Q&A: The top five threat detection challenges and solutions, and how they can help organizations reduce the impact of cyberattacks

I recently sat down with Chuck Brooks, President of Brooks Consulting International, who is a globally recognized thought leader and subject matter expert in the areas of Cybersecurity and Emerging Technologies. We discussed the top five challenges and solutions in threat detection today, and how knowing how to safeguard against them can help organizations mitigate the impact of cyberattacks.

Brian Kelly: How do threat detection systems like DDoS Protection work?

Chuck Brooks: A distributed denial-of-service (DDoS) attack is an attack in which multiple compromised computer systems attack a target and cause a denial of service. The flood of incoming messages, connection requests, or malformed packets to the target system forces it to slow down or even crash and shut down, thereby denying service to legitimate users or systems. These attacks are often orchestrated via bots. 

A bot defense needs to be able to quickly find data that looks like it came from a known botnet or piece of malware. It also needs to rapidly spot actions that can only be done by software, like getting a lot of requests. Especially if the traffic behaved in a way that wasn't natural, like mouse movements, keystrokes, or visitation trends that weren't normal. An all-around bot defense should also be able to tell if traffic tried to directly access the application interface (API) when it wasn't supposed to or if it tried to stop the signal collection from happening.

Brian Kelly: How is the role of Artificial Intelligence (AI) impacting the cybersecurity space?

Chuck Brooks: AI is a powerful tool for enabling cybersecurity. By prioritizing and acting on data, AI and machine learning (ML) can help make decisions more efficiently. This is especially true for larger, more sophisticated networks with many users and variables.

AI and ML can increase the speed at which new attacks are discovered, draw statistical conclusions, and send that information to endpoint protection systems. You can get real-time data on deviations and other problems using network monitoring and horizon scanning. Continuous diagnostics and forensics analysis are possible for optimal protection, and the defense framework layers (firewalls, payload, endpoint, network, and antivirus) are updated automatically. 

Prioritizing and acting on data using AI algorithms can help people make better choices, especially in bigger networks with many users and variables. Locating, sorting, and combining data is a capability for reducing online threats. As a result, predictive analytics can conclude from statistics with fewer resources and send this information to endpoint security platforms.

Generative AI technology can also help write secure code more quickly. Better AI tools, platforms, and technologies can aid writers in composing safer code from the start. This also makes it easier to fix problems as they happen. 

AI can also monitor aberrations happening in the network, find new threats without clear signs, and take the right action. In addition, it can be used to connect data from different silos to figure out the types of attacks that are happening and to analyze network risks and weaknesses. As a key part of zero trust cybersecurity, identity, and access management may benefit from AI that checks the validity of data across many distributed systems. 

AI can spot things that aren't normal or don’t follow the rules. It can do this by looking at data and files and seeing network activities in real-time to find unapproved connections, unwanted communication attempts, strange or malicious password use, brute force login attempts, strange data transfer, and data exfiltration. Further, AI could significantly change cybersecurity efficiency by automating and orchestrating security. Combining ML and advanced analytics, AI can automate and coordinate many security tasks, such as incident reaction and vulnerability management. 

When it comes to adapting to new, sophisticated digital environments, AI and ML become key tools or innovative chess pieces in a cybersecurity strategy game. It will depend on the accuracy, speed, and quality of the algorithms and supporting technologies to stay safe against growing asymmetrical threats.

Also, because there just aren't enough skilled cybersecurity workers, AI can fulfill security tasks that would have been done by adding people in the past. That is a significant benefit. 

Brian Kelly: Are there security challenges inherent in using cloud computing?

Chuck Brooks: Both the public and private sectors are quickly moving to cloud and hybrid cloud settings, which is bringing computing closer to the edge. More businesses and government bodies are storing their data in the cloud or a hybrid cloud setup. 

The cloud will handle more than 90% of all data handling tasks, according to predictions. Setting up a secure cloud is an important part of protection. As cloud-based services become more common, cybersecurity issues have grown. Issues that businesses must deal with include cloud settings that aren't set up correctly, APIs that aren't safe, and data breaches caused by cloud vulnerabilities.

Rapid migration to the cloud raises new security concerns due to the complicated systems that need to be kept up to date and protected from zero-day threats. Thus, integration should be the main security focus for mixed cloud setups. Achieving integration requires being able to see everything in the environment, including public, private, and on-premises areas. It also requires having the right tools, rules and, in many cases, a managed services partner to make sure that all security standards are met. 

Brian Kelly: What are some effective strategies for securing IoT (Internet of Things) devices?

Chuck Brooks: Securing IoT devices is a monumental challenge. The IoT, of course, refers to the emerging connectivity of embedded devices to the internet that are readable, recognizable, locatable, addressable, and/or controllable. That is a big universe of devices. The most at-risk electronics are networked cameras and storage devices, smartphones and tablets, laptops, computers and streaming video devices.

Hackers can potentially obtain data through any IoT-connected device. Many are particularly open to attack, as most of these devices have not had their default passwords changed. People just use them without changing the default passwords, which is an invitation to a data breach. An organization implementing an IoT security framework needs to immediately address how to change the default passwords on purchased, manufactured devices.

There are solutions ranging from homegrown to expert managed service providers with all-in-one solutions for IoT security. They include improving situational awareness, enforcing security policies for technology integration, threat information sharing, and having a cyber resilience strategy are all important parts of a good IoT risk management plan. For example, it should investigate how separating or segmenting IoT devices can lower risk and attack areas. To reach the end goal, solutions and services must be optimized, and the necessary amount of security must be determined.

Brian Kelly: Can you discuss strategies for managing supply chain cybersecurity risks?

Chuck Brooks: Cyberattackers are always looking for the weakest link in the chain, and reducing the risk of third parties in supply lines is now seen as necessary for cybersecurity. Cyberattacks on supply lines can come from hackers, spies, thieves, or enemies of the country. Most of the time, this is done by breaking into networks with fake or hacked hardware and software, using providers' weak security measures, or using insider threats.

New technologies, like AI and blockchain, are now being used to keep track of, alert, and evaluate supply chain processes. To protect against cyber-threats, you can use Data Loss Prevention (DLP), encryption, log management, identity, access control tools, and SIEM (Security Information and Event Management) platforms. Another specific step companies can take is to audit the security measures that their suppliers and vendors use to ensure that the end-to-end supply chain is secure.

The Department of Homeland Security (DHS), the Department of Defense (DOD), and the  White House have all recently implemented supply chain security measures. The Department of Commerce’s NIST (National Institute of Standards and Technology) has suggested a practical one for supply chain security that provides sound guidelines from both government and industry.

Brian Kelly: Thanks for your time and your insights today, Chuck. 

Chuck Brooks: Thanks Brian, I enjoyed our discussion.

How Spectrum Enterprise can help

Our managed solutions can help IT leaders reduce the burden on their understaffed and overworked teams, by automatically ensuring that your network infrastructure is up-to-date and secure, in accordance with the policies set forth by your organization.

Spectrum Enterprise delivers Enterprise Network Edge over the renowned Fortinet platform. This managed solution delivers complete visibility of security events and threats, network utilization and more through a secure and easy-to-use portal. You can take an active role in managing and controlling the policies of interest and leave the rest to us.

Over 80% of Fortune 500 companies rely on Spectrum Enterprise for technology solutions. Find out more about how Enterprise Network Edge can help you address cybersecurity issues.