Page 5 - Cyber Warnings
P. 5
Applying Machine Learning and Behavioral Analysis to Address
the Cybersecurity Skills Shortage
It’s no secret there’s a severe skills shortage in cybersecurity. More than 209,000 cybersecurity
jobs in the U.S. alone are presently unfilled according to a 2015 Peninsula Press analysis of
data from the Bureau of Labor Statistics. In addition, according to Peninsula Press job openings
are up 74 percent over the past five years.
The skills shortage situation is expected to deteriorate even further over the next several years,
and the situation is stressing security staffs in organizations of all sizes.
As an example, consider the massive security breach at Target, where more than 40 million
credit card numbers were stolen. It was widely reported that Target missed alarms that clearly
indicated a breach was in progress.
However it’s important to realize that Target, like many other organizations, is under constant
attack. Target receives many thousands of attacks everyday and therefore alarms are
continuous. There simply aren’t enough security personnel to chase down each alarm and
remediate it.
When we look across the IT security landscape it’s just not possible to build the talent pool
rapidly enough to fully address this critical skills shortage of individuals needed to combat
constantly evolving threats – automation is the answer.
The old adage “work smarter, not harder” is certainly applicable in this case. First and foremost
the security industry needs to move beyond labor intense security mechanisms that are at the
same time are continually becoming less and less effective.
Traditional early generation security technologies such as signature files, white lists, and black
lists are very labor intense. These technologies were once the bedrock of cybersecurity in the
later part of the last century.
However, because of the rapidly evolving threats this approach now consumes a large amount
of staffs’ time writing and testing rules.
This is occurring even though signature files, white lists, and black lists are ineffective against
modern cyber attacks such as the Advanced Persistent Threat (APT).
The legacy approaches are also notoriously poor at identifying attacks in real-time and also
generate large numbers of false positive alarms. Rules and signatures are often written too
broadly and flag not only illegitimate traffic but also legitimate traffic - resulting in a false positive
alert.
Having security staff chase down false positives throughout the day is highly unproductive and
further exasperates the skill shortage. But old habits die hard.
5 Cyber Warnings E-Magazine – May 2016 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
