Malicious attackers have turned to AI to invade enterprise networks. To combat attacks, organizations need to embrace AI in turn. Join this VB Live event to learn more about the powerful, proactive AI security solutions that are enabling intelligent threat detection and response, security operations and maintenance, and more.
Check off another consequence of COVID: It’s directly responsible for the uptick in security risks for organizations. Many companies were forced to accelerate digital transformation, adopting brand-new technologies and policies to meet pandemic challenges. Now more intelligent devices are connected to the network than ever before – which expands the company’s threat surface exponentially. From the unsecured laptops of remote employees, to devices with no security policies in place (who’d expect an air conditioner to be online?) attackers have their pick of vulnerable new blind spots in the network.
Then there’s the increased competence of threat agents. Sophisticated IT expertise isn’t necessary to compromise a network anymore — ransomware, botnets as a service, and crypto miners are easy to obtain and easy to use. With sufficient start-up capital and a basic understanding of IT, any bad actor can outsource bad intentions as a service.
“As these technologies keep evolving, these threats are going to evolve with it,” says Yair Kler, head of solution security at Huawei Technologies. “But AI is now playing a major part in how enterprises can successfully meet these security risks in return.”
Powerful AI security solutions in the wild
The major benefit of AI security tools is how they can address the needle in the haystack problem, Kler says. Humans cannot handle the proliferation of data points and the massive amounts of data pouring into the system, but AI is very good at identifying, filtering, and prioritizing threat warnings.
“It replaces the two overwhelmed SIEM guys trying to filter the millions of alerts in your SOC center,” Kler says. “AI can prioritize and correlate alerts, then direct your attention to the next urgent task.” In the future, AI will also help us in threat hunting in the network, uncovering fine correlations and statistical anomalies to highlight them for security teams.
AI can also be used for overall threat intelligence, predicting when, where, and what kind of attacks your organization might be facing next — predictive maintenance, in other words, to determine what’s going to go wrong next. For instance, if attacks on medical facilities ramp up, it can warn you that your own medical facility is now at increased risk.
But remember that AI is not a silver bullet that’s going to solve every security issue, Kler says.
“If a marketing guy tells you that AI is going to solve all your cybersecurity problems, gracefully show him the door and tell him to come up with another pitch,” he says. “Like any other tool, it’s powerful if properly used, but it’s just one part of an overall security arsenal.”
Striking the human/AI balance
A lot of research is being done right now to try try to find the right balance of AI usage and human oversight. It comes down to risk management. Any location where AI might potentially cause physical, psychological, or reputational damage requires strong oversight.
The other requirement is determining the degree of tolerance an enterprise has for the AI to misbehave or to fail, along with the time and costs to recover from failure. In critical domains where a misbehaving AI can irreversibly bring down the business, enterprises must leverage AI very carefully with strict policies and stringent security controls.
On the other hand, if you’re using AI as part of your security monitoring system in order to deliver meaningful security insights, you still maintain access to the underlying data, therefore if a problem in AI recommendations system occurs, the impact would be lower. An oversight process can be used to identify and correct such issues with minimal to no damage to the network.
“Businesses should introduce graceful failures as part of their AI cybersecurity strategy” Kler says. “Enterprises can allow AI to make decisions and take actions if they know and can control the blast radius in case of an AI failure.”
Implementing AI successfully
The cost-benefit analysis is step zero in a successful AI security implementation — and in gettomg essential stakeholders on board. Security leaders must first identify and demonstrate how AI can reduce costs, whether these are financial, reputational, or any other vulnerable facet of the organization, and show how it’s going to help reduce the number of successful incidents or reduce CAPEX or OPEX.
For most companies, the easiest place to introduce AI into their cybersecurity architecture, with the biggest gain, is probably going to be the event monitoring domain. Integrating AI into the monitoring platform may vastly improves a team’s ability to identify and address the most urgent events, reduce attackers’ dwell time and improve the overall detection and response metrics. AI can also help analyze security events after post-processing, delivering insights and helping companies to continuously improve their security posture.
After you identify where integration of AI in the security architecture would provide the biggest gain, the next step is to focus on policies, education, and management. First, policies would help drive and shape the business processes and justifies your security decisions. Next, employees need to be adequately trained to properly use AI tools, in order to maximize the business benefits. And finally, you need to monitor and measure the impact of AI on your security solution and overall security posture and optimize accordingly.
Learn more about how AI security tools are helping secure enterprise networks, strategies for successful risk identification and management, how to strike the right balance between AI automation and human control, and more.