Accumulation of a growing body of data and analytics insights is rapidly progressing cybersecurity analysis from being a monitoring tool into something that can proactively predict future events, the head of an Australian analytics specialist has said on the eve of the company’s move into the massive US government market.
The algorithms of Veriluma, which were spun out of global security and counter-terrorism analysis work for the Australian Defence Intelligence Organisation, have been well received within Australian government agencies, CEO Elizabeth Whitelock told CSO Australia as the publicly-listed company announced it would leverage its domestic success by partnering with US-based Diamond Capture Associates to take a tilt at the world’s largest defence-technology market.
A key defining characteristic of the Veriluma technology – which sits on the Amazon Web Services (AWS) cloud or can be deployed internally – was its ability to detect patterns and make predictions from what is often just a small amount of data, or unstructured data such as analyst opinions.
“People forget the importance of the world of small data,” she said. “We all talk about big data, but sometimes we haven’t got enough time to pull everything together. And we can play in that small data space really well. We don’t necessarily need to have vast quantities of data to make a prediction.”
That focus would increasingly translate real-world security analyses – for example, searching for indicators that could presage new risks, possible vulnerabilities and likely perpetrators due to an acquisition announcement or other business change – into a cybersecurity sphere where distributed denial of service (DDoS) and business fraud are becoming common potential outcomes.
Based on an API layer that offers a range of deployment scenarios for integration with other tools, Veriluma’s technology weighs the likelihood of particular events happening, and has become grounded in defence, financial and legal services through regular usage in a dozen Australian government agencies.
Whitelock anticipates the company will initially find its feet in US organisations through similar applications, with cybersecurity applications including the identification of potential security vulnerabilities that are likely to facilitate the execution of financial fraud or other transactional issues.
Previous application of the algorithms to cybersecurity scenarios have been used to help do “strategic cyber threat analysis”, Whitelock said. “We’re not there monitoring the networks, but you know all the tool sets that sit on the networks and understand their breaking points. You have a whole pile of indicators coming on the network, and you can make the decision that those indicators mean you’re going to be attacked.”
Predictive capabilities are an increasingly important part of running a mature security organisation, but a recent IDC analysis of Australia’s cybersecurity suggested that most organisations are still well behind the curve when it comes to embracing the approach.
Just 2.4 percent of Australian organisations could be categorised as ‘predictive professionals’, according to the latest IDC MaturityScape Benchmark, whereas 51.3 percent fell into the ‘reactive responder’ category – in which organisations meet compliance requirements but “can be challenged in a breach scenario and overspend on ineffective measures.”
By comparison, some 21.1 percent of Australian organisations were classified as being a ‘compliant companion’, in which the organisation invests heavily but has difficult “describing [its] value proposition in strategic terms”. By contrast, IDC market analyst Lydie Virollet said, a predictive professional organisation “has an efficient and effective economics driven security strategy, including risk returned per unit cost, for the entire portfolio”.
That’s an elusive goal for most organisations, but better use of analytics in its various forms has been tightly linked with improving the maturity of organisations’ security postures. The key to deriving insight and predictions from small-data environments, Whitlock says, is to position the technology as a support tool for skilled humans rather than the be-all and end-all of decision-making. “All we need is for the user to gather information using what they’ve already got, and we can ingest that data to spit out an assessment,” she said.
“Sometimes you may not have everything that you need – but you may have someone’s opinion. Ultimately you’re still dependent on humans to try and interpret what all of those indicators mean – but by taking information streams from other places and providing a richer context for decision-makers, they are getting a clearer perspective of what is likely to happen.”Read more: Business push for cyber-sec cooperation continues