Connect with us


On automation and machine learning as the future of security



Cloud Computing News

James Todd, SecOps director at KPMG, describes his role as a merging of SecOps, security architecture, and cloud security. It is a particularly interesting crossing point with regard to automation. 

“It’s at that intersection of the cloud environment, being very much aligned to deploying everything as code,” says Todd. “A lot of automation is a big part of that. Being able to take dynamic action within a cloud environment is much easier and well-versed than within a traditional data centre or on-premises environment. The controls available to us are much more dynamic.  

“That doesn’t preclude us from being able to do things within security controls on the endpoint or within on-premises data centres, but it’s a different approach.” 

Research from the Enterprise Strategy Group in October found that almost half (46%) of SOC teams are automating security operations processes ‘extensively.’ Alongside this, more than half (52%) of respondents agreed with the statement that security operations were more difficult now than two years ago. 

It is not surprising, therefore, that getting automation to work within the security operations centre (SOC) is a major point of emphasis for KPMG. One note from the professional services firm last year insists that automation can have a ‘significant and positive impact on the effectiveness of CISOs and their teams.’ Another, a month later, put automation, alongside upskilling and diversity, as one of the three key approaches to bridging the cybersecurity skills gap.  

Todd’s unit provides SecOps consultancy and operations for financial services organisations. There are two primary types of client. One is a company that has little in the way of security operations within their organisation; they are either an organisation which has grown in size and needs a more formal process. Alternately, they are more established and want to tread the line between ‘dynamic change within their environment plus continuous change in the threat landscape,’ as Todd puts it. The second are organisations that need to go to the next level – and this is where automation can come in. 

“Once that established playbook or workbook has been created in relation to a particular threat, or a particular way that incidents are handled, we look then to introduce automated processes that reduce the repetitive task element within security operations initially, and then move to the higher end of automation and introduce some level of autonomy,” says Todd. “So the SOC can react to threats in as near real-time as possible.” 

Getting the balance right between automated tooling and human resources is a longstanding head-scratcher for executives. Writing in Security Week in November, Marc Solomon sums the problem up succinctly: ‘using automation to make your people more efficient, and using your people to make automation more effective.’ 

The simplest part of automation, Todd explains, is the robotic process automation (RPA) element, which frees time for the SOC analyst to work on incident handling, threat hunting, and other vital tasks. The next step is to move towards technologies such as machine learning to lead to more intelligent decision-making – or machine-led decision-making. “The platform builds trust in those actions and understands the impact of a particular action playing out,” says Todd.  

“If I see a particular indicator file within my environment that is correlated with threat intelligence, and I know the asset that has been targeted, that asset’s security posture and also its susceptibility to the attack that’s being aimed at it, I can then use machine learning to inform a number of decisions that I can take,” he adds. “All the way through from quarantining that particular asset, limiting its movement, playing out particular activities that allow us to gain some further intelligence.” 

Todd references the influential MITRE ATT&CK matrix first released in 2015, which catalogues hundreds of tactics adversaries use across enterprise operating systems. While ATT&CK is not laid out in a particular linear order, the first category, ‘initial access’, is the point where an attacker gets a foothold in an organisation’s environment. This is where Todd wants his team to be. 

“The optimal goal for us is to get to a point where we’re taking action or intervening at the point that the attack is first observed within the cyber kill chain,” says Todd. “Really being slick around being able to observe and take action around the first point that an attacker tries to enter an environment.” 

Todd, who is speaking at the Cyber Security & Cloud Expo Global, in London on December 1-2 around cloud security, adds that the most commonly used form of machine learning within cyber defences is anomaly detection. Right now, that’s where automation is likely to stay.  

“I think [where] the human element comes into it is that machine learning is good at spotting outliers and anomalies,” says Todd. “The decision making, certainly for the moment, will reside within the analyst, within the SOC.  

“Those analysts [will] be codifying and transferring their well-proven, well-exercised playbooks, or converting those playbooks into an automated approach,” adds Todd. “But I don’t think that we’re quite yet at the time where we’ve got full autonomy on decision-making.”

