Right now, with so many emerging threats, the single biggest problem is threat intelligence – keeping up with the bad guys. But the automation technology is getting better and better to help monitor threats and to respond much more quickly when there’s a problem. Until now, a lot of security controls have centred around someone looking at the correct screen at the right time to see if something bad is happening. It’s been a very manual process.
But now, once you have your “normal” environment established, it is possible to translate that into data that machines can read. We’re at the stage broadly where companies can map these data flows to provide a baseline, a picture of what’s normal. This baseline data can be consolidated into a single data flow of information that feeds analytical software that alerts us in near-real time that something is not normal.
Right now, we have this sort of unit-by-unit monitoring approach. So System A has a problem. And then you see that System B has a problem. And eventually you figure out that System A and System B are showing the same problem. But it takes a long time to manually align those units and figure that out. We’re trying to reduce the dependency on monitoring unit by unit. Instead, we want to consolidate that into single view of what’s happening in our environment. And eventually, with the advances in machine learning, there will be a robot out there that’s monitoring all this stuff and can respond to it within seconds, rather than hours.