Security orchestration, automation and response soars

While cloud-based security, machine learning and the move from zero trust to digital trust are common threads from last year, there’s been a fundamental shift in how security is being acquired. Automation and orchestration are the watchwords for 2020: security orchestration, automation and response (SOAR) will be the hottest area in cybersecurity in the year to come.

SOAR rockets to the moon

Cyberattacks are happening at machine speed, not human speed. To keep up, you’ll need the help of machines – and data scientists.

As attack vectors become more sophisticated and infrastructure more complex, hacking is just about inevitable – which is why response is such a critical area of cybersecurity.

Security orchestration, automation and response (SOAR) will be the hottest area in cybersecurity in the year ahead, as this is how we will build trust across infrastructure and applications.

Algorithms will help machines to recognize patterns across applications and infrastructure, identify anomalies in those patterns that point to potential attacks, and orchestrate security controls automatically – and instantaneously ­– without a human touch.

Embed intelligence into your infrastructure and applications

As machines are given more content to learn from, they’ll be able to better identify those patterns and anomalies and apply the right controls. We expect to see increasing standardization of approaches in what is currently a fragmented market.

At NTT, 75% of threats detected ​in our SOC are by ​supervised machine learning ​and threat intelligence.​

'CISOs and CIOs are taking cybersecurity to the core of their business strategy to differentiate and survive in this digital era. Security is no longer seen as a risk insurance but crucial for business continuity.'

Simon Chassar, Chief Revenue Officer, Security division, NTT Ltd. 

Follow on LinkedIn


Security goes to the cloud

Be aware of the security risks of moving different workloads to different cloud platforms and implement appropriate controls.

While organizations still buy on-premises equipment, largely for compliance reasons, more applications and workloads are being created and hosted in cloud environments.

If you’re using multiple hosting centers or hyperscalers, it’s difficult to apply standardized, software-based security controls across your entire infrastructure. By applying security to the application or workload, you’ll be able to monitor that rather than the infrastructure for changes in behaviour that’ll help you identify potential attacks.

Test your security posture

Test your security posture across all infrastructure, whether on-premises or with a hyperscaler. Work with security vendors that have a clear strategy for managing security across all types of infrastructure, from the data center to the edge.

Cyberattacks, data loss or theft, and attacks on critical infrastructure comprise three of the top five issues facing businesses today.


Hyperscaler patterns continue to be elusive

Because it’s so difficult to identify standard patterns across hyperscaler infrastructure, it’s absolutely critical to apply intelligence to the security controls we wrap around applications and workloads.

Fixed infrastructure tends to have standard traffic patterns that make it relatively easy to identify anomalies. This isn’t the case with hyperscalers, which also make hundreds of thousands of high-speed updates to their platform on any given day.

This makes it very difficult to monitor the interactions between humans, machines, data and applications in order to identify patterns and anomalies.

Apply intelligence to security controls

To build a robust security posture, you need information, context and intelligence. Information comes from the data traversing the infrastructure: what is it? Context comes from what you know about that data: does it look suspicious? Intelligence is knowing how to respond.

Partnering with a third party for the manage-and-operate piece of your security posture will give you the benefit of this intelligence and the advantage of being able to respond to breaches faster than if you were go this alone.

We analyze 19.6 billion security ​events every day to find the ​needle in the haystack.​

'An exponentially growing number of cyberattacks increases the importance to apply cyber threat intelligence to the security controls at machine speed and share such intelligence among stakeholders for better detection and prevention.'

Mihoko Matsubara, Chief Cybersecurity Strategy, NTT Group.

Follow on LinkedIn


Applications are the new attack vector

Attackers are shifting their attention from infrastructure to applications. General security hygiene factors, like patching, cannot be neglected.

Historically, attack vectors would attempt to move across the infrastructure to determine where data was stored and what they could access. Now that infrastructure is more cloud-based and software-defined, we’re entering a world where the application is the easiest way to compromise data.

Run regular hygiene checks

Patching has been a problem ever since technology was invented. Generally, applications are written, deployed and never reviewed – which is not that surprising, given how complicated this process can be, particularly in large organizations. But in this new world, this exercise cannot be neglected.

Evaluate the general security hygiene of your applications regularly and apply the necessary patches. Choose a vendor that can help you to prioritize vulnerability alerts by helping you filter the ones that are relevant and most critical to your organization.

Application-specific and web-application attacks accounted for over 32% of hostile traffic, making them the top category of hostile activity.


Identity is being redefined

We’re moving from a world of two-factor authentication of human identities to one where security must also apply to the identity of machines and applications.

The rise of co-innovation among organizations means they’ll have to become more sophisticated in how they apply identity security across the enterprise. The behaviour of people, machines and applications is what will determine their identities and inform the security controls that should apply to them.

Identify and secure humans, machines and applications …

Look at the behavioural statistics of these three identifiable pieces in the ecosystem to determine their risk profiles and access rights. Then, monitor their behaviour to identify any anomalies that indicate a security threat.

… and their digital twins

The identity of a digital twin – whether it’s a virtual robot arm or a shirt that monitors the wearer’s heart rate – will be just as important to recognize and monitor. As applications have to keep identifying themselves, they will become of less value to attackers – who’ll then move on to exploiting digital twins.

'Cybersecurity intelligence is critical to a connected future that is secure by design. With intelligence, businesses can have a predictive, agile and automated security posture aligned to their risk tolerance.'

Matthew Gyde, Chief Executive Officer, Security division, NTT Ltd.

Follow on LinkedIn


Disruptive technologies to watch

Data-friendliness: protecting data for you 

Many tech giants use data taken from people to create their own value proposition. At NTT, we decided to shift our cybersecurity strategy from this dominant paradigm of ‘data from you’ to focus on ‘data for you’ – starting with health and financial data. 

We’re working on a concept that would work like a ‘data wallet’, putting data in the hands of the person who owns it and making it completely secure for them. Nobody can access that data without certain permissions being in place and, if the user is under threat, it can be locked down.  

In shifting the paradigm towards data-friendliness, we’re exploring how to create the whole stack, from building and implementing the business rules to accessing information. 

This change in thinking from ‘data from you’ to ‘data for you’ could be a turning point that completely changes a number of industries.  

Matthew Gyde

Matthew Gyde

Chief Executive Officer, Security division, NTT Ltd.

As Chief Executive Officer, Security division, NTT Ltd, Matthew is responsible for executing the security strategy, services and go-to-market with the goal of building the world’s most recognized security business, supported by a team of highly talented security professionals.

 How we can help you