Many of the recent storylines around AI play into the ongoing theme that the innovation and advancements being made pose a bigger threat than benefit — but it’s much more than a buzzword draped in fear. As polarizing as the dialog can be at times, when you dissect the challenges being addressed by AI solutions in certain industries, it’s much easier to parse the true value it can deliver.
So, while the caution flag has been raised, let’s step back and look under the AI hood as it relates to cybersecurity with perspective gained from decades of experience helping organizations stay ahead of cyberattacks along with insight into how AI is changing the game — tipping the scale in favor of the good guys.
SOC Challenges Continue to Spiral Out of Control
To experience the true challenges that security professionals are up against today, you don’t have to look any further than inside the Security Operation Center (SOC). And if you ask any SOC analyst, architect or leader — the story would carry a similar tune. There’s simply too much adversity to deal with inside the environment of an enterprise network to effectively secure it with current practices.
SOC teams are inundated with security alert noise to the point that it’s nearly impossible to tell which security alerts are benign and which pose a real threat. The evolution of sophisticated attacker methods further compounds this challenge. Attackers have become masters at disguising themselves as wolves in sheep’s clothing where the only way to stop them is by uncovering their true intention after they’ve already been granted the keys to your kingdom. A tall task for any security analyst already reviewing alerts by the thousands. The introduction of cloud and SaaS makes every network environment hybrid — meaning there’s no easy button for security coverage across all attack surfaces.
Arming Human Intelligence
At its core, the best way AI can enable the SOC is by arming its human intelligence. However, whenever we think about introducing new technology to an environment, it’s imperative that we take into account the people who will be using it and how it will help them. In the SOC, security practitioners are the most important part of keeping an organization secure. They are the trained experts who can build systems that enable teams to hunt, investigate and respond to threats with the innate ability to apply judgment based on their expertise when needed — something that can’t be replicated by technology.
Unknown threats have spiraled out of control and can hide in our environments because we’ve been doing things the same way while attackers continue to innovate, attack surfaces continue to expand, and current security technologies compound the problem with more alerts. In this world, AI is the neutralizer.
Achieve Threat Signal Clarity, Stop Cyberattacks
In 2022, the cybersecurity workforce gap was reported at 3.4 million people. It’s not only becoming more difficult to find cybersecurity professionals to hire, but there’s burnout among security leaders who already hold the positions. Some reports suggest that as many as half of the security leaders in certain regions are reaching a breaking point.
Today, AI can help SOC teams know where a compromise exists so they can prioritize time and effort on the most critical and urgent threats. With the right approach and data science behind it, threat detections can automatically analyze attacker behaviors while machine learning can further analyze detection patterns unique to each environment. It’s also possible to do so across a complete hybrid-cloud network, so analysts can see what’s happening whether an attacker is working to progress in a data center or through a compromised SaaS account.
We’re not suggesting that AI is the silver bullet to all of the challenges; however, the reinforcements it can provide in the SOC to help support the analysts’ work would seem to be a welcomed addition.
Ask the Right Questions
While there are plenty of valid questions being asked about AI, there is certainly more to it than the recent conversations centered on ChatGPT. We should always question the intentions of any technology since there will always be people looking for opportunities to misuse them — cyber attackers are notorious for exploiting new technologies, especially when there’s a large user base. But the fact is, AI has been around for a long time and is now built into some of the largest technology platforms that we all use each day.
Companies that leverage or build AI platforms should welcome questions to help break down any stigmas and encourage a transparent dialog. Conversations around AI provide a great opportunity for everyone to learn about where technology is headed and how it’s being used. As we travel around the globe to talk with customers or meet with other security leaders and board members, there’s been a common theme — AI is on their roadmap if it’s not already being utilized. These are the conversations we learn from the most and we’d encourage anyone who has concerns to ask the tough questions in order to gain the right clarity.