Hyperautomation and Cybersecurity – A Platform Approach to Telemetry Architectures | McAfee Blogs


Hyperautomation is a process where artificial intelligence (AI), machine learning (ML), event-driven software, and other tools are used to automate as many business and IT processes as possible.  Forecasted by Gartner to reach $596.6 billion by 20221, hyperautomation and the global software market that enables it show no signs of slowing.

The myriad of technologies used by a typical organization often are not integrated and exist as siloed disparate tools.  Hyperautomation aims to reduce this “organizational debt” to improve value and brand.  In the context of cybersecurity, a patchwork of stovepipe solutions not only exposes the environment to risk, but also impacts the cyber defender’s ability to fortify the environment and respond to threats at machine speed.  Our target is “shift-left” security — leveraging intelligence to enhance predictability and encourage proactive responses to cyber threats.

The rise of telemetry architectures, combined with cloud adoption and data as the “new perimeter,” pose new challenges to cybersecurity operations.  Organizations will be forced to contend with increased “security debt” unless we figure out how to optimize, connect, and streamline the solutions.  In some cases, we have technologies available to begin this journey (MVISION Insights, MVISION Extended Detection and Response (XDR), MVISION API).  In others, our customers demand more.  They challenge us to build next-generation platforms to see themselves, see their cyberspace, and understand their cyberspace.  Some cyber defenders need more than traditional cyber threat intelligence telemetry to make critical operational impact decisions.

MVISION Insights and MVISION XDR are great starts.  It all begins with the build-up of an appropriate telemetry architecture, and McAfee Enterprise’s billion-sensor global telemetry is unmatched.  Insights provides an automated means to fortify the environment against emerging threats, weaponizing threat intelligence to take a proactive stance in reducing your attack surface from device to cloud.  Why start engaging at an attack’s point of impact when an organization can begin its own awareness at the same point an attacker would?  MVISION XDR brings together the fragmented security solutions accumulated over the years, sharing information and coordinating actions to deliver an effective, unified response across every threat vector.  Workflows are effortless to orchestrate.  The powerful combination of Insights and XDR provides management and visibility of the complete attack lifecycle.  Open architectures reinforce our belief that we are better together and facilitate a cybersecurity ecosystem consistent with the concepts of hyperautomation enablement.

Figure 1 – Attack Lifecycle

Where can we go from here?  How do we secure tomorrow?  From my perspective, we should expand the definition and scope of cybersecurity.

The answer is to look beyond traditional cyber threat telemetry; external factors (environmental, social media, geolocation, law enforcement, etc.) truly matter and are vital in making business impact decisions.  Complete operational visibility, and the ability to investigate, research, and rationalize what matters most to make accurate, critical judgments, is the missing link.  This is a Cyber Common Operating Picture (COP).  A natural extension of our current initiatives within the industry, a COP answers the growing need to provide an integrated cyber defender’s visualization workbench that manages multiple data telemetry sources (beyond cyber threats) and delivers our customers wisdom – a true understanding – regarding their cyberspace on a local, regional, and global scale.

Telemetry data represents change, and telemetry architectures will require new forms of advanced analytics, AI, and ML to make sense of the vast sea of all-source intelligence flowing in from the environment to enhance observations and take definitive action.  If we can “shift-left” for cyber threats, we can leverage that same predictability to identify and prepare for the impact of peripheral threats.  Open source, custom, and third-party data feeds are widely available and create integration opportunities with emerging markets and capabilities to solve unique challenges typically not associated with our platform:

  • How do we identify network or infrastructure hardware (IoT, OT, Industrial Control System) that is on the brink of failing?
  • Can we identify the exact geolocation from which a current cyber-attack is being launched?
  • Does social media and law enforcement chatter indicate a physical threat could be imminent near our headquarters?
  • How do we fuse/correlate inputs from myriad sources to develop regional situational awareness in all layers of cyberspace?

Non-traditional sensor telemetry, a multitude of feeds, and threat intelligence must be overlayed across the Cyber COP to provide AI-driven predictability modeling for next-gen systems and actionable conclusions.  This is a potential future for how hyperautomation can impact cybersecurity; this is orchestrating beyond standard capabilities and expanding the definition and scope of how our complex environments are secured.  AI engineering strategies will continue to expand and deliver data analytics at machine speeds.

McAfee Enterprise has always been a proponent of a platform approach to cybersecurity, creating interoperability and extending the security investments its customers have made. Loosely coupled security systems introduce gaps, and hyperautomation aims to solve that at a much larger scale.  As we look toward the future, we can collectively build the requirements for the next generation of security solutions and broaden the scope of how we defend against our common adversaries. I am confident that the technologies currently exist to provide the framework(s) of a COP solution for enhanced cyber situational awareness.

 

Source: 1Gartner Press Release: Gartner Forecasts Worldwide Hyperautomation-Enabling Software Market to Reach Nearly $600 Billion by 2022 (April 28, 2021)

 





Source link