By Tim Wallen, Regional Director for the UK, US and Emerging Markets, Logpoint
Cybersecurity professionals are consistently at least one step behind criminals and constantly playing catch up. IBMreveals that the average cost of a data breach rose to $4.45 million, a 15% increase over the last three years. Meanwhile, , it is estimated that the number of unfilled cybersecurity positions have grown to 3.4 million, according to industry group (ISC)2, representing a significant capability deficit among those tasked with combatting cybercrime.
Thankfully, however, new technologies are beginning to emerge that demonstrate significant potential in tilting the balance in favour of security teams. Intelligent solutions powered by artificial intelligence (AI), machine learning (ML) and robotic process automation (RPA) are capable of undertaking much of the heavy lifting of security operations – and doing it in a more effective and efficient manner than any human could dream of.
AI/ML is capable of entirely transforming the ability to identify and respond to threats. These solutions can provide the building blocks for automated detection and response capabilities that can identify and even predict when and where attacks might be happening, removing the need for security teams to monitor extensively and put out multiple flames at once.
A leap forward in cybersecurity
Those that do implement automated incident detection and response effectively stand to benefit in numerous ways. The time to react to threats can be dramatically reduced, without the need for human intervention, helping to prevent potentially catastrophic financial losses induced by ransomware demands, downtime and other adverse impacts.
Equally, the use of AI/MLcan help to streamline security operations by shining a light on what processes are effective versus those which offer little to no real value. Solution saturation is prevalent in many organisations right now. Historically they may have opted to adopt new tools in order to deliver quick fixes and plug gaps, culminating in a bloated cyber stack of different solutions from different vendors. Not only is this complex, requiring security staff to understand and manage multiple different accounts and dashboards, but it also makes it difficult to understand where overlaps and potential gaps lie.
AI/MLcan unravel this complex web of tools, showing which solutions offer sustained value and which ones are rarely used, if ever, helping firms to minimise their operational overheads.
Automation begins with comprehensive, reliable data
The benefits of intelligent security tools are clear compared to those driven almost entirely by human cognition. Yet implementation is easier said than done. They require time and knowledge of a specific network and environment to self-learn before they can begin to support security teams effectively and accurately.
This knowledge has to come from reliable, comprehensive data – something that organisations may not be able feed into machine learning models right away. Without this, they will fail to develop the adequate intelligence needed to power accurate and informed detection and response activities.
For this reason, it is imperative that companies expand and organise their datasets, creating something of a data lake for security purposes in the first instance.
These data lakes should be continually evolving. In order for machine learning models to learn and operate effectively, they need to always map users, showing what they are doing, the applications they are using, how they are using them, and at what times. This is vital to spotting anomalous activities which in turn can trigger an effective automated response.
To deal with sophisticated threats, security responses need to be dynamic, requiring cutting-edge technologies. Simply put, they can offer complete visibility of an organisation’s network, provide an appropriate response for any given threat, as well as unlock a stream of benefits relating to cost, efficiencies and operations. Yet for these technologies to work, a data-led security mindset is non-negotiable.
With time, patience and effective inputs in the form of clean, reliable, accurate and comprehensive datasets, AI/ML can become game-changing weapons in the fight against cybercrime.
