Behavioral Analytics, Machine Learning Among Key Trends Driving Enterprise Security

Paul Calatayud, CISO, Surescripts
279
420
99

As demands on the tech-driven enterprise continueto rise, so do the stakes for today’s chief information security officers (CISOs). As breadth and depth of a CISO’s roles and responsibilities evolve,being proactive and forward thinking is the only way to safeguard against the myriad of cybersecurity threats and attacks organizations face on a daily basis. It is critical that enterprise security teams continually scan and stay up-to-date on new trends, technologies and opportunities as part of their ongoing strategy development. This is especially true in healthcare, where the bounty on a patient’s medical information is only increasing, along with the sheer volume of healthcare data now being accessed and exchanged electronically.

Healthcare CISOs are truly in a unique position as the gatekeepers of this extremely sensitive, personal healthcare data. On one hand, this information must be able to flow across organizational and network boarders. From avoiding life-threatening medication allergies and medical errors, to stomping out fraud and abuse of highly addictive prescription opioids, doctors must have secure, digital access to a patient’s healthcare information in order to do their jobs and keep their patients alive.

  Healthcare CISOs are truly in a unique position as the gatekeepers of this extremely sensitive, personal healthcare data 

On the other hand, in a world where this data can be accessed from many locations and shared in just a few clicks, CISOs must be able to proactively defend against threats and hacks that may disguise themselves as being legitimate, or that mayindicate abuse or misuse occurring within an organization’s walls. Looking through this lens, one area that continues to gain traction in the enterprise security space—with huge implications for healthcare—is the application of behavioral analytics and machine learning.

Make an Impact with Behavioral Analytics and Machine Learning

In healthcare specifically, there have been ongoing developments in the use of both behavioral analytics and machine learning for fraud detection and prevention.For these technologies to be effective, a CISO needs to be able to develop baselines of employee activity on a daily basis. This behavioral monitoring will demonstrate what is “normal” and what isn’t when it comes to electronic behavior on the network. Any deviation from that expected baseline activity can become a suspect for fraud and is flagged as a potential threat.

The same thinking can be applied to malware detection—tracking both good and bad behaviors in order to find specific patterns, define normal or abnormal states, and consistently measure against those. In a nutshell, this isbehavior analytics for information security.

With machine learning, though, the algorithms responsible for the tracking and flagging of electronic patterns—as defined through behavior analytics—apply self-learning and self-correcting (learning). Behavioral analytics tells the system what’s important, but machine learning determines its risk tolerance and informs risk models, becoming “smarter”over time. Without machine learning, and in some cases why big data in security can be a challenge, CISO are faced with having to manage rescores capable of tuning and improving these algorithms. This is a skillset not often found in most security shops today. Machine learning and behavior analytics complement one another, with bothcapabilities married to ensure that data is kept safe—especially when it comes to electronic medical data.

Manage New Demands with Security Automation

As these threats continue to shift and the value of the data continues to rise, another philosophy or technology to consider in a CISO arsenal is security automation. CISOs today are undeniably operating in a time of rapid growth,facing increasing demands and complexity due to the always evolving nature of the industry and security field.An organization’s electronic perimeter can move, shift, and sometimes dilute, introducing a more common situation of threats moving to an inside threat landscape. This extremely fluid environment means demands on security staff are increasing, and infusing efficiency and automation into the security process becomes paramount.

With security automation, CISOs can help manage their department and team’s growth while their organization’s security footprint expands. Rapidly evolving ecosystems must consider security automation in order to help lift the staff burdens that come with traditional security growth.

Renew Team’s Focus on Operational Excellence

Security automation isn’t the only strategy helping CISOs manage competing and new priorities on their security staff. Another area getting some well-deserved renewed attention is improving operational excellence. As demand of an organization’s security program increases, the more visibility and attention the security team gets. While this attention is certainly a positive often resulting in more budget, technology, and resources, it also generates a “blind-side” for many security programs.

Why? One chief reason can be attributed to the introduction of additional security controls and technologies. This often applied strategy of mapping technologies to controls is core to any CISO risk management strategy, it does not stop here. The technology needs to be measured for its ability to address risks. There must always be accountability that comes with the process to ensure that the technology is implemented correctly, that the right staff is there and that best practices are kept in place. Simply aligning the risks against the available technology can breed a false sense of security and be the Achilles heel of an organization’s security strategy.

With operational excellence as the main foundation and continued focus, instead of thinking that “a technology should work this way,” security teams can set targeted goals over time to drive improvementand identify new opportunities based on how it is actually working. It’s not about improving the technology itself, but about improving the ability to use that technology to best safeguard against and combat risks. CISOs need to make sure their staff is defining, measuring and evaluating outcomes on an ongoing basis, and not just looking at the face value of a technology’s design.

There’s no doubt that the pressure on CISOs and enterprise security departments today is immense. Demand is growing, expectations are high and failure can be crippling for an organization. CISOs must focus on improving the application of new data concepts such as behavioral analytics and machine learning, while not losing focus on mainstays like improved efficiency and renewed operational excellence. Growth is only half the battle, it’s the response to that growth that truly defines how strong an organization’s security strategy is. Choose wisely.

Read Also

Attack Phishing from a Different Angle

Gary Southwell, Founder, Seceon

The Tao of Cyber Security in today's reality

Marc DeNarie, CIO, NaturEner USA & Canada