While we’ve been talking about and imagining artificial intelligence for years, it only has recently started to become mainstream, and accepted for a wide range of applications – from healthcare analytics to Google Maps and Roombas. At the same time, cybersecurity has been strangely slow in embracing this important technology.

There are several reasons for this: too much hype about early “black box” AI claims; misconceptions about the technology; and a persistent belief among the security old guard that AI can’t be trusted and will never match human intuition for spotting the real threats.

It’s time to move beyond these misconceptions, and look at concrete examples of how automation, AI, and machine learning have been effectively applied to improve security coverage and accuracy, while dramatically reducing costs. The real question is not whether AI or human intuition is better – it’s how we can effectively combine the two, enabling intelligent automation that takes on routine decision making by learning from human experts.

Urgency of the Problem

Because we’re in the middle of a cybersecurity crisis, we need to move beyond theoretical discussions of the pros and cons of AI and get serious about adopting more advanced technology to meet urgent needs. Today’s realities make updating our approach to security an imperative:

  • A significant increase in the number of attacks, and damage caused – ransomware payments, OT network shutdowns, loss of corporate IP, and loss of private information
  • Attacks are becoming increasingly sophisticated, bypassing many of our legacy security strategies
  • There is a huge shortage of skilled security analysts, and they don’t want to be burdened by repetitive manual work – throwing bodies at the problem is neither practical nor effective
  • The legacy perimeter security model is obsolete, as the battle is moving to widely distributed cloud applications, and virtual infrastructure
  • The attackers are embracing AI and ML whole-heartedly, launching more sophisticated attacks that quickly learn and adapt to our inadequate defenses.

eBook: The Definitive Guide to AI and Automation Powered Detection and Response
Why Your Next SOC Assistants Are Bots (and Your Networks Will Be More Secure Than Ever)

Misconceptions About Artificial Intelligence

AI has become such a buzzword that few of us stop to think about what it practically means. Hollywood has filled our imaginations with benign and frightening images of AI – from R2D2 to the Terminator, but the reality we’re more likely to see are devices like the Roomba. This faceless, personality-less device uses AI to navigate obstacles, plan its routes efficiently, and take care of repetitive task that many of us would rather avoid.

AI Needs to be Explainable and Customizable
Gartner has published a series of insightful reports on the emerging use of AI in Attack Detection. One of their key findings is that “an inability to customize and audit artificial intelligence (AI) models is a major inhibitor to adoption.” They also recommend that emerging technologies need to “move away from a “black box” approach toward explainable and customizable AI models that can be tuned based on analyst feedback.”

It's fair to be skeptical about vendor claims of AI “magic” that only they can see or understand. But dismissing it all as hype, ignores many examples where AI-driven automation is having a significant impact.

Forrester analyst Allie Mellen joins LogicHub as a featured guest speaker to discuss the evolution of SOAR technology and how AI can enable a new generation of solutions for the SOC. Please join us on May 19th at 8:00am PT / 11:00am ET!

Combining Human Skills vs. Machine Skills

The human brain is remarkable at making judgements and decisions extremely rapidly, based on subtle signals and acquired experience. While this is often thought of as intuition, it’s really accumulated experience, and dozens of quick decisions that are made almost subconsciously. In fact, the field of autonomous vehicles, has struggled to replicate the thousands of decisions humans can make in unexpected situations while driving down the road.

In the security context, experience analysts can quickly, and accurately spot isolated incidents and suspicious activity, without releasing each factor used in decision-making. Many people will simply refer to this as “I know it when I see it.”

This is an ideal environment for machine learning. While humans can’t easily isolate all the factors they use in decision making, having a feedback loop with human review allows machine learning models to quickly adjust and adapt as analyst give the thumbs up or thumbs down to automated results.

Even limited machine learning can yield huge results in security. Many analysts complain that 80-90% of their jobs are spent chasing routine, trivial, repetitive, and often false alerts. The tasks they go through analyzing these alerts also tend to be repetitive and robotic. By identifying these factors, automation driven by machine learning can eliminate the majority of these repetitive tasks, and perform these tasks at machine speed, and more reliably than humans.

LogicHub announces AuDRA, First AI Threat Hunting Bot

LogicHub’s advanced artificial intelligence (AI) and automation mirrors and enhances the cognitive and intuitive approach of expert security analysts and progressively learns and updates its own logic to make more accurate decisions. LogicHub enables security teams to automate the skills, techniques, and expertise of top human analysts to improve threat detection efficacy across security operations – at machine speeds and machine scale.

LogicHub harnesses the power of AI and automation for superior detection and response at a fraction of the cost. From small teams with security challenges, to large teams automating SOCs, LogicHub makes advanced detection and response easy and effective for everyone.

Blog

Related Posts

June 22, 2022 Willy Leichter

Replace Your SIEM with Neural Net Technology

Security Information Event Management (SIEM) systems are an outdated technology. It’s no longer...

Learn More

June 15, 2022 Tessa Mishoe

LogicHub Security RoundUp: June 2022

Hello, and welcome to the latest edition of the LogicHub Monthly Update! Each month we’ll be...

Learn More

June 14, 2022 Tessa Mishoe

Follina Zero-Day Vulnerability Breakdown: Analysis and Remediation

Background The newest Microsoft Office zero-day vulnerability, Follina, has been causing a buzz...

Learn More

June 8, 2022 Ryan Thomas

Five Reasons for Alert Fatigue and How to Make It Stop

Alert (or alarm) fatigue is the phenomenon of becoming desensitized (and thus ignoring or failing...

Learn More

May 31, 2022 Kumar Saurabh

The 3 Biggest Challenges Faced by Today's SOCs & One Smart Solution

As a security operations professional, you've put in your fair share of late nights. You know what...

Learn More

May 24, 2022 Ryan Thomas

LogicHub MDR - Jump Start for AWS Applications

Funny thing about cloud infrastructure - it is well documented that running applications in the...

Learn More

May 20, 2022 Willy Leichter

Automating Threat Detection: Three Case Studies

Demystifying the technology with case studies of AI security in action Many automation tools, such...

Learn More

May 17, 2022 Willy Leichter

It's Time to Put AI to Work in Security

While we’ve been talking about and imagining artificial intelligence for years, it only has...

Learn More

May 15, 2022 Tessa Mishoe

LogicHub Security RoundUp: May 2022

Hello, and welcome to the latest edition of the LogicHub Monthly Update! Each month we’ll be...

Learn More

May 9, 2022 Tessa Mishoe

Bad Luck: BlackCat Ransomware Bulletin

Blackcat Ransomware On April 19th of 2022, the FBI Cyber Division released a flash bulletin...

Learn More