Ingesting data from variety of data sources is a key to both from comprehensive visibility perspective and
also from changing organization landscape as well. More and more organizations are adopting cloud and
mobile world with smart devices. With changing landscape, the solution mandates Dynamic Threat
Models (DTM), which automatically adapt to the change. Having inbuilt DTM engine is far better than
relying on security analysts to write the correct set of rules and then keep on fine-tuning it to capture
sophisticated attacks. Such a method is clearly error prone and handles the attacks after the fact. Some
customization is important, but most of the attacks related threat models have to be in built into the
solution.
Machine learning (ML) and Artificial Intelligence (AI) based behavioral science has a critical role to play
in finding all sorts of anomalies in application, devices and users behavior, but it could lead to massive
alert fatigue. Most Security Information and Event Management (SIEM) solutions have tried to retrofit ML
algorithms into existing platforms and this strategy definitely leads to alert fatigue for the end user. That’s
why an advanced correlation engine that correlates the anomalies with situational context and historical
context is important to reduce the false positives and eliminate alert fatigue. Also any built-in threat
models and ML/AI based engines need to adapt itself dynamically to changing organization posture with
dynamic thresholds and changing global threat intelligence with dynamic periodic feed. Finally, the
solution should not only proactively detect but also contain or eliminate the attacks by providing
actionable intelligence and automated infrastructure to orchestrate and apply right set of policies.
Overall the comprehensive cyber security for digital era requires a platform that is built grounds up with
the key ingredients required to protect any size organizations. Organizations and service providers must
evaluate the vendors against these principle ingredients and requirements before they put their money
on it.
Figure 2: Comprehensive Cyber Security Solution Ingredients