Security operations centers (SOCs) increasingly rely on network data flows as they collect telemetry from devices and monitor user behaviors. To make these massive data flows manageable, SOCs turn to rules, machine learning, and artificial (or augmented) intelligence to triage, de-duplicate, and add context to the alerts about potential dangerous or malicious activity. Pushing the boundaries of what machine learning can deliver when nourished by massive data has already led to significant invasions of privacy, especially when the efforts are driven by business demands. More often than not, ethics has taken a back seat when applying machine learning and AI. Companies such as ClearView AI and Cambridge Analytica have vastly overreached in their analysis of consumer data because they could, using consumer data without explicit permission and offering nothing in return.

As IT environments become more dynamic, hybrid, and complex, it's becoming increasingly difficult for security operations center (SOC) teams to quickly detect and address critical threats with traditional tools. SOC staff must process and analyze a massive--and growing--amount of data, as they face ever more sophisticated cyber attacks. To respond effectively, SOC leaders can't keep adding rules-based tools to their already large and often unwieldy security stack. Instead, they need AI technology that analyzes data at scale and in real time and that uses machine learning to spots any anomalies that could signal a breach. That way, SOC teams detect unknown, fast-evolving threats missed by rules-based products configured to spot known attacks.

Micro Focus Universe in The Hague has a lot to offer the world of Security Operations. Industry experts, analysts, and software engineers will get together and discuss all things relevant to SecOps. Machine learning, artificial intelligence, SIEMs, UEBA, SOAR, compliance, and security infrastructure will all be discussed at the upcoming event, starting March 17th. Security Orchestration, Automation and Response (SOAR) is essential for those in the business of finding, stopping, and remediating security incidents. It is the set of processes and programs that allow near-instantaneous reaction to threats and breaches.

In my last blog I talked a lot about the changes CISOs are seeing today. A critical part of the role of the future CISO will likely be to play the long game when it comes to technology. A good CISO will need to keep a finger on the pulse of technological change, opportunities and risks, helping guide an organization through rapid transformation and almost continuous marketplace disruption. In a digital future, it's not enough to talk about technology'enabling' enterprise, or technology being'integrated' into business processes - technology is the enterprise; it is the business process, and discussing it any other way limits our ability to fully grasp it. We frequently discuss the growing skills gap and the need to recruit more talent as one of the primary challenges of our day; but future CISOs may be working with a security team significantly diminished in size.