Page 46 - index
P. 46
In a classic example of this concept, Google created a 16,000-processor neural network that
correctly identified cats in YouTube videos 75% of the time. This is not poor performance, but
consider that a two-year old human can perform the same task with near-100% accuracy.
So while machines will continue to improve, there is a vast collection of tasks for which humans
will be far more efficient. A combination of solid technology, paired with a highly-optimized
workflow for human vetting provides the best possible chances for success against dynamic and
dedicated attackers.
Humans are far better at determining if a series of observed events in a potential victim’s
environment are truly malicious, or simply a coincident series of benign activities.
This unified approach is far more effective than traditional attempts at silver-bullet solutions, as
the human provides critical differentiation between “good” and “bad” observations.
The efficiency for such a unified solution skyrockets even further when the human portion of the
process is enhanced by multiple machine-aided classifications such as behavioral observations,
static and dynamic binary analysis, and cyber threat intelligence.
Thankfully, this trend toward leveraging human power with that of machines is gaining favor,
from some of the largest companies like Dell SecureWorks to newer service providers like Hexis
Cyber Solutions and Masergy already incorporating human analysts into their threat detection
services.
Even Verizon and other large MSSPs have seen the light and are incorporating humans into
their services.
This begs the question of how a security team or provider can fuse the technology and human
components into a credible solution. First, they must evaluate multiple observation and
collection platforms. These may span the space between endpoint, network, log aggregation,
and other solutions.
With the collected data from the platform or platforms they select, the team then evaluates and
selects one or more intelligence sources that can effectively enrich the collected data, directing
a human’s precious time and attention to legitimate or likely threats.
Human analysts need to be continuously trained on their portion of the workflow as well as the
ever-evolving threat. This likely involves typical workforce training but also an awareness
among peers to maintain currency.
That awareness must span the entirety of the information security threat space as well as
industry-specific knowledge bases to be most effective and accurate. They require a
streamlined workflow to ensure high efficiency, so the organization must invest into the research
and development of the workflow itself and any supporting technologies.
46 Cyber Warnings E-Magazine – May 2015 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
