While we’ve been talking about and imagining artificial intelligence for years, it’s only recently begun to become mainstream and accepted for a wide range of applications – from healthcare analytics to Google Maps and Roombas. At the same time, cybersecurity has been surprisingly slow to adopt this important technology.
There are several reasons for this: too much hype around early claims of “black box” AI; misconceptions about technology; and a lingering belief among the old security guard that AI can’t be trusted and will never match human intuition to spot real threats.
It’s time to move beyond these misconceptions and examine real-world examples of how automation, AI, and machine learning have been effectively applied to improve security coverage and accuracy. , while significantly reducing costs. The real question isn’t whether AI or human intuition is better – it’s how we can effectively combine the two, enabling intelligent automation that supports routine decision-making by learning from experts. humans.
Urgency of the problem
Because we are in the midst of a cybersecurity crisis, we must move beyond theoretical discussions of the pros and cons of AI and seriously consider the adoption of more advanced technologies to meet urgent needs. Today’s realities make it imperative to update our approach to security:
- A significant increase in the number of attacks and damage caused – ransomware payments, OT network shutdowns, loss of corporate IP address and loss of private information
- Attacks are becoming more sophisticated, bypassing many of our legacy security strategies
- There is a huge shortage of trained security analysts, and they don’t want to be burdened with repetitive manual labor – throwing bodies at the problem isn’t practical or efficient
- The legacy perimeter security model is outdated as the battle shifts to widely distributed cloud applications and virtual infrastructure
- Attackers are wholeheartedly embracing AI and ML, launching more sophisticated attacks that quickly learn and adapt to our inadequate defenses.
eBook: The Definitive Guide to AI and Automation-Powered Detection and Response
Why your next SOC assistants are robots (and your networks will be more secure than ever)
Misconceptions about artificial intelligence
AI has become such a buzzword that few of us stop to think about what it actually means. Hollywood has filled our imaginations with benign and frightening images of AI – from R2D2 to the Terminator, but the reality we’re more likely to see are devices like the Roomba. This faceless, personalityless device uses AI to overcome obstacles, plan routes efficiently, and take care of repetitive tasks that many of us would rather avoid.
AI must be explainable and customizable
Gartner has released a series of insightful reports on the emerging use of AI in attack detection. One of their key findings is that “the inability to customize and audit artificial intelligence (AI) models is a major barrier to adoption.” They also recommend that emerging technologies should “move away from a ‘black box’ approach towards explainable and customizable AI models that can be adjusted based on analyst feedback.”
It’s fair to be skeptical of vendors’ claims of AI “magic” that only they can see or understand. But dismissing all of this as hype ignores many examples where AI-based automation is having a significant impact.
Forrester analyst Allie Mellen joins LogicHub as a guest speaker to discuss the evolution of SOAR technology and how AI can enable a new generation of solutions for SOC. Please join us on May 19and at 8:00 a.m. PT / 11:00 a.m. ET!
Combining human skills and machine skills
The human brain is remarkable for making judgments and decisions extremely quickly, based on subtle signals and acquired experience. Although this is often thought of as intuition, it is actually accumulated experience and dozens of quick decisions made almost unconsciously. In fact, the autonomous vehicle field has struggled to replicate the thousands of decisions humans can make in unexpected situations while driving on the road.
In the context of security, experienced analysts can quickly and accurately identify isolated incidents and suspicious activity, without disclosing every factor used in decision making. Many people will simply refer to this as “I know it when I see it”.
It is an ideal environment for machine learning. Although humans cannot easily isolate all the factors they use in decision making, having a feedback loop with human review allows machine learning models to adjust and adapt. quickly when the analyst approves or rejects the automated results.
Even limited machine learning can yield huge safety results. Many analysts complain that 80-90% of their work is spent chasing routine, trivial, repetitive and often false alerts. The tasks they perform to analyze these alerts also tend to be repetitive and robotic. By identifying these factors, machine learning-driven automation can eliminate the majority of these repetitive tasks and perform these tasks at machine speeds and more reliably than humans.
LogicHub announces AuDRA, the first AI threat hunting bot
LogicHub’s advanced artificial intelligence (AI) and automation mirrors and enhances the cognitive and intuitive approach of expert security analysts and progressively learns and updates their own logic to make more accurate decisions. LogicHub enables security teams to automate the skills, techniques, and expertise of top human analysts to improve the effectiveness of threat detection in security operations, at the speed and scale of machine.
LogicHub harnesses the power of AI and automation for superior detection and response at a fraction of the cost. Since small teams with security challengesfor large teams automating SOCsLogicHub makes advanced detection and response simple and effective for everyone.
*** This is a syndicated blog from Security Bloggers Network from Blog | LogicHub® written by Willy Leichter. Read the original post at: https://www.logichub.com/blog/its-time-to-put-ai-to-work-in-security