By Tamer Odeh, Regional Sales Director at SentinelOne.
Artificial intelligence moves systems towards human type decision making, while machine language churns data rapidly looking for patterns, improving the capability to block any threat actor.
Hybrid work cultures have tremendously expanded the attack surfaces of enterprises. Tactics, techniques, procedures of modern-day threat actors have become rapid and highly sophisticated. Previously rated as advanced techniques in ransomware, crypto jacking, phishing, software supply chain, are now becoming mainstream.
While the cybersecurity industry is continuously innovating its solutions to improve performance, reduce cost and complexity, and match market requirements, so is the exploding industry of developing threat malware and availability of threat actor competency. While enterprise IT end users use Anything-as-a-Service to manage their operational challenges, so does the threat actor enterprise.
All types of associated skills to build malware and threats are available on hire inside the cybersecurity crime industry.
Net result is that the task expectation and level of challenge for the chief information security officer, CISO in enterprises is going through the roof. The solution for many CISOs is now to move away from dependence on a single solution and to build solution stacks, closing gaps and loopholes and overlapping strengths.
The single-layer, reactive based solutions are no longer adequate to face modern day, advanced threat actors.
Other than using the best of breed approach in parallel, by building overlapping solution stacks as a best practice, CISOs are also compelled to act with speed to identify the needle in the haystack inside a million data points being generated sometimes in a second.
Bringing in artificial intelligence tools and using machine language frameworks around volatile datasets is increasingly being accepted as the way forward now. In tandem these two platforms accelerate and automate rapid decision to identify, respond, manage and scale with the threat actor global syndicate.
Artificial intelligence makes compute system behave like a human, while machine language churns data looking for patterns, takes decisions, prioritises actions, and this isolates threat malware.
In May 2022, the U.S. Senate Armed Forces Committee’s Subcommittee on Cyber held a congressional hearing on the importance of leveraging artificial intelligence and machine learning within the cyberspace. The committee highlighted a growing concern about shortfall of technically trained cybersecurity personnel across the country in government and industry alike. The global shortage of 2.7 million cybersecurity roles is concerning.
The shortage of cybersecurity skills is what is overwhelming the CISO and cybersecurity department, in other words the alert to response ratio. Artificial intelligence and machine learning can enhance their capability giving them breathing space to strategise.
Amongst the other benefits:
- Artificial intelligence tools can process thousands and millions of vector data per second in real time
- Patterns of emerging attacks can be detected in real time by artificial intelligence
- Human patterns in vector data are detectable and predictable by artificial intelligence
- Without artificial intelligence, large scale, moving data sets are not actionable or useful not humans
- Artificial intelligence can build a complete threat analysis model that is the basis for setting up a Zero Trust framework
- Artificial intelligence can benefit cybersecurity teams by automating interpretation of the vector data
- Artificial intelligence can benefit cybersecurity teams by automating prioritisation of alerts and flagging of incidents detected in the vector data
- Artificial intelligence can adapt to changes in the vector data as the scale and speed of the threat actor changes
In summary a combination of artificial intelligence and machine language does not just identify malware and threats. It searches real-time data for changing patterns, old and new tactics and identifies threats in the early stages. This lowers the mundane task level for the triage team including analysts and SOC managers. Moreover, automation can help to set up differentiated response levels based on the nature of the device and data associated with any incident.
CISOs are advised to create a smart blend of the capabilities of artificial intelligence, machine learning with human expert analysts in the cybersecurity department.
Increasingly the most innovative cybersecurity vendors and their solution partners, are adding artificial intelligence and machine language to their end point detection response, end point detection and protection response, and to their extended detection and response solutions.
Such an approach provides advanced threat hunting capability and complete visibility across every device, virtual or physical, on-premises or in the cloud. Such solutions can autonomously prevent, detect, recover from threats in real time, offering relief to the CISO and their team.