How is AI being used in cybersecurity?
In today’s world, artificial intelligence (AI) seems to be on the tip of everyone’s tongue.
And while for many, the term might call to mind visions of self-driving cars and next-gen robots, enterprises around the world are already leveraging the technology successfully to help teams become more efficient and effective by surfacing insights and automating mundane, time-consuming tasks.
For security teams, AI presents a truly unique opportunity to aid in protecting valuable systems and data from the ever-evolving and maturing threat landscape. But how exactly does AI come into play when it comes to cybersecurity?
As cybersecurity teams continue exploring how AI and machine learning techniques can transform the way we bolster our security operations and empower our cybersecurity specialists to acquire new expertise, here are four areas you can start to use AI within your security organization:
# 1 | Confirming the quality of data you’re ingesting
One of the biggest issues cybersecurity teams face in implementing AI and machine learning models into their organization is the quality of data. Data quality is critical when it comes to automated decisions, particularly in security– if you put procedures and systems in place to alert you to potential malicious activity, but these systems are based on poor data, you could get overwhelmed with false positives and potentially miss a true threat, which could be detrimental to your organization.
While AI is vulnerable to poor data quality, it can also negate this very issue. You can train your AI to instantly identify issues with your data– whether it’s duplicative, inaccurate or incomplete – and flag it for you to investigate before it interferes with your broader data set.
# 2 | Identifying malicious activity and behavior shifts early on
According to Symantec’s 2019 Internet Security Threat Report, there were 246 million new malware variants last year– that’s 673,000 variants of malware that have never been seen before on a daily basis.
Analyzing every event that comes through your security network would be overburdensome to any security team. However, once you’re confident in the quality of data your systems are ingesting, you can make your AI learn what kinds of events are related to potential malicious activities. From there, the AI can sift through millions of daily events and surface any abnormalities or potentially malicious activity early on – now, your security specialists may only need to review 15-20 events a day and from the get-go, they’ll know these instances are truly worth their attention and analysis.
If the activity isn’t actually malicious – let’s say it’s just the first instance the network has encountered data from a new smartwatch on the market – once you’ve properly investigated it, thereafter, this activity can be recognized by your algorithm as normal.
# 3 | Generating new monitoring content via threat hunting
Proactive threat hunting can be labor-intensive and cumbersome, making it challenging to prioritize for many organizations, particularly if your security specialists are searching through data manually.
AI can apply various visualization techniques to data to create charts and maps that illustrate trends and surface any events that appear outside said trends. This not only enables your threat hunters to examine mass amounts of data with much more ease– cutting down on time and resources– but also brings forward new insights on things like behavior or potential attack vectors that your security organization hadn’t considered previously.
# 4 | Creating development opportunities for your security talent
AI should amplify and enhance human creativity and intelligence– not replace it.
As AI automates the mundane, routine tasks your security specialists once focused on, it’ll open time to focus on higher order responsibilities– whether that’s improving and testing new AI techniques or exploring new areas within their role that could enable them to add more strategic value – AI can open up new opportunities for your security specialists.
This article was contributed by Tom Cignarella, Director, Security Coordination Center at Adobe.
18 July 2019