Takeaways from Infosecurity Europe and the Evolution of Threat Intelligence

Subscribe To Download This Insight

3Q 2019 | IN-5550

Artificial Intelligence (AI), Distributed Denial-of-Service (DDoS) protection and Data Loss Prevention (DLP) solutions, security orchestration and automation, Managed Security Services (MSS) and threat intelligence, the E.U. General Data Protection Regulation (GDPR) and regulatory measures, cybersecurity for surveillance, and even privacy concerns for smart cities—the June 2019 Infosecurity Europe conference had it all. This ABI Insight sheds some light onto key market trends explored during the event.

Registered users can unlock up to five pieces of premium content each month.

Log in or register to unlock this Insight.

 

Infosecurity Europe 2019

NEWS


Artificial Intelligence (AI), Distributed Denial-of-Service (DDoS) protection and Data Loss Prevention (DLP) solutions, security orchestration and automation, Managed Security Services (MSS) and threat intelligence, the E.U. General Data Protection Regulation (GDPR) and regulatory measures, cybersecurity for surveillance, and even privacy concerns for smart cities—the June 2019 Infosecurity Europe conference had it all. This ABI Insight sheds some light onto key market trends explored during the event.

AI, Automation, Regulation, and Threat Intelligence

IMPACT


More than 400 security vendors attended and exhibited their solutions at this year’s event, including multi-spectrum market players like Microsoft, Cisco, Thales Group, and Palo Alto; application specialists and/or technology-specific leaders like Akamai, Entrust Datacard, Forescout, LogRhythm, Symantec, and CrowdStrike; and promising market entrants like Obrela, Link11, and ExtraHop. Other than the standard security functions (e.g., endpoint, network, cloud, application, etc.) the insights gathered from the event can be summed up into three distinct categories: 1) AI and automation, 2) regulatory concerns, and 3) threat intelligence.

Although the AI hype train was steamrolling over vendor banners and marketing materials, the effect was somewhat lessened this year. While an AI-heavy approach is still one of the leading security trends, many vendors were a lot more cautious when describing their solutions as “AI-enabled”. Technically, when using the term “AI,” vendors are usually to a specific Machine Learning (ML), Artificial Neural Network (ANN), or Deep Learning (DL) application.

However, many vendors, primarily in the Security Information and Event Management (SIEM) markets, use the term AI to describe standard correlational analyses performed by merging together different security alerts gathered across networks. Thankfully, market players this year were a lot more capable of spotting the AI red flags and focusing on the key components that can be described as truly intelligent. That being said, security automation is the main aspect driving a competent AI strategy. In cyber-security terms, automation involves security alert streamlining, security tools monitoring, autonomous network segmentation and user/device isolation, tackling everything from malware/ransomware attacks, to DLP, DDoS and conformity to regulatory standards.

How Much Is Intelligence Worth?

RECOMMENDATIONS


ABI Research, however, strongly advises that implementers focus on one key aspect for the future: threat intelligence. For starters, the concept of threat intelligence is no longer dominated by nebulous explanations regarding the protection of an organization’s digital assets but is starting to take form. First, organizations are starting to dig deeper into the data generated by their own systems and establishing a firmer grasp on their unique traits, vulnerabilities, and important threat vectors. Unfortunately, Information Technology (IT) professionals are struggling to keep up with the new threat horizon, and their responsibilities for increased monitoring and network visibility are becoming more demanding with each passing quarter. However, this is also a key selling point for security automation and orchestration services.

Second, threat intelligence includes application-specific services that empower digital security tools by allowing them to access a wider spectrum of data streams which, in turn, are used by ML algorithms to better hone an organization’s capabilities and security posture. Choice of end-market, vertical (e.g., government, enterprise, industrial, e-commerce, etc.), client needs, and/or business model (e.g., cloud services, perimeter defense, identity management, etc.) also contribute to the unique pattern of how an organization should address its security concerns for its own systems or circle of partners.

Third, much like the cybersecurity threat landscape itself, threat intelligence is in a perpetual state of evolution. Other than the general objective of identifying malware and Advanced Persistent Threats (APTs), threat intelligence is evolving to include other aspects that are directly linked to chief security and operational concerns, such as:

  • Identifying malicious insiders or users that might compromise network integrity by leveraging (or at least making better use of) SIEM products
  • Assisting platform intelligence for the purposes of identity management and extensive device and system visibility
  • Gathering intelligence for connected IoT assets across various devices, platforms, and verticals ranging from Bring Your Own Device (BYOD) to industrial control systems
  • Addressing challenges with incoming traffic from various sources as well as issues with certain communication protocols (with a focus on IoT)
  • Helping to address other incoming, IoT-borne concerns such as automated secure onboarding processes or the IT versus Operational Technology (OT) gap, allowing ML algorithms to adapt and create better SIEM products focused on helping IT security engineers monitor vulnerable markets (e.g., connected utilities, processing plants, and manufacturing)

ABI Research posits that not only is cyber-threat intelligence expected to evolve in the most security-challenged verticals (like industrial settings or smart cities, for example) in the near future, but that such evolution should also be hastened in order to adequately prepare those markets for upcoming cyber-threats. Unfortunately, some of those markets will have multiple other hurdles to overcome including identity management, encryption key lifecycle management, and legacy equipment along with a substantial infrastructure upgrade. Cyber-attackers are quick to adapt and weaponize next-generation AI and ML technologies, and organizations are always on the defending side, but the choice for implementers should be clear at this point: how much is intelligence worth?

Services

Companies Mentioned