The concept of Adaptive technology has been making its way through the cybersecurity industry. What is “Adaptive?”, one might ask. It is the next generation of applying intelligent automation and AI to tailor complex problems at scale. The key benefit of deploying Adaptive technology is to increase efficiency and eliminate wasted time. It’s all about finding the shortest path from point A to point B in a complex maze of possibilities, where point B is the optimal possible outcome. Let’s examine some examples of Adaptive being deployed in cybersecurity.
A couple years ago, ISC2 started using the adaptive testing method for certifications. The concept of a Computerized Adaptive Testing (CAT) has a long history of successfully identifying the test-taker’s level of knowledge quickly and precisely. CAT is a method of assessment that adjusts the difficulty of questions based on the test taker’s performance on prior questions. As a user answers questions, the system analyzes their responses in real-time and selects subsequent items that are tailored to their ability level. This approach enhances the accuracy of measuring a test taker’s skill or knowledge while reducing the number of questions needed, making the testing process more efficient and personalized. Overall, CAT offers a dynamic and effective way to evaluate knowledge and abilities.
Adaptive is being applied to Threat Intel, DLP and endpoint management by vendors such as Forcepoint and Cisco. BitSight also posted an article about the concept of adaptive security and its advantages. Overall, adaptive security is a proactive approach to cybersecurity that dynamically adjusts defenses based on the evolving threat landscape and the organization’s risk profile. It involves continuous monitoring, analysis, and real-time response to security threats, rather than relying solely on static, predefined measures. Blogs from these cybersecurity vendors highlight several benefits of adaptive security for organizations:
- Enhanced Threat Detection: By continuously monitoring and analyzing threats, adaptive security helps identify and respond to emerging threats more effectively.
- Improved Incident Response: The ability to quickly adjust security measures in response to detected threats can reduce the impact of security incidents.
- Increased Resilience: Adaptive security helps organizations stay ahead of sophisticated attackers by constantly evolving and refining their security posture.
- Better Risk Management: By aligning security strategies with the current threat environment and organizational risk, adaptive security supports more effective risk management.
- Intelligence About Users: The security controls around individuals need not be static, but can adapt to emerging threats as well as user behavior and context. CyberArk speaks about Adaptive Multi-Factor Authentication (MFA), designed much along the lines described above. Their adaptive MFA evaluates factors such as user location, device, and login history to determine appropriate difficulty of access.
Overall, adaptive security provides a more agile and responsive approach to managing cybersecurity risks, helping organizations to better protect themselves against evolving threats. This approach balances security and user experience, reducing friction for trusted users while providing robust protection against potential threats. Adaptive cybersecurity has to depend on a robust Cybersecurity Human Risk Management (HRM) feed to conditionally change access controls for users based on their risk scores.
There is no reason why Security Awareness Training (SAT) shouldn’t follow the same path – adapting to the user based on their human risk portrait. The SAT component of HRM is long overdue to transform from static one-size-fits-all training to become Adaptive. A lot more can be said on this topic. We documented the steps to get there in our Adaptive Training Playbook.
We can see here that not only is the emerging Cybersecurity HRM space a bit late to the Adaptive party, but it has a place in being the central cog of all adaptive cybersecurity strategies. Adapting to the human that’s using our tech stack can help organizations find the minimal necessary control friction that achieves maximum effect. We should start by tailoring our training so it shows each user only what they need to know for their job, environment and risk awareness. Training can become shorter and more effective. Nothing can be more engaging than that!