Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label data science. Show all posts

Offensive Security Necessitates a Data-driven Approach for CISOs

 

There remains a significant disparity in utilisation of resources between defensive and offensive cybersecurity technologies. When comparing the return on investment (ROI) for defensive and offensive investments, security experts discovered that offensive security routinely outperforms defensive security. For example, penetration testing not only identifies vulnerabilities, but it also addresses and seals potential access sites for hackers. 

This recognition should drive organisations and their security leaders to consider why there is so little investment in offensive security solutions. Many CISOs recognise a clear market gap in offensive security tactics, with acquired tooling fatigue unable to satisfy the changing needs of modern enterprises. CISOs must now look into how a data-driven approach may generate a proven ROI for each offensive security expenditure they make. 

Data science and cybersecurity: A powerful duo

In an era of digital transformation and networked systems, cybersecurity incidents have increased tremendously. Businesses face a slew of dangers, including unauthorised access and malware attacks. To tackle this, data science may give analytics that assist security leaders in making informed decisions about their cyber resiliency plans and tactics. 

Data analytics, whether powered by security providers and in-house technology like AI/ML or threat intelligence feeds, entails identifying patterns and insights from cybersecurity data, generating data-driven models, and developing intelligent security systems. By analysing relevant data sources from security testing across assets, systems, customers, and industries (including network activity, database logs, application behaviour, and user interactions), they may deliver actionable intelligence to secure their assets.

However, the most significant component of data analytics is that it improves data-driven decision-making by giving much-needed context and proof behind user behaviours, whether authorised or unauthorised. Data-Driven Decision Making in Offensive Security Data-driven decision-making is the foundation for effective offensive security. Here's how it takes place.

• Threat Intelligence: Data analytics allows organisations to gather, process, and analyse threat intelligence. Defenders obtain real-time insights from monitoring indicators of compromise (IoCs), attack patterns, and vulnerabilities. These findings inform proactive steps like fixing key vulnerabilities and modifying security rules. 

• Behavioural analytics: Understanding user behaviour is critical. Data-driven models detect anomalies and highlight questionable activities. For example, unexpected spikes in data exfiltration or atypical login patterns will prompt an alarm. Behavioural analytics can also help uncover insider threats, which are becoming increasingly prevalent. 

Challenges and future directions 

While data analytics can boost offensive security and decision-making, major challenges persist. Data quality is critical for accurate and actionable intelligence; as the phrase goes, "Garbage in, garbage out." Balancing privacy and ethics can also be difficult, but because security testing data should be free of PII, this should not be the primary focus, but rather intelligence that can help make better decisions.

Ultimately, offensive security practitioners must anticipate adversary attacks. However, the future seems promising, as data analytics can propel offensive security as a viable and evidence-based strategy. With analytics, security executives can proactively defend against attacks. As threats develop, so should our data-driven defences.

Is Data Science loosing all that hype?


All over the world companies are making cuts, the COVID-19 has lead to a major economic downfall, and companies are struggling to stay afloat by reassessing their strategies and priorities. This has made companies realize the actual value of data science in business and things are not looking good. There have been mass cuts and layoffs in tech industries including data scientists and AI specialists and many are saying that the hype over data science is finally coming down.

Over the last five years the data science field has bloomed with a soaring speed and talent in data science has increased exponentially but it is expectant of companies to let this department go as when we look at direct business value, data science, unfortunately, don't add much - they fail to make the essential need-to-be list. Hence, the demand for data scientists will significantly decrease in the foreseeable future.

Dipanjan Sarkar, a Data Science Lead at Applied Materials talks about AI and lose business models saying, “The last couple of years, the economy had been doing quite well, and since every company wanted to join the AI race, they started pulling up these data science teams. But, they didn’t do the due diligence in hiring. They didn’t have a clear vision in mind as to how their AI strategy is actually going to help. Companies may think that they’re not getting any tangible value from large data science teams. This can trigger a move to cut down the staff, which may be non-essential ".

Most of the core business is done by engineering and manual processes and data science just adds the cherry on top. AI, machine learning, and data science are only valuable if t data science creates money or save it. Companies currently are focusing on cash curves and ventures like data science have become big questions thus when companies make cuts, data scientists will be the first to let go.

"People need to understand that data science is nothing special than any other IT related field. Furthermore, it is a non-essential work. I firmly believe that data science people will get fired first than engineers in any company’s worst situation (like Covid-19 pandemic),” according to Swapnil Jadhav, Principal Scientist (Applied Research) at DailyHunt.