Page 44 - Cyber Defense eMagazine October 2023
P. 44
organization’s cybersecurity posture. AI systems, particularly without adequate training data, can
generate false positives and false negatives, leading to wasted resources, missed attacks, and potentially
severe breaches. Because training AI models requires vast amounts of data, there are legitimate privacy
concerns, particularly about how sensitive data is used, stored, and processed. AI’s reliability and
trustworthiness remains in question for many. And with hype surrounding AI, often touting it as a security
panacea, relying too heavily on tech and not enough on human expertise.
Although the market’s AI enthusiasm can lead to exaggeration, there are pragmatic approaches to
integrating AI technologies into a cybersecurity program – strategies that keep humans in control. A
number of security challenges simply cannot be solved at scale with humans alone. There is too much
information to ingest, analyze, correlate, and prioritize. AI can help analysts with the tedium they must
deal with on a daily basis. The overpromises of legacy AI models contribute to the ongoing skepticism.
However, advanced AI’s potential does not lie in adding another tool to your tech stack; the value it offers
enables you to connect the dots, getting the most out of your team and the tools you already have.
Adopting AI with Intention, not Impulse
Enterprises don’t need fewer security people. Their security people need fewer repetitive, monotonous
tasks; they need less noise and more signal. “I went into cybersecurity to drown in log reviews and false
positive analysis,” said no one ever. AI automation can reduce human intervention in the drudgery,
allowing them to make context-rich, nuanced decisions – and making them faster.
AI automation can address the overwhelming information security analysts encounter, and upon closer
examination, it can help with a variety of repetitive tasks, getting your team out of the weeds. Here are
just a handful of ways security teams can adopt AI with intention, in an effort to improve both efficiency
and effectiveness:
1. Efficient Rule Drafting: The arduous task of drafting detection rules has traditionally consumed
significant human bandwidth and involved lots of guesswork. AI bots, with their ability to quickly analyze
vast datasets, offer a pragmatic alternative. They can not only accelerate the drafting process but also
refine detection criteria with machine precision.
2. Seamless Integration and Orchestration: Many of today’s security tools integrate with hundreds of
applications, increasing functionality but not necessarily simplicity. But the challenge arises when we
consider how frequently the integration needs change. Here, AI bots play a pivotal role by automating
the bulk of integration processes, ensuring that cybersecurity infrastructures remain cohesive even as
they evolve.
3. Addressing the Overloaded Analysts: Amid the chorus of cybersecurity challenges, information
overload facing analysts often takes center stage. Deciphering genuine threats from the flood of alerts is
daunting. AI can help sift through this digital noise, highlighting legit threats, and when orchestrated
effectively, enables collaboration across a security function. This helps organizations more quickly act on
context-rich insights and move from a reactive to proactive security posture.
Cyber Defense eMagazine – October 2023 Edition 44
Copyright © 2023, Cyber Defense Magazine. All rights reserved worldwide.
