Data science – is it really the answer to cybersecurity?
Data science, along with technologies such as machine learning and artificial intelligence, has found its way into countless security products, solutions, and services as of late. The promised benefit of these complex technological disciplines includes the ability to make better decisions in less time than a human might and deliver superior results in detecting and identifying threats using mathematics. All of these things, in theory, point to a ’safer’ environment.
While I do count myself as a big fan of data science and its various forms of implementation, I can’t help but be skeptical that these technological advancements are the equivalent of a messianic promise to “save us.” The industry has been noticeably impacted by hype, and some of product capabilities touted by vendors do not seem realistic.
Is data really the answer?
Data can be defined as any and all facts and/or statistics collected together for reference or analysis. There are many sources of data and data sets that we might want to be cognizant of in order to better understand our environments, our networks, our assets, and our personnel. Some of which are more interesting to information and cybersecurity professionals than are others.
Understanding this is key to forming an awareness and appreciation of the various disciplines and technologies that comprise the data sciences. For those of us who spend our time laboring over investigations while researching threats, threat actors, and campaigns, the importance of identifying data sources, collecting those sources, and applying them wisely is key to prevention, the reduction of threat actor dwell time, and threat mitigation in general. And as important as that high quality, diverse, rich data is, there are only a few good ways to work with it in its raw form, hence the need for automated data science-driven solutions.
A lot of smoke, is there a fire?
With all of this in mind, what can we expect to hear from security vendors when it comes to these topics? Marketing departments are keen to discuss the merits and advantages of these complex technological disciplines and concepts as they pertain to the enterprise, mobile, and cloud security concerns. It’s not uncommon to read about promises with respect to the efficacy of these innovations in detecting and identifying threats using “math” (mathematics is one of many forms of data science). There are assertions that these advances will make better decisions in far less time than a human - for the pursuit of more efficient and accurate security tools - this is questionable and we’ll address later.
A lot of these claims cross into the realm of the fantastic, made by people who really cannot speak with authority on such complex capabilities. There’s a good chance anyone who spends the time to read into all the technology on offer will comprehend nothing due to the cacophony of mixed messages across products.
When it comes down to it, the questions that will matter most to customers revolve around money and safety. Will these technologies help us avoid a breach? Will they help us be more effective? Will our investment be worth it? Will it save us?
Can Data Science, Machine Learning, and Artificial Intelligence Save Us from Ourselves?
No. I don’t believe that data science, machine learning, or artificial intelligence will save us from ourselves.
In my mind, these are tools and platforms that can – provided we’re intelligent in maintaining them – help us, but save us? No. No, they will not save us. They are not the cavalry coming in at the last possible moment to save the day. There are no silver bullets. There have never been and there never will be.
What’s going to save us from ourselves and from our adversaries is a return to the core principles of IT and security hygiene: patching, asset management, and the use and application of encryption. What’s going to save us is “living off the land” or identifying and taking advantage of data sources within our enterprise environments. It’s only once we’ve identified all of our data that we can develop the clearest, richest picture of our environment’s risk posture. Furthermore, what will contribute to our salvation is our recognition and application of tradecraft driven through experience – experience which often and only exists in the minds of human beings who’ve devoted a lifetime to their craft as opposed to systems which have been “taught” to understand it.
What’s going to save us is the identification and recognition of our gaps, our shortcomings, and our willingness as businesses and organisations to address them as they relate to how we do business. What’s going to save us is identifying high-quality threat intelligence that will complement what we have in-house and aid us in making quicker, more informed decisions that will have a material impact. But here’s the good news. If you and your organisation have been putting the core principles of IT and security hygiene into practice regularly, and have stayed ahead of the threats to date, data science, machine learning, and artificial intelligence may help you further shore up and fine tune your security programs. Remember, what’s going to save us isn’t the application of data science, the integration of machine learning or artificial intelligence into our ecosystems. What’s going to save us is ourselves.
Will Gragido, Director of Advanced Threat Protection, Digital Guardian
SAS: Improving the British Army’s decision making with data
SAS’ long-standing relationship with the British Army is built on mutual respect and grounded by a reciprocal understanding of each others’ capabilities, strengths, and weaknesses. Roderick Crawford, VP and Country GM for SAS UKI, states that the company’s thorough grasp of the defence sector makes it an ideal partner for the Army as it undergoes its own digital transformation.
“Major General Jon Cole told us that he wanted to enable better, faster decision-making in order to improve operational efficiency,” he explains. Therefore, SAS’ task was to help the British Army realise the “significant potential” of data through the use of artificial intelligence (AI) to automate tasks and conduct complex analysis.
In 2020, the Army invested in the SAS ‘Viya platform’ as an overture to embarking on its new digital roadmap. The goal was to deliver a new way of working that enabled agility, flexibility, faster deployment, and reduced risk and cost: “SAS put a commercial framework in place to free the Army of limits in terms of their access to our tech capabilities.”
Doing so was important not just in terms of facilitating faster innovation but also, in Crawford’s words, to “connect the unconnected.” This means structuring data in a simultaneously secure and accessible manner for all skill levels, from analysts to data engineers and military commanders. The result is that analytics and decision-making that drives innovation and increases collaboration.
Crawford also highlights the importance of the SAS platform’s open nature, “General Cole was very clear that the Army wanted a way to work with other data and analytics tools such as Python. We allow them to do that, but with improved governance and faster delivery capabilities.”
SAS realises that collaboration is at the heart of a strong partnership and has been closely developing a long-term roadmap with the Army. “Although we're separate organisations, we come together to work effectively as one,” says Crawford. “Companies usually find it very easy to partner with SAS because we're a very open, honest, and people-based business by nature.”
With digital technology itself changing with great regularity, it’s safe to imagine that SAS’ own relationship with the Army will become even closer and more diverse. As SAS assists it in enhancing its operational readiness and providing its commanders with a secure view of key data points, Crawford is certain that the company will have a continually valuable role to play.
“As warfare moves into what we might call ‘the grey-zone’, the need to understand, decide, and act on complex information streams and diverse sources has never been more important. AI, computer vision and natural language processing are technologies that we hope to exploit over the next three to five years in conjunction with the Army.”
Fundamentally, data analytics is a tool for gaining valuable insights and expediting the delivery of outcomes. The goal of the two parties’ partnership, concludes Crawford, will be to reach the point where both access to data and decision-making can be performed qualitatively and in real-time.
“SAS is absolutely delighted to have this relationship with the British Army, and across the MOD. It’s a great privilege to be part of the armed forces covenant.”