According to a study last year by Capgemini Research Institute titled Reinventing Cybersecurity with Artificial Intelligence: The New Frontier in Digital Security, they stated that before 2019 only about one in five cybersecurity organizations used AI in their technology stacks. But Capgemini researchers said “adoption is poised to skyrocket,” with about 63% of organizations planning AI deployments by the end of 2020.
Cybersecurity executives increasingly believe that AI is crucial to decreasing response times and reducing the cost of preventing breaches. According to Capgemini, three in four executives said AI in cybersecurity speeds up breach response — both in detection and remediation. And around 64% said it also reduces the cost of detection and response.
Human vs. Machine?
However, there is still a high degree of skepticism of AI in Cybersecurity among security professionals.
Erika Chickowski of Dark Reading has written a series of articles on this topic. In one article she references a recent study conducted by White Hat Security at this year’s RSA Conference that showed that
- 60% of security professionals are still more confident in cyberthreat findings verified by humans over those generated by AI
- Around a third of respondents said intuition is the most important human element fueling human analysis
- 21% said creativity is the human advantage
- and 20% said previous human experience and frame-of-reference are what make people crucial to the security operational process
She goes on to say that misgivings about an over-reliance on AI also come from the fact that cybersecurity pros believe the jobs they do are too complex to be replicated by a machine. And she references findings from a Ponemon Report last year that shows that over half of security pros said they wouldn’t be able to train AI to do the tasks their teams perform, and that they are more qualified to catch threats in real time. Almost half also reported that human intervention is a necessity in network protection.
So what do we make of all of this?
Humans are Still Crucial to the Process
We’re not suggesting that AI should replace highly skilled and talented security professionals; we believe that when deployed in a Cybersecurity solution, it can make them much more effective and efficient by automating repetitive and manual tasks and providing valuable timely recommendations across the detection, investigation and response phases. This is not about machine vs. human, this is about augmenting talent and enabling them to focus their intellect and skill on the newest, most challenging issues.
AI-enabled Cybersecurity is Increasingly Necessary
The volume, sophistication and automation of attacks will not abate, it will only continue to grow exponentially. Most SOC analysts are completely overwhelmed by the speed and volume of alerts and the monotony of responding and investigating known and unknown threats, causing burnout and alert fatigue. And, many attackers are using automation and AI to send phishing attacks faster and with more success. A proper defense must leverage automation and AI as well.
AI Can Focus Security Professionals on the Newest, Most Critical Problems
AI is crucial to increasing response times and reducing the costs associated with preventing and remediating breaches. The system can be trained to identify and remediate known problems that have proven resolutions helping to speed time of detection and remediation.
“With such ever-increasing threats, organizations need help. Some
organizations are turning to AI, not so much to completely solve
their problems (yet), but rather to shore up their defenses.”
Cap Gemini
AI in the Security Operation Center
Organizations that adopt AI technology have seen many significant benefits in areas such as malware detection, end point detection, network activity detection or phishing email detection. However, no matter how accurate the detection is, an overwhelming number of alerts and false positives are unavoidable and impossible to manage manually, leaving cybersecurity analysts overwhelmed and unable to investigate and respond to all incidents. Beyond just detection, how can AI help cybersecurity analysts accelerate and improve investigation and response?
SOAR is the First Step
A Security Orchestration Automation Response (SOAR) solution, that integrates with a wide variety of security applications being deployed today, can automate many daily security processes. For example:
- Investigating phishing emails (https://www.dtonomy.com/phishing/)
- Managing cloud security (https://www.dtonomy.com/cloud-security-management/)
- Investigating compromised user detection (https://www.dtonomy.com/compromised-users/)
Some alerts can be automatically resolved, and some can be semi-resolved, saving analysts a significant amount of time performing repetitive tasks.
AI Augments, Does Not Replace Humans
While SOAR provides analysts with automated playbooks, AI assisted SOAR augments analysts with continuous automated insights for better/easier at managing false positives, consolidating relevant alerts, discovering root causes, minimizing operational error, taking right actions, improving built-in workflow etc. thereby greatly reducing the time spent on critical analysis tasks and significantly increasing the efficiency of SOC center.
A primary benefit of AI assisted SOAR is the deep insights that it provides to lead to the right actions. AI can be a powerful assistant and trusted tool for security analysts as long as it follows the following design principles:
- It is Transparent
AI should provide deep yet clear insights that can be understandable and explainable to humans no matter how nontrivial it may be. And insights should always be supported by data and evidence.
- It is Controllable
Analysts should have the flexibility to edit what AI suggests in an intuitive way. AI is under the security analysts’ control, however the security analyst does not need to master the complicated part of an AI model that professional data scientists are used to working on. A security analyst can control AI in an easy and intuitive way.
- It is Adaptive
An AI engine must continuously compute and listen to the security analyst’s feedback and be able to provide refreshed insights about a unique environment and new data sets; this is called reinforcement learning.
All in all, AI will not replace humans but is bringing augmented intelligence for security analysts to accelerate investigation and response, minimize operation risks and more successfully mitigate security risk.
Don’t take our word for it, see for yourself. Request a demo here.
