The amount of APTs, ransomware and phishing attacks have been growing steadily for the last few years. As a result, cyber security professionals have been looking for better methods to protect organizations. In this article, we will discuss one of those newly popularized methods: cyber security ontology.
What is Cyber Security Ontology?
Although it started gaining popularity in the recent years, cyber security ontology is not a new concept. It was first coined around 2012 by Carnegie Mellon University’s CERT program.
When you hear the term cyber security ontology, it might remind you of the philosophical concept of ontology, which refers to the branch of philosophy that deals with the nature of being. Yet cyber security ontology has nothing to do with philosophy. Instead, this term refers to a set of categories, concepts and ideas within the framework of a specific area or domain. The most prominent feature of a cyber security ontology is the fact that the relationship between all items in the set are illustrated.
The idea behind a cyber security ontology is the need for a common language that includes basic concepts, intricate relations and main ideas. With the creation of a proper and cohesive cyber security ontology, the members of the cyber security community across the globe can efficiently communicate and develop a shared understanding regarding the prominent ideas within the field.
Moreover, cyber security ontologies are unique in the way that they also include the relationships between each entry within an ontology. This allows the cyber security professionals to make faster and better decisions. Also, being able to see the relationships between incidents, events and concepts provides a valuable insight.
Although cyber security ontologies have been gaining popularity over the last few years, there is an ongoing debate regarding whether they are actually useful and necessary. sargue that such taxonomies allow cyber security professionals in different organizations or even in different countries to communicate faster and more efficiently. Moreover, they state that ontologies can be very beneficial for describing critical vulnerabilities, risky exposures and weak spots that can especially harm mobile-enabled organizations and employees. In addition, some organizations report that employing cyber security ontologies helped them discover new product capabilities and use their resources more efficiently.
On the other hand, some cyber security professionals believe that cyber security ontologies are rather stagnant and hinder possible updates on the definitions of the items in them. As the attacks change, our defence systems and precautions change. Naturally, definitions of once-straightforward concepts and ideas might need some updates.
From our perspective, each organization faces different challenges when it comes to cyber security. That is why ontologies and taxonomies can be very beneficial for some organizations while being completely useless for others. It is up to you and your cyber security professionals to decide whether such an approach would be useful for you.
Integration is one of the most critical features that every security product should have. But, unfortunately, this is not a case when it comes to too many traditional security tools.