Artificial intelligence, or machine learning, is one of the tech industry’s favorite innovations. The pattern-finding abilities of AI can help automate new tasks, improve forecasts and find subtle correlations in vast data sets.
Over the past few years, major tech and cybersecurity companies have begun rolling out tools and platforms powered by AI and designed to streamline and automate cybersecurity.
Cybersecurity professionals are up against a rapidly evolving array of cyberthreats. At the same time, the field faces a growing skills gap that puts increased pressure on IT and cybersecurity workers, who are struggling to keep up with a surge in cyberattacks. Automation and AI can reduce the heavy workload, but implementing these tools and platforms in a way that actually makes business networks safer can be difficult.
Here is how AI is currently being used in cybersecurity, plus practical steps that professionals can take to safely incorporate this tech into their workflow.
Current Uses of AI in Cybersecurity
AI-powered cybersecurity tools are primarily designed to help workers exploit the security data they have access to, as well as streamline workflows related to alert triage, log management and storage, and threat hunting.
An AI algorithm trained on user behavior data from a SIEM or network log, for example, can be used to automatically single out unusual or notable events, like irregular behavior by users or network systems. These tools can help IT and cybersecurity staff keep up with the growing amount of data tracking network events — like log-ins, access attempts and use of certain resources. They can flag activity that is out of the ordinary, allowing workers to follow up and avoid spending time hunting for these cases themselves.
Some advanced SIEMs from major companies — like Microsoft’s Azure Sentinel and IBM’s Qradar — incorporate AI algorithms that can automate some aspects of network and cloud security, like threat detection and hunting. These platforms are also sometimes designed to integrate with and coordinate other cybersecurity tools, providing a more centralized and streamlined security operations center.
AI-powered firewalls also use the tech to automatically detect and capture potential threats when they try to access the network.
These AI tools aren’t making big decisions. It is still up to the cybersecurity team to implement best practices for data-breach prevention or decide which alerts to investigate. However, these tools do provide some extra analysis that helps security staff prioritize which alerts to investigate.
These platforms and tools can be useful for cutting down the time it takes to detect a breach. They can also help cybersecurity workers manage the vast amounts of data generated by security operations. This frees them up for more valuable tasks, like threat hunting, intelligence and cyber attribution.
Safely Integrating AI Into Your Cybersecurity Workflow
Before integrating AI, start with a clear goal in mind. Managing alert detection and response, improving your network’s resiliency and reducing Mean Time to Identify are a few common goals.
Next, ensure AI-ready data visibility and governance. AI algorithms are only effective if they have large amounts of information to work with. All network assets will need to be visible to your security and IT management tech, and the data you collect must be both accessible and standardized. If kept in the security platform that compiled it, your AI analytics tools can’t use it. A broker can help you manage your security data storage.
Then, identify specific tools and use cases to determine how you want AI to fit into your day-to-day workflow. For example, you may need an automated system that scans through logs of DNS queries that aren’t typically monitored in real-time, searching for patterns associated with domain generated algorithms.
As with any new tech, expect a phase-in period where you and your team learn the platform and identify how best to integrate it into existing workflows.
You should also be aware of the risks and limitations of these tools. There is some evidence that hackers are already using AI to mimic normal user behavior, accessing the network in a way that will slip under the radar of a solution trained on behavior data.
Centralizing security data and analytics may also create problems. If attackers gain access to an automated security solution, they may be able to use it to cause more damage than could have otherwise. When you have access to a system that’s constantly cataloging and analyzing user behavior, you can determine how to attack a network.
Also, cybersecurity tools that use AI — as intelligent as they are — won’t be able to replace a human worker. When planning your implementation of this tech, remember that a tool can only help you streamline threat triage and network security management. There’s nothing available right now that can safely automate the entire threat detection process.
Future Outlook for Cybersecurity AI
There has been a significant uptick in malware attacks in the past few years — as well as a major spike recently. Many companies have pivoted to work from home, and hackers have looked to take advantage of insecure personal devices and new network vulnerabilities.
There’s no real sign that the cybersecurity skills gap will improve shortly. In fact, there may be a burnout crisis rapidly approaching, and we may see experienced cybersecurity workers departing the field for less stressful jobs over the next few years. At the same time, analysts expect that many companies may permanently offer telecommuting options, creating additional work for IT and cybersecurity professionals.
Some aspects of defending networks from hackers can’t be automated. However, threat detection and analysis can be streamlined with AI tools. Cybersecurity professionals, up against a growing number of attackers, will likely need tech to cut down on the amount of work required to keep networks secure.
Those wanting to safely incorporate AI tools have options, since there are many ways to use existing behavior data to identify and flag potential threats. Professionals that want to integrate However, AI cybersecurity should be aware of the limitations of AI cybersecurity tech. It can’t fully automate threat detection, and while it can streamline workflows, there’s no replacement for a skilled worker.
Authored By Megan R. Nichols. Megan is a manufacturing and technology writer who regularly contributes to IoT Times and Manufacturing Tomorrow. She also publishes easy to understand manufacturing articles on her personal blog, Schooled By Science, to encourage others to explore STEM topics.