IT Security Distributors And Resellers - August 2021

| |August 20219Artificial intelligence and machine learning are indeed starting to play a role in cyber defense. Today, AI / ML is helping in two areas: · eliminating the ever-increasing false positives the SOC has to sift through to find the truly actionable alerts· improving the ability to detect and alert on anomalous behavior or network activityIn the future, AI / ML will likely help cyber defenders even more in these two areas as the technology improves. Looking forward, quantum computing algorithms combined with AI and ML may make predictive cyber defense a true reality. This is based on the premise that quantum computing is able to represent several states at the same time -- which will enable faster processing of related data sets and result in high-speed, high-fidelity threat predictions. Whether or not this happens in five years is anyone's guess. In many cases, organizations do not entirely leverage their investments in cybersecurity defense and visibility tools. The full capabilities of existing cyber defenses may not be deployed, and existing configurations might not be tuned appropriately. So, do that first. On cybersecurity defense: If the digital estate is entirely cloud-based from a single provider, leveraging the native cloud provider's cybersecurity defense capabilities to the greatest extent possible may make sense. However, if the organization's architecture is hybrid cloud -- or a mix of everything, including on-prem IT and OT, multiple cloud instances, and edge computing -- finding a single-vendor solution is likely impossible. On cybersecurity visibility: Developing a flexible security architecture that allows all security-relevant data to be centrally collected for cross-referencing, contextualization, and alerting will enable the SOC to be most effective in detecting threats, regardless of the threat vector. Scanning the horizon for new and emerging cybersecurity technologies pays dividends. However, similar to the answer to the previous question, making sure that the existing investment is used to its full capability before chasing a shiny new toy is paramount. If indeed it has been determined that the existing tool set is unlikely to address the emerging threats, an evaluation process should be started that would ultimately short-list one or two solutions. These solutions could then be extensively evaluated, first in a test environment and then in production. Structuring the evaluation as either concurrent `proof of value' engagements or fully paid, short-term subscriptions rolled out in parallel allows for a data-driven decision. The solution that provides the best value in terms of stability, scalability, performance, and support wins. And the process repeats. If indeed it has been determined that the existing tool set is unlikely to address the emerging threats, an evaluation process should be started that would ultimately short-list one or two solutionsScott Behm, Chief Information Security Officer
< Page 8 | Page 10 >