"After this, there is no turning back. You take the blue pill - the story ends, you wake up in your bed and believe whatever you want to believe. You take the red pill - you stay in Wonderland and I show you how deep the rabbit hole goes." So, would you take the red pill or blue pill? Turns out, according to a recent technological development, we've already started down the rabbit hole. According to an article from SingularityHub, Cybersecurity analysts may, at some point soon, patrol computer networks like the oh-so-charming Agent Smith from 'The Matrix' franchise. Or something like him, anyway.
Before you panic and go running to find your black leather trench coat (that you definitely didn't purchase from eBay on a whim a few years ago and have stored in the back of your closet...), it's not what it sounds like. Colorado-based startup ProtectWise recently built a new virtual reality tool that is designed to allow cybersecurity professionals to be able to patrol computer networks like real-world beat police officers... inside a three-dimensional virtual reality/video game world.
Scott Chasin, CEO and co-founder of ProtectWise, has quite the interesting future prediction, one in which companies have war-rooms chock full of Oculus Rift-wearing security analysts who patrol their networks in VR. “I see an opportunity in the not-too-distant future in which a large organization who has a lot of IT infrastructure might have rooms full of security analysts with augmented reality and VR headsets on,” Chasin told SingularityHub. What a mental image that is...
ProtectWise is launching a virtual reality user interface tool called 'Immersive Grid' where connected assets in a company, such as servers, PCs, mobile devices, etc., are represented as a building inside a virtual city. A company can group those device-buildings into "neighborhoods," and are organized by business unit or geography.
The analysts can then monitor and police those buildings, which send information about data traffic and potential threats related to that device. Chasin has high hopes for visualization technology like this, saying that it might turn the complicated, harrowing technical work of a security analyst into something more resembling a video game. Where do we sign up?!
This will appeal to a broad range of folks in the security field, but will obviously be a pretty mouth-watering option to younger generations in particular. “We see an opportunity to tap into that next generation, the Minecraft generation, that can reason about data visually," states Chasin. "There’s now a younger generation who understand virtual worlds and the mechanics of games with a skill-set that’s suited to a platform like Immersive Grid.”
So gamers, rejoice! If visual interfaces like Immersive Grid become commonplace, which is sounding more likely by the minute, gaming skills might actually translate nicely into the business world. Chasin also believes this type of interface will have a real world impact on the way security is managed in the future. “We’re talking about a technology set that will allow us to actually build cyberspace,” he says.
So, gaming could take over cybersecurity. Wrap your head around that. "You hear that Mr. Anderson (MSPs)? That is the sound of inevitability."
Our second story takes a look at another hot topic in the technology/cyberspace realm - artificial intelligence (AI). Really living in the future lately, aren't we? According to a commentary by Fortinet Global Security Strategist Derek Manky on Dark Reading this week, traditional network architectures are not yet capable of meeting the demands of new digital standards, which involve huge amounts of both raw and processed data moving between networks - our devices, work, community and home networks. Manky's take? Next-gen network technology can use artificial intelligence and machine learning to become more flexible and automated.
"Security strategies need to undergo a radical evolution," says Manky. "Tomorrow’s security devices will need to see and interoperate with each other to recognize changes in the networked environment, anticipate new risks and automatically update and enforce policies. The devices must be able to monitor and share critical information and synchronize responses to detected threats."
Manky calls out one particular technology that's been getting quite a bit of attention recently, which lays the foundation for this approach. It's called Intent-Based Network Security (IBNS), and it essentially means that everything works together. IBNS provides extensive visibility across the entire distributed network, and enables security solutions to automatically adjust and adapt to changing network configurations while seamlessly thwarting threats. This kind of solution can also partition network segments and find/isolate affected devices. Goodbye malware!
Clear as mud? The takeaway here is that "tightly integrated and automated security enables a comprehensive threat response far greater than the sum of the individual security solutions protecting the network." We've heard that before, but it bears repeating. Teamwork makes the dream work, folks.
Countless experts along with Manky agree that artificial intelligence and machine learning are becoming serious partners in crime when it comes to cybersecurity. Manky thinks that in the future (perhaps the very near future), AI in cybersecurity will constantly adapt to the growing attack surface. "Today, we are connecting the dots, sharing data and applying that data to systems. Humans are making these complex decisions, which require intelligent correlation through human intelligence. In the future, a mature AI system could be capable of making complex decisions on its own."
Humans and machines working together. Hmmm. Now why didn't Neo think of that?
Our last story peeks inside some rather interesting survey results recently released by Bromium. It seems as though not all cybersecurity pros are following their own best practices. Gasp!
The research, conducted at the RSA Conference (RSAC) 2017, found that on average, 10 percent of security professionals admit to knowingly avoiding security protocols and sweeping discovered breaches under the rug. With 600M+ ransomware attacks in 2016, this suggests that tens of millions of incidents are being swept under the rug by security pros. Yikes...
Other key stats include:
- 35 percent of security professionals admitted to going around, turning off or bypassing their corporate security settings
- An average of 76 percent of security pros are worried they are being tracked online
"While we expect employees to find workarounds to corporate security, we don't expect it from the very people overseeing the operation," stated Simon Crosby, co-founder and CTO of Bromium in the press release. "Security professionals go to great lengths to protect their companies, but to learn that their decisions don't protect the business is frankly rather shocking. To find from their own admission that security pros have actually paid ransoms or hidden breaches speaks to the human-factor in cyber security."
So, is there a solution? When it comes to effective and "doable" cybersecurity, Bromium says that there are really two ways to make it happen: top down with typically strict limits on end-user behavior or, distributed control with more end-user involvement. In other words, there are no workarounds.
The views expressed in this column do not necessarily reflect the views of Penton Media or The VAR Guy editorial staff.