Micro Focus is now part of OpenText. Learn more >

You are here

You are here

To keep up, SecOps teams need AI and automation

Satyavathi Divadari Chief Cyber Security Architect, CyberRes
Black and Gray Camera Stand by Milan Malkomes on Unsplash

Cyberattacks are getting more prolific and more cunning—too prolific and too cunning for mere humans alone. According to the Identity Theft Resource Center's 2021 Annual Data Breach Report, the number of data compromises reached an all-time high last year of 1,862, for a year-over-year increase from 2020 of more than 68%.

"Many of the cyberattacks committed were highly sophisticated and complex, requiring aggressive defenses to prevent them," said Eva Velasquez, president and CEO of the ITRC. "There is no reason to believe the level of data compromises will suddenly decline in 2022."

In many cases, adversaries are building advanced persistent threats (APTs) that are difficult (if not impossible) to detect by human defenders. According to a Boston Consulting Group report from June, more than 50% of "high-impact" global supply-chain cyberattacks that were reported from January 2020 to July 2021 were committed by well-known APT groups—typically "backed either by nation-states or by large, well-financed cybercriminal groups."

APTs are stealth-oriented and may survive hidden in an environment for months. According to Mandiant, average dwell times (the time during which attackers stay hidden until they were found) have declined substantially in the past 10 years—from 416 days in 2011 to 24 days in 2021.

Making matters worse, blue teams face a cybersecurity skills shortage—leaving fewer humans available to try to detect and prevent these threats. If they want to keep up, human defenders have to get better and smarter. They need to augment their intelligence.

Turning to AI

To counter advanced threats, enterprise security organizations are looking to artificial intelligence (AI) and machine learning (ML) to improve efficiency. According to the CyberRes 2021 State of Security Operations Survey, 59% of respondents reported that improving detection of advanced threats is their top use case for AI, ML, and automation. In a more recent survey conducted by the Cloud Security Alliance, 79% of the organizations are using or planning to use AI and ML technologies in cybersecurity. (CyberRes is a business line of Micro Focus, which publishes TechBeacon.)

AI-based threat hunting tools work to reveal the hidden threats organizations are increasingly trying to keep on the lookout for. For instance, context-rich user behavior analytics (UBA) tools powered by unsupervised ML algorithms can continuously monitor and analyze user activities, system security changes, patterns of network traffic, and access to applications and data—detecting and flagging anomalies and indicating whether any response is needed. The upshot is that unknown threats become converted to known threats more quickly—before they can secretly wreak havoc on an organization. Armed with this kind of readily available information and insight, security teams can adopt a more proactive strategy—responding to incidents accordingly.

AI and ML can help there, too.

Automating incident response 

Once a threat has been discovered, AI-based security tools can respond to it. Automating incident response makes it easier to respond to incidents, and with greater speed and efficiency.

AI/ML-based incident response works by recording threat patterns and their traits over time, building a library of threat information and analyzing how these threats operate. From there, these tools can create incident-response playbooks based on algorithmically powered analysis. 

By playing the odds, AI/ML-powered incident response can focus resources more efficiently. Using these automatically generated playbooks, "smart" incident-response tools may volunteer suggestions on how to proceed based on risk analysis and previous incident responses. They can also act as a resource-allocation tool, making recommendations on how human analysts should be assigned based on their expertise, actual availability, and case history. This helps to improve human analysis productivity overall as a team—while using automation to save security professionals' time for higher-level value-added work.

As a result, incident response powered by AI, ML, and automation reduces risk exposure at scale—enabling security teams to continue to evolve.

Know more 

CSA Bangalore Chapter, in association with CyberRes, is conducting a global webinar focused on Multi-layer Intelligence for Cyber Resilience.  
You can join the live session on September 28 at 7:30 PM India Standard Time / 4 PM Central European Time / 10 am Eastern Standard Time by registering for the webinar.

Keep learning

Read more articles about: SecurityData Security