At a point in time, smart devices and robotics were common elements in the storyline of futuristic fictional novels. Today, those concepts are the modern norm across the technology industry. Similarly, in cybersecurity, pioneering professionals held on to seemingly far-fetched dreams where logs were easy to analyze, and false positives didn’t exist. While these challenges still exist, artificial intelligence (AI) is making these once far-fetched dreams the new norm in the security industry. Businesses no longer have to spend hours sifting through financial records to detect fraud or manually investigating system logs in the wake of a cyber-attack. AI applications in security are making the lives of consumers, businesses, and today’s cyber professionals much easier.
Here are a few examples of how artificial intelligence is being used across the industry:
• General automation is helping alleviate the industries talent challenges. AI is often used to automate tasks that security analysts and engineers may spend hours, days and sometimes even weeks trying to complete manually. In a 60 Minutes interview recapped by Fortune magazine, an AI expert predicted that in the next 15 years AI would replace 40% of jobs. While the general workforce may cringe at this statistic, this is a win for the cybersecurity industry where the demand for cybersecurity talent grossly surpasses the supply. AI is being used to impact the industries talent challenge positively.
• Artificial intelligence is increasing the accuracy of alerts and minimizing false positives. Companies often use anomaly-based technology to alert cybersecurity specialists of potential risks. These tools can generate many false positives when not configured accurately. AI can augment these intrusion detection systems with standard machine learning methods like clustering, pattern matching, association rules, and data visualization, to better fine tune alerts and reduce false positives. This increases the ability for companies to detect both external and insider threats within organizations.
• It’s sparking an anti – password revolution. One of the most significant pain points in the industry today, especially for consumers, is the concept of memorizing, updating and managing character-based passwords. While they provide the necessary protection against unauthorized access, they are also vulnerable to various attacks such as brute forcing and social engineering. AI is enabling the development of smart authentication systems that do away with the traditional character passwords and rely more on upgraded methods like biometric authentication. From fingerprint and retina scans to facial recognition technology, authentication as we know it is changing rapidly and for the better.
• Next generation threat hunting powered by AI will help organizations better anticipate threats. Threats are constant in cybersecurity, and it’s impossible for analysts to effectively comb through all system data in search of repetitive patterns, anomalous behavior, and other outliers. With next-generation AI tools, human threat hunters can work hand in hand with artificial “hunters” to conduct more productive and efficient investigations. Furthermore, it will enable a more anticipatory method of hunting. Through the automated collection of machine-readable external threat intelligence data and the ability to tailor analysis to each organizations environment or context, human threat hunters can more proactively seek out relevant threats. Also, the threat intelligence collection and synthesis opportunities become limitless.
AI can also collect and apply text analytics and natural language processing to readable data with relevant threat information. This includes blogs, forums, social media, and the dark web. Doing so narrows the human threat hunters daily research load and enables them to spend their valuable, and often expensive, time understanding how relevant threats can impact and apply to their environment.
• It’s cutting down investigation times when it matters the most. In the event of an incident or attack, AI-based solutions can more quickly and accurately answer questions that can sometimes take weeks or months to solve. Advanced investigation tools can help companies understand the who, what, when, where and possibly even why regarding incidents and breaches. By mining numerous data sources including past alerts, network and asset information, security logs, and other relevant data – clusters, associations, and patterns can be uncovered and shared with human investigators. These advantages even trickle over into incident response. AI techniques, such as knowledge engineering and case-based reasoning, can be used to create playbooks that dynamically guide incident responders on what to do in the event of an incident. By considering previous incidents and codified knowledge from experts, the technology can continuously modify or create new branches in the central playbook as it learns from new incidents.
AI is being used all around us. Advancements in the space are thwarting any doubts that preceding generations had regarding the limitations of technology. Furthermore, the use cases in cybersecurity are making life easier for consumers and empowering businesses to serve their customers better. Whether discussing the cybersecurity industry or beyond, artificial intelligence is helping us bolster the capabilities of human beings, replicate intelligence and take the world to new heights.
Insider Risk – How Prepared Are You?
Not every company is equally prepared to deal with insider risk. This report outlines the four stages of insider risk maturity and explores how to improve your insider risk preparedness.