Continous monitoring of cybersecurity

Many fields are evolving and becoming increasingly connected, and this is of course the case with industry with its digital transformation (Industry 4.0) or the space domain. At the heart of this connectivity, cybersecurity has become a major concern. While this is increasingly being considered in the design of a system, ensuring the cybersecurity of a system must be done throughout its life cycle. This should be done through continuous cybersecurity monitoring and 24/7 systems monitoring.

Cyber attacks are constantly evolving, becoming more sophisticated and targeted. Malicious actors, from lone criminals to organized groups and even nation-states, exploit every loophole to infiltrate networks, steal sensitive data, disrupt vital services and wreak havoc. Most security surveillance equipment is only able to detect well-known attacks, and the means used by attackers to mask their tracks are increasingly sophisticated. Some recent campaigns such as “Operation Ghost” (see 1) or “Solarwinds” (see 2), run for years and some systems often remain infected when the campaign is over.

The ongoing monitoring of cybersecurity poses several major challenges such as:

• The volume of data: Computer systems process and generate huge amounts of data every second. Filtering relevant events from background noise is a monumental task that requires time and resources. Monitoring tools must be able to intelligently sort this data in order to detect the sometimes weak signals of an attack.
• The complexity of environments: With the rise of cloud, IoT (connected objects), hybrid networks and distributed applications, IT environments have become extremely complex. Every element of this ecosystem can potentially become a gateway for cybercriminals.
• Evolving threats: Cybercriminals never stand still. They adapt their tactics and techniques to bypass the most advanced defenses. As such, monitoring solutions must be constantly updated and improved to remain effective.
• Skills shortage: The demand for cybersecurity professionals far exceeds supply, creating a critical skills shortage. Organizations struggle to recruit and retain the talent needed to effectively manage their surveillance operations.

2 main avenues seem to be studied to work on these issues.

Improving the sharing of threat information from different sources is a crucial part. This area is called Cyber Threat Intelligence. Organizations are increasingly relying on threat intelligence services to detect and anticipate attacks and strengthen their defenses. Standard protocols for the exchange of this information are developed. However, it is difficult to describe a threat in such a way that it can be identified systematically as many variants of these attacks exist. In addition, some victims of attacks are still reluctant to share this information so as not to damage their reputation. Until recently, Microsoft only communicated about a known and exploited vulnerability for months during its correction (see 3).

Greater automation of the handling of known threats frees up time for security teams to focus on detecting and dealing with more serious or unknown threats. Automated systems can respond to minor incidents, isolate compromised machines and even apply security patches without human intervention. By extension, the use of Artificial Intelligence (AI) and Machine Learning are technologies that play a crucial role in the future of continuous monitoring of cybersecurity. AI algorithms can analyze suspicious behavior, detect anomalies, generate new detection rules and take preventive action in real time.

In conclusion, the continuous monitoring of cybersecurity is a very important challenge but also an opportunity for innovation and collaboration. Technological advances such as AI and automation offer powerful ways to strengthen our defenses.