April 19, 2016

Security auditing – from tactics to strategy, perhaps with a little help from machines?

Tomi Behm

Lead Security Services Product Manager, Tieto

When we talk with security professionals in the field, one ever-present theme is the need for more strategic insight into security. And this is where traditional auditing may leave us wanting.

In a previous blog post we gave some reasons why traditional security auditing, that trustworthy and long-serving tool in any CIO’s or IT manager’s toolbox, may not be enough in today’s business environment.

The four main problems are:
1. Traditional audit gives a snapshot view on things, but people, devices and software are connected 24/7, and yesterday’s audit won’t help much if a problem arises today.
2. Reports often get buried somewhere and are not used to improve infrastructure and processes – especially if the audit doesn’t reveal anything worrying.
3. Reports are too technical and don’t translate into the language of business.
4. Auditing is based on sampling and fails to recognize human factor or pure coincidence.

To summarize, we could say that the traditional audit is a good way to get a tactical, snapshot-like view on how things are going at the moment. But nowadays it is essential to forecast and evaluate how our digital business environment is evolving and adjust our operations accordingly.  When we talk with security professionals in the field, one ever-present theme is the need for more strategic insight into security. And this is where traditional auditing may leave us wanting.

Making security auditing a strategic tool is easier said than done. To do so, auditing must be a continuous process and be able to unveil non-evident patterns and trends. 

Machine learning and AI as new frontiers

Traditionally, auditing may originate from three sources. It may be a mandatory thing that the officials do. It can be done in-house. Or we can use third-party service providers.

But increasingly, we use machines. Machine learning has taken remarkable steps forward. For instance, major cloud providers such as Amazon and Microsoft are building machine learning offerings that anyone can use.

Machine learning has been used in financial industry for a long time to detect fraud, but in the broader cyber security field, static rules and known attack vectors have been the common approach. But this is about to change. Machine learning may give us the necessary tools to lift security auditing to strategic level, and transform auditing from mere reporting to true analytics. Goal should be nothing less than continuous compliance, with relaxed audit overhead.

Once again, this is much more than a question about technology. It requires us to change the whole mindset with which we think of auditing. But this seems as a genuinely interesting new toolset, and should not be overlooked.

After all, we should definitely not underestimate the power of machine learning. The Chinese chess-like game Go has long been touted as a mission impossible for computer to master. And look what they did at Google Research a few months back! 

Read more about how Tieto Security Services can help to protect your organization.

 

Stay up-to-date

Get all the latest blogs sent you now!