Artificial intelligence and other emerging technologies are making a significant impact on cybersecurity automation, particularly in behavioral analysis. This is helping businesses to better defend against cyber threats. Malicious attacks are not just becoming more common, they’re also becoming more sophisticated, more expensive, and a greater threat to businesses of all sizes.
According to a Ponemon Institute study sponsored IBM, the average cost of data breaches in the United States was $8.2million last year, up from $3.5million in 2006. The risks are increasing as technology solutions improve, bringing more automation to the table and innovation.
“Data breaches are one those ugly things that no-one wants to talk about, but they are a harsh reality we all have to face and a new norm in cybersecurity,” said Corey McReynolds (managing consultant of professional services at Avertium) during the ChannelCon Online session, The Implication of Automation in Cybersecurity: the Good, the Bad, and the Human.
McReynolds stated that emerging technologies like artificial intelligence (AI), are having an increasing impact on cybersecurity automation, particularly around behavioral analysis. This is helping businesses to build better cyber defenses.
How to deal with malicious attacks
Malware, phishing and spear phishing are the most common types of attacks. All of these attacks are supported by social engineering functions like open source data gathering, pretexting, gathering information from news outlets, social media, and other resources. McReynolds says how we respond to these threats will determine our success.
“We have concluded that humans do not have the speed or dexterity to keep up with the pace of many of these attacks. McReynolds stated that AI, machine learning, and neural networking are being used to enhance security tools to fight these threats.
McReynolds stated that anti-malware solutions are one type of machine learning used to defend cybersecurity. It uses a machine-learning database to detect indicators of compromise. Anti-malware is able to recognize and protect against different types of malware. Another form of protection is AI-based security tools. These tools can automate or orchestrate defense mechanisms, and they are available 24/7 to respond. Another popular trend is AI analytics algorithms that are based upon standard network behavior. These algorithms can be used to identify unusual behavior in a system or user, which can be very accurate, timely, and unique.
These Tools: Why isn’t everyone relying on them?
These tools provide more accurate and timely results that humans can provide, so why shouldn’t everyone trust them? McReynolds stated that “the fact of the matter” is that they aren’t perfect. These tools must meet many requirements to function smoothly and effectively.
Data, data, data: Machine learning is data-intensive because it relies on data and not algorithms to make decisions. These tools require approximately 10 times as much data to understand the details and dimensions in network behavior. This amount of data is difficult to learn.
$$: Machine-learning-based applications have a high cost premium. The same goes for the expertise required to operate and optimize them. These resources are rare and in high demand, which can lead to them being quite expensive.
One Tool in the Toolkit: Machine Learning is just one tool. McReynolds stated that there are core cybersecurity concepts that are essential to protecting our network. Security is not a one-size fits all solution.
The Call to Arms
Technology companies need to be able to combine traditional security concepts with new automated tools to ensure security. While traditional concepts are essential to any security plan, they are even more powerful when combined with AI or machine learning. These security concepts can be layered to increase our ability to withstand the increasing complexity of attacks. But we need to make sure we have the following basics in place before jumping into AI- and machine-learning-based concepts:
Perimeters like firewalls, intrusion detection systems, DMZs and proxies
Network coverage, such as SIEM and VLANs, FRFs, or VPNs
End-point protection, such as anti-malware and encryption software
Behind the scenes resources to meet training needs, raise awareness, and serve as human censors

McReynolds says that these new concepts do not replace our basic capabilities. They are just enhancing them. We are not replacing human intelligence.