While we’ve been talking about and imagining artificial intelligence for years, it only has recently started to become mainstream, and accepted for a wide range of applications – from healthcare analytics to Google Maps and Roombas. At the same time, cybersecurity has been strangely slow in embracing this important technology.

There are several reasons for this: too much hype about early “black box” AI claims; misconceptions about the technology; and a persistent belief among the security old guard that AI can’t be trusted and will never match human intuition for spotting the real threats.

It’s time to move beyond these misconceptions, and look at concrete examples of how automation, AI, and machine learning have been effectively applied to improve security coverage and accuracy, while dramatically reducing costs. The real question is not whether AI or human intuition is better – it’s how we can effectively combine the two, enabling intelligent automation that takes on routine decision making by learning from human experts.

Urgency of the Problem

Because we’re in the middle of a cybersecurity crisis, we need to move beyond theoretical discussions of the pros and cons of AI and get serious about adopting more advanced technology to meet urgent needs. Today’s realities make updating our approach to security an imperative:

  • A significant increase in the number of attacks, and damage caused – ransomware payments, OT network shutdowns, loss of corporate IP, and loss of private information
  • Attacks are becoming increasingly sophisticated, bypassing many of our legacy security strategies
  • There is a huge shortage of skilled security analysts, and they don’t want to be burdened by repetitive manual work – throwing bodies at the problem is neither practical nor effective
  • The legacy perimeter security model is obsolete, as the battle is moving to widely distributed cloud applications, and virtual infrastructure
  • The attackers are embracing AI and ML whole-heartedly, launching more sophisticated attacks that quickly learn and adapt to our inadequate defenses.

eBook: The Definitive Guide to AI and Automation Powered Detection and Response
Why Your Next SOC Assistants Are Bots (and Your Networks Will Be More Secure Than Ever)

Misconceptions About Artificial Intelligence

AI has become such a buzzword that few of us stop to think about what it practically means. Hollywood has filled our imaginations with benign and frightening images of AI – from R2D2 to the Terminator, but the reality we’re more likely to see are devices like the Roomba. This faceless, personality-less device uses AI to navigate obstacles, plan its routes efficiently, and take care of repetitive task that many of us would rather avoid.

AI Needs to be Explainable and Customizable
Gartner has published a series of insightful reports on the emerging use of AI in Attack Detection. One of their key findings is that “an inability to customize and audit artificial intelligence (AI) models is a major inhibitor to adoption.” They also recommend that emerging technologies need to “move away from a “black box” approach toward explainable and customizable AI models that can be tuned based on analyst feedback.”

It's fair to be skeptical about vendor claims of AI “magic” that only they can see or understand. But dismissing it all as hype, ignores many examples where AI-driven automation is having a significant impact.

Forrester analyst Allie Mellen joins LogicHub as a featured guest speaker to discuss the evolution of SOAR technology and how AI can enable a new generation of solutions for the SOC. Please join us on May 19th at 8:00am PT / 11:00am ET!

Combining Human Skills vs. Machine Skills

The human brain is remarkable at making judgements and decisions extremely rapidly, based on subtle signals and acquired experience. While this is often thought of as intuition, it’s really accumulated experience, and dozens of quick decisions that are made almost subconsciously. In fact, the field of autonomous vehicles, has struggled to replicate the thousands of decisions humans can make in unexpected situations while driving down the road.

In the security context, experience analysts can quickly, and accurately spot isolated incidents and suspicious activity, without releasing each factor used in decision-making. Many people will simply refer to this as “I know it when I see it.”

This is an ideal environment for machine learning. While humans can’t easily isolate all the factors they use in decision making, having a feedback loop with human review allows machine learning models to quickly adjust and adapt as analyst give the thumbs up or thumbs down to automated results.

Even limited machine learning can yield huge results in security. Many analysts complain that 80-90% of their jobs are spent chasing routine, trivial, repetitive, and often false alerts. The tasks they go through analyzing these alerts also tend to be repetitive and robotic. By identifying these factors, automation driven by machine learning can eliminate the majority of these repetitive tasks, and perform these tasks at machine speed, and more reliably than humans.

LogicHub announces AuDRA, First AI Threat Hunting Bot

LogicHub’s advanced artificial intelligence (AI) and automation mirrors and enhances the cognitive and intuitive approach of expert security analysts and progressively learns and updates its own logic to make more accurate decisions. LogicHub enables security teams to automate the skills, techniques, and expertise of top human analysts to improve threat detection efficacy across security operations – at machine speeds and machine scale.

LogicHub harnesses the power of AI and automation for superior detection and response at a fraction of the cost. From small teams with security challenges, to large teams automating SOCs, LogicHub makes advanced detection and response easy and effective for everyone.

Blog

Related Posts

September 13, 2022 Kumar Saurabh

Why No Code Solutions Are a Double-Edged Sword

Most out-of-the-box security automation is based on a simple logic — essentially, if “this”...

Learn More

August 16, 2022 Willy Leichter

Understanding MDR, XDR, EDR and TDR

A program with proper threat detection and response (TDR) has two key pillars: understanding the...

Learn More

August 9, 2022 Willy Leichter

Intuition vs. Automation: What Man and Machine Bring to Data Security

Cybersecurity experts Colin Henderson and Ray Espinoza share their take on the automation-driven...

Learn More

August 2, 2022 Anthony Morris

Using AI/ML to Create Better Security Detections

The blue-team challenge Ask any person who has interacted with a security operations center (SOC)...

Learn More

July 26, 2022 Willy Leichter

How to Select the Right MDR Service

It can be difficult to understand the differences between the various managed detection and...

Learn More

July 21, 2022 Willy Leichter

The Evolving Role of the SOC Analyst

As the cyber threat landscape evolves, so does the role of the security operations center (SOC)...

Learn More

July 19, 2022 Kumar Saurabh

Life, Liberty, and the Pursuit of Security

As cyber threats evolve, organizations of all sizes need to ramp up their security efforts....

Learn More

July 15, 2022 Tessa Mishoe

LogicHub Security RoundUp: July 2022

Hello, and welcome to the latest edition of the LogicHub Monthly Update! Each month we’ll be...

Learn More

July 12, 2022 Willy Leichter

Security Tools Need to Get with the API Program

No cloud API is an island The evolution of cloud services has coincided with the development of...

Learn More

July 6, 2022 Willy Leichter

Why the Rush to MDR?

LogicHub recently published a survey conducted by Osterman Research, looking at changing trends and...

Learn More