Zeitgeist. Buzz. Hype. All technology needs to be promoted when it’s new and competing for attention. When novel solutions emerge, there is a genuine need to educate potential buyers on the benefits and use cases. However, when buzzwords and fear of missing out (FOMO) drive cybersecurity purchasing decisions rather than actual value delivered by the tool, your cybersecurity program is likely to be a patchwork affair of shiny objects and half-useful tools.
In this blog post, we share a way of looking at technology to determine if it can make a positive contribution to your cybersecurity program, and break down some common tech terminology to help you separate hype from reality.
The Gartner Hype Cycle
Research firm Gartner is often writing about technologies on the bleeding edge, and they have identified that the hype around a new technology or innovation follows a predictable cycle. The so-called Hype Cycle charts the progression of an innovation, “... from overenthusiasm through a period of disillusionment to an eventual understanding of the innovation’s relevance and role in a market or domain.”
It’s critical to understand whether a given cybersecurity tool is in the midst of overinflated expectations, where it is unlikely to live up to expectations, or in the Trough of Disillusionment, where it is still valuable but may not be considered a wise investment. This requires reading into marketing materials and doing independent research into the new technology, which may be challenging due to a lack of available information or knowledge.
Dropping some buzzword realness
To help you get to the root of the hype, we’ve compiled a list of common buzzwords in the industry. These are presented below, along with a simple definition and details on how (or even if) the innovation is useful to a cybersecurity program.
Artificial intelligence + machine learning
Myth: AI and ML conjure up some fantastic imagery of sentient computers that replace all of the things — the computer on 'Star Trek' for example — computers that can either enhance or decimate society. However, this fiction is far from the truth. Human language is contextual and hard to understand, making it difficult for a computer to respond appropriately to the requests any crew member could throw at it.
AI and ML are nascent and have issues that include unpredictable and undesirable outcomes. For example, ML is used to train facial recognition software, yet these programs suffer from serious issues. Facial recognition models only work with an appropriately diverse set of faces; without this underlying data, the model cannot identify faces with different skin tones or bone structures. Driverless cars struggle to identify unfamiliar animals in new countries because they are often trained to spot and avoid common animals in North America.
So what can AI and ML do for your organization? ML can reduce the repetition in monitoring network traffic or tuning security devices. AI can be useful in supplementing human analysis efforts like digital forensics and incident response (DFIR), threat hunting, etc. These technologies are helpful supplements — not replacements — for humans performing repetitive cybersecurity work.
Endpoint Detection & Response (EDR) tools like Malwarebytes and SentinelOne (Coalition partners!) rely on AI/ML to identify threats like ransomware.
Myth: Blockchain will solve all of our problems and completely remove human fallibility from the equation. Organizations will never again fall victim to a malicious actor. Blockchain, in essence, is the solution to all cybersecurity troubles.
The reality is blockchain is an emerging technology and can supplement existing mechanisms for trust and integrity but it cannot replace them. Not yet, anyway.
Structures already exist for verifying trust and integrity: lawyers, escrow, accounts for money, and software already perform these functions. By contrast, blockchain is a new and untrusted technology with no inherent cybersecurity benefits — it’s just a secure ledger.
Blockchain may hold value in situations where a decentralized source of trust is needed. Digital certificates used to secure web and email traffic rely on ID verification and must be renewed frequently. A defensible, provable blockchain-based ID could cut down on the overhead, but it’s a tall order to replace the existing solutions.
Myth: Everything is in the cloud and everything in the cloud is secure. Migrating to the cloud will cut nearly all IT and personnel costs and improve your organization’s security posture.
There are, in fact, insecure cloud configurations. Data breaches frequently result from insecure cloud storage, exposing sensitive data in the cloud as a result.
Cloud computing can amplify shadow IT, which is the use of systems, devices, software, applications, and services without the approval of your corporate IT department. Essentially, members of your organization can purchase and run cloud services without approval from IT and without appropriate security controls applied to those services.
Cloud computing, with proper governance in place and realistic expectations, can be a win-win. The shared responsibility model details how the task of securing cloud computing is split between provider/consumer.
Coalition policyholders, or those with a Coalition Control account, can make use of our automated scanning and monitoring to shine a light on shadow IT and identify errant cloud services.
The dark web
Myth: Both the deep and the dark web are the most wretched hive of scum and villainy on the internet. It is ill-advised to traverse the seedy underbelly of the internet — or, it’s the source of all knowledge needed to run a cybersecurity program (so the threat intelligence services tell you).
While it is true that there are unsavory things on the dark web to include criminal activity and exploitation, it isn’t a place that you can just stumble upon. Getting on the dark web isn’t a matter of just opening a web browser. It requires special knowledge and access methods including, but not limited to, using the TOR network. Invitations may also be required to gain access to some of these sites.
By contrast, the deep web has content that is neither scary nor villainous. These are internet sites that cannot be indexed by a search engine and are therefore not searchable, often because the content is hidden behind a login. Online banking, academic journals, and private social media sites are just some of the legitimate sites that are located on the deep web. The content on these sites is unlikely to be useful to most organizations.
While dark web intel is useful basic cyber hygiene and good password management is far more impactful for your organization.
Coalition’s Automated Scanning & Monitoring scans the dark web for information like breached user accounts and malware signals for our policyholders
Newfangled, innovative tools and services can be valuable when used properly. The best method to adopt new technologies is to keep expectations realistic; don’t pursue the new, shiny cybersecurity toy at the expense of the basics.
To gain a better understanding of the basic cybersecurity tenets, download the Coalition Cybersecurity Guide, which covers the 10 most important things you can do to secure your organization and reduce the likelihood of experiencing a cyber incident.