(Photo by Tim Mossholder on Unsplash)

Want to learn more about cybersecurity and the cloud from industry leaders? Check out Cyber Security & Cloud Expo taking place in Amsterdam, California, and London.

Explore other upcoming enterprise technology events and webinars powered by TechForge here.

Tags: , , , ,

Source link

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *


Radware launches a spinoff of its cloud security business



Cloud Computing News

Duncan is an award-winning editor with more than 20 years experience in journalism. Having launched his tech journalism career as editor of Arabian Computer News in Dubai, he has since edited an array of tech and digital marketing publications, including Computer Business Review, TechWeekEurope, Figaro Digital, Digit and Marketing Gazette.

Radware, a provider of cyber security and application delivery solutions, has revealed the spinoff of its Cloud Native Protector (CNP) business to form a new company called SkyHawk Security.

To accelerate Skyhawk Security’s development and growth opportunities, an affiliate of Tiger Global Management will make a $35 million strategic external investment, resulting in a valuation of $180 million. Tiger Global Management is a leading global technology investment firm focused on private and public companies in the internet, software, and financial technology sectors.

Skyhawk Security is a leader in cloud threat detection and protects dozens of the world’s leading organizations using its artificial intelligence and machine learning technologies. Its Cloud Native Protector provides comprehensive protection for workloads and applications hosted in public cloud environments. It uses a multi-layered approach that covers the overall security posture of the cloud and threats to individual workloads. Easy-to-deploy, the agentless solution identifies and prevents compliance violations, cloud security misconfigurations, excessive permissions, and malicious activity in the cloud.

“We recognize the growing opportunities in the public cloud security market and are planning to capitalize on them,” said Roy Zisapel, Radware’s president and CEO. “We look forward to partnering with Tiger Global Management to scale the business, unlock even more security value for customers, and position Skyhawk Security for long-term success.”

The spinoff, which adds to Radware’s recently announced strategic cloud services initiative, further demonstrates the company’s ongoing commitment to innovation. Skyhawk Security will have the ability to operate with even greater sales, marketing, and product focus as well as speed and flexibility. Current and new CNP customers will benefit from future product development efforts, while CNP services for existing customers will continue without interruption.

Radware does not expect the deal to materially affect operating results for the second quarter or full year of 2022.


Source link

Continue Reading


How Sports Organizations Are Using AR, VR and AI to Bring Fans to The Game



How Sports Organizations Are Using AR, VR and AI to Bring Fans to The Game

AR, VR, and AI in sports are changing how fans experience and engage with their favorite games.

That’s why various organizations in the sports industry are leveraging these technologies to provide more personalized and immersive digital experiences.

How do you get a sports fan’s attention when there are so many other entertainment options? By using emerging technologies to create unforgettable experiences for them! Innovative organizations in the sports industry are integrating AR, VR and AI in sports marketing and fan engagement strategies. Read on to discover how these innovative technologies are being leveraged to enhance the game-day experience for sports fans.  



AR is computer-generated imagery (CGI) that superimposes digitally created visuals onto real-world environments. Common examples of AR include heads-up displays in cars, navigation apps and weather forecasts. AR has been around for decades, but only recently has it become widely available to consumers through mobile devices. One of the best ways sports organizations can use AR is to bring historical moments to life. This can help fans connect to the past in new ways, increase brand affinity and encourage them to visit stadiums to see these experiences in person. INDE has done just that, creating an augmented reality experience that lets fans meet their favorite players at the NFL Draft.


VR is a computer-generated simulation of an artificial environment that lets you interact with that environment. You experience VR by wearing a headset that transports you to a computer-generated environment and lets you see, hear, smell, taste, and touch it as if you were actually there. VR can be especially impactful for sports because it lets fans experience something they would normally not be able to do. Fans can feel what it’s like to be a quarterback on the field, a skier in a race, a trapeze artist, or any other scenario they’d like. The VR experience is fully immersive, and the user is able to interact with the content using hand-held controllers. This enables users to move around and explore their virtual environment as if they were actually present in it.


