This article is part of an Essential Guide, our editor-selected collection of our best articles, videos and other content on this topic. Explore more in this guide:
2. - Hold off hackers and know your legal limitations: Read more in this section
- Hacker mind-set a prereq for security engineers, says Markley CTO
- How to build a security roadmap with a cascade approach
- Active cyberdefense: What are the legal limitations?
- Predictive security intelligence: How it protects today's enterprise
Explore other sections in this guide:
- 1. - When information security goes haywire
- 3. - Managing information security proactively
- 4. - Emerging security considerations
Predictive security intelligence: How it protects today's enterpriseDate: Dec 06, 2013
As IT leaders put more effort into forecasting technology trends and strategize for an often uncertain future, terms such as predictive analytics, predictive modeling and predictive coding frequently pop up. So here's another one for the technology lexicon: predictive security.
At the ISSA International Conference in Nashville, Tenn., this fall, SearchCompliance Editorial Director Christina Torode sat down with Eric Cowperthwaite, vice president of advanced security and strategy at Core Security Inc. and former systems director and CISO at Providence Health & Services, to discuss his conference session titled, "Predictive security: Another meaningless marketing term? Or a real possibility?"
In this Ask the Expert video, we ask Cowperthwaite to tell us exactly what predictive security intelligence is, and how companies should weave it into their enterprise security programs.
What is predictive security?
More from the ISSA conference
Securing networks: Another ATE from ISSA's conference
ISSA tweet recap addresses security roadmaps
Attendees talk whistleblowing and more
Eric Cowperthwaite: Predictive security is a solution to a problem. Today in the security world, we focus on trying to protect everything. We look at however many servers you have in your network, however many laptops, desktops, mobile phones, etc., and then try to make sure that they all have a specific set of security controls on them. You treat them all as if they are high priority. You try to remediate every single vulnerability you discover.
If you think about a company like Providence Health & Services , that's an organization with about 65,000 employees, 7,000 maybe 8,000 servers there, and about 100,000 other computer nodes on their network. It's really beyond the capability of anybody to understand how to defend that network in terms of where the vulnerabilities are, or how someone would attack it in our traditional approach.
Predictive security is trying to apply analytical solutions to this massive amount of data that we have, to tell us where in the future we can expect to see problems, and help us begin to defend against how our adversaries who are planning to do something bad to us.
Let us know what you think of this video; email firstname.lastname@example.org.