October 4, 2016

ChannelNomics: MSSPs Challenged to Use Machine Learning to Solve IoT ‘Noise Problem’ – Herjavec

Herjavec Group CTO discusses MSSP’s big data challenges

Big data is all the rage right now, and with the Internet of Things (IoT) continuing to grow, it seems data is going to get even bigger. According to MSSP Herjavec Group, this is and will continue creating a bit of a “noise problem” for the channel, which machine learning can help answer – if further developed.

During Splunk’s .conf2016 in Orlando, FL last week, Atif Ghauri, CTO of Splunk partner Herjavec, described the noise problem affecting MSSPs’ security operations centers.

“There are too many alerts,” he told Channelnomics. “There are a lot of raw logs, but everything’s alerting all the time. So what’s really real and actionable versus what’s just noise? And it’s just getting even noisier, especially with the IoT and the capabilities of technology.”

Ghauri pointed to even the less tech savvy – such as his own mother – having as many as four IP addresses. With even more sophisticated technology coming out, the executive noted that sophisticated tech users will have dozens of IP addresses.

He says  more noise and more logs coming out calls for MSSPs to find a way to better leverage machine learning.

“Our challenge now is using big data to get to the real promise of machine learning. There is a lot of speculation as to what machine learning can do…but really, really it’s not where it needs to be,” Ghauri said. “It’s still a work in progress from our practical experience. Probably the biggest area where there’s some promise as to helping with that noise problem moving forward is using machines to process stuff and to do that for us. Otherwise we’d be inundated.”

The challenge in doing this for an MSSP like Herjavec is being able to work with customers to figure out use cases that go beyond the basic five or six standard types of security use cases and into specific business context, he added.

“Every organization is different. You could have some industry specific stuff, which we do, but the real juicy alerts are the ones that have business use cases like a transaction done from a certain bank on a certain day or on a weekend versus a weekday at a transaction level at a certain number,” Ghauri explained.

“We analyze and [determine] the anomalies…but business folks have a sense of what’s right and wrong in their environment. Taking that information and converting it into our systems to watch them 24/7 is a challenge because they don’t know themselves how to communicate it.”

According to Ghauri, Herjavec tackles this service opportunity by looking to partner with the right vendors in terms of both software and hardware.

He added that for solution providers, the obvious IoT security opportunity is around integrating multiple types of devices and technologies across industries.

But there is more opportunity for solution providers to grab besides this “low-hanging fruit”, he said.

“Really, IoT security is going to come down to the individual,” Ghauri told Channelnomics. “The consumer always has a choice between flexibility, safety and control.”

He added that many IoT vendors today are just doing the basics and checking the security boxes required to get their products out as soon as possible.

When consumers demand more than this, the channel can expect the market to reach a tipping point, according to the exec.

“Vendors are going to be out there deploying all sorts of products, but if the customers aren’t going to buy  a product that’s going to be less secure, [vendors are not going to make the product], and that’s going to be the tipping point – when things really change for IoT from a security standpoint,” Ghauri said. “We could do integration all day… But until customer demands ‘it has to be this way otherwise I’m not going to buy it’…the market’s just going to get really wide really quickly versus getting smaller.”

Originally posted on channelnomics.com