Page 15 - Cyber Defense Magazine RSA Edition for 2021
P. 15

approach to analyzing network activity. This alternate method of uncovering security threats may prove
            to be a pivotal technology in the struggle to protect critical infrastructure, important assets and sensitive
            data.




            However, AI/ML threat detection tools require a significant investment in time and resources to deploy
            correctly to each environment. It’s not enough to just throw them into an infrastructure: we need to make
            sure that we can trust the technology, and that it’s attuned to our environment. It’s imperative to make
            sure that it is deployed in such a way that increases efficiency, provides greater clarity into lurking threats,
            and reduces the number of alerts we investigate every day, rather than simply adding additional noise
            and workload to already overstretched security teams.



                                 The promise of AI and ML


                                 Adopting AI/ML threat detection tools is not about replacing existing security tools.
                                 Rather, it’s about supplementing them with AI/ML to deliver additional capability
                                 and benefits.


                                 AI/ML threat detection tools have the potential to significantly improve detection
                                 by identifying threats that other tools can't, especially at the earliest stages of the
                                 attack lifecycle. They can potentially detect emerging unknown threats such as
                                 Zero-day vulnerabilities - for which there are no existing ‘signatures’ - or threats
                                 that signature-based tools struggle to detect - such as fileless malware. And they
                                 can help associate related events to identify coordinated attack activity that might
                                 indicate a high priority threat while reducing the amount of “noise” caused by lots
                                 of individual event alerts. Their ability to detect abnormal behavior also enables
                                 them to spot potentially malicious “insider threats” other tools may miss.



                                 The  other  potential  benefit  that  AI/ML  tools  offer  is  to  improve  productivity  by
                                 automating elements of the threat remediation process - particularly for commonly
                                 occurring threats - and thereby free up time for analysts to focus on the high-priority
                                 and more advanced threats.





            Ultimately, AI/ML tools have the potential to automate many of the manual activities involved in SecOps,
            such as isolating suspected compromised hosts from the network and blocking access to the network
            from potentially compromised devices or users. The challenge is, however, that in order for security teams
            to hand over responsibility for these sorts of activities to an AI/ML tool, they need to be able to trust that
            tool to make the right decisions and know how it arrived at its decision. Otherwise, the danger is that






                                                                                                              15
   10   11   12   13   14   15   16   17   18   19   20