Ray Boisvert, President and CEO of I-SEC Integrated Strategies, talked about finding the value in all the buzz around security analytics.
Boisvert began his thought leadership presentation at the 2016 Chief Information Security Officer Leadership Forum held on June 22 in Chicago by noting that the threat narrative has changed rapidly over the past few years, resulting in a pervasive, invasive, theft-related loss of IP, breaches of privacy, and growing threat to business. “What really struck me was the transition from state threat actors to highly organized, highly effective transnational threat actors. This is part of our dilemma in security,” stated Boisvert.
Boisvert pointed out that CISOs are in the unenviable position of being leaders in the protection industry. Corruption is the name of the game these days, and mostly this corruption is in the form of fraud. “Phishing emails will eventually touch your organization and they will be successful. Why? Because these transnational threat actors are scraping social media and know more about your organization than many of you do,” said Boisvert. “They’ve chosen your organization as their profit center. The equation they use is simple: low risk, high yield.”
“Phishing emails will eventually touch your organization and they will be successful. Why? Because these transnational threat actors are scraping social media and know more about your organization than many of you do.”
Threat actors have not only become more adept but business models and risk models have transformed, and not always successfully, said Boisvert. “All companies are now data organizations. Business is all about data. The solutions, the challenges, the peril, and the failure in business are linked to all companies being, at their core, software and analytics organizations.”
Boisvert noted that companies have added capability as a countermeasure to the growing expertise of transnational threat actors. “However, in this effort, we’ve been myopic,” he pointed out. “We’ve left dark corners where threat actors can be successful in exploiting the network. It’s essential to know the threat actors, understand your internal capability, and manage those threats and risk, recognizing you can’t do everything.”
“We’ve left dark corners where threat actors can be successful in exploiting the network.”
Boisvert continued, “There’s a lot of buzz around security analytics. We hear words like in-memory processing, in-stream processing, statistical modeling, machine learning, and so on, all of which enhance our ability to see things. We’ve gone from search, query, response to rules and signatures. We need to move forward to behavioral anomalies and predictive analytics before we can say we’ve reached analytical maturity.”
Boisvert noted that the security industry is failing because it’s failed to achieve a level of predictive analytics. “We forget that a typical Fortune 500 organization has 10,000 devices. That quickly morphs into 100 million monitored relationships. This clearly is pushing the limits of computing infrastructure, given the standard approaches currently being used.”
It’s possible for any company to attain visibility on its network, said Boisvert. “This is no longer an aspiration; it’s an available approach. To get there, you need to challenge yourself by determining if you can investigate and interrogate data in a way that will provide the necessary insights in a timely fashion (in-stream versus parking the data and investigating it later). Assure that you’re using contemporary analytical approaches, focusing on the will to achieve behavioral analytics estimations across the entire network and to be able to see those anomalies as they emerge.”
In response to a question from the audience, Boisvert noted that the level of cyber awareness and knowledge has really increased at the C-suite and board level. “The lexicon can be confusing,” he said, “so we need to make sure we educate during our briefings. Security is a cost center that has value, and we need to show this value on a regular basis. We need to emphasize that IT is business, it’s essential to the organization, and the C-suite and board need to understand its value.”
ABOUT RAY BOISVERT:
The formation of ISECIS builds on Ray Boisvert’s career of almost 30 years in both operational and executive roles with the Canadian Security Intelligence Service (CSIS), from which he retired as the Assistant Director of Intelligence. Additional roles within CSIS included leadership of the international counter terrorism branch as well as key organizational programs including operational security, risk management, internet operations, and data exploitation efforts.
With his extensive and specialized knowledge, Boisvert has uniquely positioned ISECIS to identify global risks, convey privileged insights, and create intelligent organizational resilience–including enhanced cyber and insider threat defense.