects of security will continue to fail achieving the goal of protecting organizations. We (the industry) need to bring collaboration and coordinated threat response to the level that allows us to be 5 steps ahead of where the adversary is. It is insufficient to introduce another security widget that does one thing great. We need 10 security capabilities that work together that make it impossible to outwit and outsmart the organization using those capabilities. We need to work together as an industry with interoperable solutions that go beyond simple data sharing. Truly effective security orchestration and collaboration on visibility are key.
The whitepaper does a great job of going into the details on how Passive DNS data can assist with continuous monitoring of third parties. One of the key aspects of continuous monitoring is the term 'continuous'. Threats to your organization are not scheduled on a convenient basis. New adversarial infrastructure, hosting threats on new domains is being developed continuously and if your organization is not continuously assessing the risk to your own organization or third parties then it's entirely possible you will miss the early signs of an attack, or worse, the signs of an attack in action.
Machine learning and automation are vital components of a comprehensive cybersecurity solution where they can be used to highlight, focus and refine large data sets into data that should be considered for further review or analysis by humans. Machines can make the cybersecurity professional more effective whether it's in data crunching, data analysis or operational automation. Taking 10 million technical cyber indicators in less than a few minutes is impossible for a human being to process without significant machine help. But human experience and knowledge within the security field remains a vital component skill to leverage. Understanding behaviors, deductive reasoning, and motive-based action that result in applied security approaches are examples where they are not yet fully machine implementable and where the human being can assist. Unfortunately, the industry does not have enough skilled individuals, but, for the ones we do have, technology advances in machine-learning and automation can assist a lot.