NTT predicts that security orchestration, automation and response will gain traction in 2020
- Published: Thursday, 14 November 2019 08:55
Security orchestration, automation and response (SOAR) will ‘rocket’ to address cyber attacks happening at machine speed says ‘The Future Disrupted: 2020 Technology Trends’, a new report from NTT.
Around 75 percent of the threats detected in NTT’s Security Operation Centres (SOCs) are now orchestrated by supervised machine learning and threat intelligence. Its security experts use algorithms to recognise patterns, identify anomalies and automatically orchestrate security controls. Embedding this level of intelligence into infrastructure and applications will therefore become a top priority for businesses, says the report.
“Cyber attacks are happening at machine speed, not human speed”, comments Azeem Aleem, VP Consulting Security, NTT Ltd. “To keep up, organizations will need the help of machines – and data scientists – and this is why we believe SOAR will be the hottest area in cyber security in the year to come. It enables organizations to predict when an attack is going to happen – and fast. In fact, we don't even talk about proactive security to our clients anymore. We talk about predictive security, which we believe will become essential for delivering an active cyber defence in 2020.”
Some of the other cyber security trends identified include:
Security goes to the cloud: while organizations still buy on-premises equipment, largely for compliance reasons, more applications and workloads are being created and hosted in cloud environments. However, if organizations are using multiple hosting centres or hyperscalers, it’s more difficult to apply standardised, software-based security controls across the entire infrastructure. Applying security to the application or workload will enable them to monitor and implement the appropriate controls.
Hyperscaler patterns continue to be elusive: fixed infrastructure tends to have standard traffic patterns that make it relatively easy to identify anomalies. This is not the case with hyperscalers, which also make hundreds of thousands of high-speed updates to their platform on any given day. This will make it very difficult for organizations to monitor the interactions between humans, machines, data and applications in order to identify patterns and anomalies. Information, context and intelligence therefore need to be applied for a modern and robust security posture.
Data lakes and data wallets: data lakes will enable new models of predictive analytics. What’s more, we will see data wallets that put data in the hands of the person who owns it and making it completely secure for them. Nobody can access that data without certain permissions being in place and, if the user is under threat, can be locked down.