Artificial intelligence is machine intelligence implemented in software or hardware and designed to complete tasks that humans usually do. AI tools can manage large amounts of data, identify patterns and make predictions based on that data. AI is already influencing all aspects of sports, from fan experience to talent management. Organizations are using AI to power better digital experiences for fans. They’re also using it to collect and analyze data about fan behavior and preferences, which helps organizers better understand what their customers want. AI is also changing the game on the field, with organizations using it to make better decisions in real time, improve training and manage player health. Much of this AI is powered by machine learning, which is a type of AI that uses data to train computer systems to learn without being programmed. Machine learning is the reason why AI is able to evolve and get better over time — it allows AI systems to adjust and improve based on new data.


VR and AR are both incredible technologies that offer unique benefits. VR, for example, is an immersive experience that allows you to fully imagine and explore another virtual space. AR, on the other hand, is a technology that allows you to see and interact with the real world while also being able to see digital content superimposed on top of it. VR and AR are both rapidly evolving and can have a significant impact on sports marketing. By using both technologies, brands and sporting organizations can create experiences that bridge the real and virtual. This can help sports marketers create more engaging experiences that truly immerse their customers in the game.

Technologies like AR, VR and AI in sports are making it possible for fans to enjoy their favorite games in entirely new ways. AR, for example, can help sports lovers experience historical moments, VR lets them immerse themselves in the game, and AI brings them more personalized and immersive digital experiences. The best part is that sports fans can also use these technologies to interact with one another and feel even more connected. 

Source link

Continue Reading


The Dark Side of Wearable Technology



The Dark Side of Wearable Technology

Wearable technology, such as smartwatches, fitness trackers, and other devices, has become increasingly popular in recent years.

These devices can provide a wealth of information about our health and activity levels, and can even help us stay connected with our loved ones. However, there is also a dark side to wearable technology, including issues related to privacy, security, and addiction. In this article, we will explore some of the darker aspects of wearable technology and the potential risks associated with these devices.

1. Privacy Concerns



Source: Deloitte

Wearable technology can collect and transmit a significant amount of personal data, including location, health information, and more. This data is often shared with third parties, such as app developers and advertisers, and can be used to track and target users with personalized advertising. Additionally, many wearable devices lack robust security measures, making them vulnerable to hacking and data breaches. This can put users’ personal information at risk and expose them to identity theft and other cybercrimes.

2. Security Risks


Source: MDPI

Wearable technology can also pose security risks, both to the individual user and to organizations. For example, hackers can use wearable devices to gain access to sensitive information, such as financial data or personal contacts, and use this information for malicious purposes. Additionally, wearable technology can be used to gain unauthorized access to secure areas, such as buildings or computer systems, which can be a major concern for organizations and governments.

3. Addiction Issues


Source: Very Well Mind

The constant connectivity and access to information provided by wearable technology can also lead to addiction. The constant notifications and the ability to check social media, emails and other apps can create a constant need to check the device, leading to addiction-like symptoms such as anxiety, insomnia and depression.

4. Health Risks


Source: RSSB 

Wearable technology can also pose health risks, such as skin irritation and allergic reactions caused by the materials used in the device. Additionally, the constant use of wearable technology can lead to poor posture and repetitive stress injuries, such as carpal tunnel syndrome. It is important for users to be aware of these risks and to take steps to protect their health, such as taking regular breaks from using the device and practicing good ergonomics.


Wearable technology has the potential to be a powerful tool for improving our health, fitness, and overall well-being. However, it is important to be aware of the darker aspects of wearable technology and the potential risks associated with these devices. By understanding the privacy, security, addiction, and health risks associated with wearable technology, users can take steps to protect themselves and their personal information. Additionally, by being aware of these risks, organizations can take steps to protect their employees and customers from the potential negative effects of wearable technology.

Source link

Continue Reading