AI is not a cybersecurity silver bullet (but it does make life a lot easier)

artificial intelligence ai brain digital
Thinkstock

Artificial Intelligence (AI) is not a panacea for all information security tasks and challenges. But used appropriately, and with expectations firmly in check, it can be a very effective tool in drastically reducing the often manually-intensive business of network security.

AI and machine learning (ML) drives efficiencies in security by automating and speeding up mundane, manual tasks, such as updating signature-based security agents across multiple endpoints, and monitoring threat patterns. In using this kind of technology, organisations can focus skilled people on new tasks that solve problems, while AI does its job to detect and prevent escalating levels of threats.  Not only does this help with the ‘scale-of-threat’ challenge, but also, addresses fatigue among scarcely resourced staff.

Preventing cybersecurity ‘burnout’

According to research from the Ponemon Institute, 73 per cent of IT and IT security practitioners said the increasing workload that security operations centre (SOC) staff face was causing burnout, while 71 per cent blamed the 24/7/365 on-call culture and 69 percent said there were just too many alerts to chase.

Eliminating all the dull, time-consuming and repetitive tasks that are currently performed by SOC teams, such as pushing updates down to devices, is where automation comes into its own. Paying someone for performing tasks like this is almost tantamount to madness these days.  It’s like having police directing traffic at every intersection, instead of traffic lights. Today, all the constant updating, monitoring and checking can be done by a computer, rather than having a human do it – saving organisations a lot of time and money

The automation of such tasks drives true resiliency because businesses can adapt to the new way of operating very quickly. By driving down human resourcing requirements, removing the need to sift through logs and doing away with alert fatigue, companies can start to redirect those human resources into more complex, interesting and value-adding activities.

Preventative controls enhance cyber resiliency

The power of ML tools to analyse vast amounts of data helps businesses to respond to threats a lot sooner. This is achieved by identifying anomalies in data almost instantaneously and prompting preventative steps to be taken to minimise any potential harm to network security – compared to humans monitoring the same data sets.

It should also be said, AI is not about replacing humans but rather freeing them up to focus on tasks that still require human intervention.  For example, preventing rogue actors like a disciplined or dismissed employee from navigating further within the network and causing damage or stealing sensitive company information.

Augmenting teams with machines  

It’s also about getting the appropriate tools for the job. Even some next generation monitoring tools still rely too heavily on human input – which must be minimised, not simply reduced.

The Ponemon study also found that around two-thirds of respondents agreed the ongoing pressure would likely cause experienced security analysts to stop working in their SOC.

Moving resources away from managing alerts and updates to actual security operations using elevated skillsets is a powerful thing. It only takes one breach for a network to be exposed, so the 1 per cent of tasks that ML can’t pick up, such as identifying political and behavioural motivations behind inside threats, is vitally important. 

By shifting people over to the tasks that require elevated skillsets, businesses are enabling IT staff to work on the things they actually enjoy, leading to a decrease in turnover rates because people are more engaged with their roles.

A significant step change in IT security

The transformative effect of AI in IT security is akin to having a washing machine clean an entire load at once, as opposed to going down to the river and hand-washing each garment. It’s all about efficiency, convenience, effort and speed.

IT departments often have enough people, they are just not using them properly. Organisations need to be more efficient with how they use their people – and balance that with the right kind of technology.

The amount of money that goes into training people on various systems is another huge factor in shifting to AI-enabled security monitoring. Some organisations (and even some Managed Services Providers) store reams of data without even analysing it.

As I touched on previously, AI is not a catch-all – nothing is. But by shifting the responsibility of operational security teams from box ticking to highly skilled threat analysis, when threat actors take advantage of ML and AI in new methods of attack, enterprise IT teams will be primed and ready to respond.

Organisations need to make sure they are continually elevating the skillsets on their teams to meet new attack methods with expertise. Nowhere is this more pertinent than within organisations that are targets for nation state attacks and cyber espionage.

With signature tools, there’s a high chance that malware will get through. With AI-based tools, it’s more like a one per cent chance. If you’re dealing with 1000 alerts a week and not stopping the most mundane attacks, how are you going to identify the needle in the haystack that you should really be worried about?

Related:

Copyright © 2020 IDG Communications, Inc.

What is security's role in digital transformation?