Artificial intelligence and machine learning are reshaping many, if not most, industries today. As these technologies transform modern IT systems, how can organisations leverage them to build better defences and stay on top of cybersecurity incidents?
Artificial intelligence (AI) and machine learning are rapidly gaining the mindshare of security professionals across the region. What were once just science fiction concepts these two technology trends are increasingly being applied into real life innovations.
For years, the cybersecurity space has always been focused on being reactive and defensive when it comes to dealing with attacks. With an ever-connected world that’s seeing widespread adoption of cloud and mobile technologies cybersecurity is becoming infinitely more complex.
The expanding number of access points and the seeming relentlessness of today’s sophisticated hackers mean the need for innovative security measures has never been more important. Keeping up with the evolving threat landscape is challenging, to say the least. AI tech and machine learning promise CISOs and their security teams with an ideal and more efficient approach.
“With digital transformation, cybersecurity experts have a lot on their plate,” says Ahmad Mubarak, senior systems engineer, Middle East, Infoblox. “More connected devices equate to more traffic, more attack vectors, more attempts at security breaches, and a lot more data that needs to be analysed.”
In addition, Mubarak also points out that today’s enterprises generate tremendous amounts of data by simply doing business. “Human element alone won’t be enough to capture, analyse and mitigate threats surrounding this data,” he adds. “Thus, CISOs will need all the help they can get to prevent security incidents and respond to threats and machine learning can be one step in coping with its sheer complexity.”
AI and machine learning can help open new perspectives for cyber defence by addressing the gaps and issues faced by security teams. “Organisations looking to deploy a proactive approach to security instead of a reactionary one need to have real-time, intelligence-driven monitoring across all aspects of their networks,” says Gopan Sivasankaran, security architect, Secureworks. “As CISOs are on the frontlines of any technological innovations, it is vital that they are prepared to quickly respond to market dynamics when it comes to new security vulnerabilities to which AI and machine learning can be instrumental.”
It is undeniable that global threat landscape is advancing quite quickly. In the first half of 2017 alone, we have seen big ransomware attacks such as WannaCry and NotPetya breakout across the globe. With this in mind, security leaders should look into tools that will enable them to get ahead of the impending threats.
“The cybersecurity mission has always been the same: Protect. Detect. Respond,” says Piero DePaoli, senior director, Product Marketing and Security, ServiceNow.
“However, even though the market has already seen major advancements in data protection and threat detection, the innovation in security response seems to be lagging behind,” he says. “AI and machine learning will become critical to innovating around security response. We will soon leverage machines to complete in seconds what used to take days.”
While there is no “silver bullet” when it comes to protecting your company’s systems, it is important to have a robust and efficient security strategy. “The automation of tasks, such as how to respond to security alerts, allows cybersecurity teams to respond faster and more efficiently to threats,” says DePaoli.
More than automation, DePaoli says that the growing vulnerability response backlog is a major opportunity for security teams to leverage AI tech and machine learning. “Enterprises increasingly rely on technology and those systems need patching,” he explains. “Over time, organisations develop extensive vulnerability backlogs and oftentimes they have little insight as to which vulnerabilities should be prioritised.”
According to DePaoli, the reality is that vulnerabilities leave critical systems open to potential attackers. “61 percent of vulnerabilities are remediated within a month, the rest are likely never to be remediated,” he says. “AI can help us prioritise which systems and threats deserve our attention.”
Meanwhile, Sivanasankaran sees an opportunity in improving the security operations centres (SOCs) of today’s enterprises using AI and machine learning.
“SOCs play a vital role in optimising security and improving incident response,” he says. “However, traditional SOCs are struggling when it comes to manual and time-consuming analysis of security events.
“AI can condense weeks or months of work into minutes, reducing the time spent on threat investigations and enabling teams to focus on data loss prevention and mitigation.”
It takes security teams an average of 191 days to identify a breach and another 66 days to contain it. AI and machine learning can significantly expand the scope and scale of security professionals and allow them to build smarter systems that can detect threats even before an attack occurs.
“Today, security automation is about simplifying and speeding up tasks associated with cybersecurity policy definition and enforcement,” says Ercan Aydin, vice president, Emerging Markets Palo Alto Networks. “Soon, AI and machine learning may be leveraged to implement predictive security postures across public, private and SaaS cloud infrastructures. Using artificial intelligence in cybersecurity allows intelligent IT systems to not only react instantly in real time to cyberthreats, but to constantly discover and respond to new threats.”
In the Middle East region, organisations are adopting AI tech and machine learning technologies at a fast pace. IDC has predicted that spending on cognitive and AI systems will total to $37.49 million in 2017 and is poised to reach $114.22 million in 2021.
“Governments and enterprises are taking cybersecurity seriously from the first moment focusing on developing a serious and cohesive regulatory framework around information security and data protection including the deployment of AI and machine learning to optimise security operations and achieve early detection of threats,” says Mubarak.
A report by Cybersecurity Ventures estimates that by 2021 there will be over 3.5 million unfilled cybersecurity jobs. While AI can help fill in this skills gap by taking over manual and mundane tasks, it will also create specialised roles that will require the attention of a specialist.
“The human element is still very essential to the development of viable AI and machine solutions for cybersecurity,” says Mubarak. “Machines and systems will always need human interaction to ‘learn’ and improve. In addition, security talents are required in correcting false positives and detecting cybercriminal innovations, as well as in tailoring learning security algorithms.”
The advancements in AI tech and machine learning will continue to improve the cybersecurity domain. However, it is important to understand that getting the best talents is still key in succeeding against threat actors. At the end of the day, machines can only be as clever as the information it is given to learn from. We will never replace the need for top talent, therefore, Al is just one piece of the puzzle.
