Data breaches continue to come fast and furious. The latest major incident, Equifax, was one for the record books. Hackers obtained highly sensitive personal data on 145 million
Equifax customers, including credit card numbers, Social Security numbers and driver's license numbers.
So why do these outrageous breaches continue to happen - and continue to get worse? One of the key reasons is that the bad guys keep getting better and better at what they do. Plus, there is an enormous underground economy that gives hackers easy access to state-of-the-art cyber weaponry, such as custom malware.
What's more, threat actors are highly motivated because there are lucrative rewards to be reaped. There are marketplaces on the dark web that make it simple for hackers to get paid for the data they've stolen. In fact, one of the dark web's most prominent markets, AlphaBay, generated more than $1 billion in sales
of stolen data and other illegal goods in the three years before it was shut down.
Hackers also have an almost infinite number of targets to attack. Today's typical organization has troves of data available to hackers. While organizations large and small are finally taking cyber threats seriously and looking to implement best practices around security, the reality is that today's creative threat actors are always a step ahead of the preventative capabilities designed to thwart them. Hackers continue to unleash new and sophisticated attacks targeting vulnerabilities we never knew existed or haven't yet patched.
The playing field is tilted in favor of the bad guys, which means that organizations will need to hire more security professionals to combat today's sophisticated threats. Yet there simply aren't enough skilled security professionals out there. In fact, it's estimated that about 1.5 million cybersecurity positions will go unfilled by 2020, according to a report
from Frost & Sullivan and (ISC)². What's more, about 25% of companies responding to a survey by ISACA's Cybersecurity Nexus revealed that it takes them at least six months to fill important cybersecurity openings.
Even if you could find enough qualified people, if you're relying on traditional manually oriented approaches to cybersecurity, you couldn't afford to hire the full number that it would take to find and defend against modern threat actors. These days, security leaders must learn how to optimize their budgets and ensure their teams are focusing on the right tasks and the right risks.
They need to take a pragmatic approach toward cybersecurity, one that assumes compromises will occur and that they have a security operations capability they can trust to quickly detect and repel an attacker. Fortunately, advances in artificial intelligence (AI) promise to greatly accelerate this organizational capability, at a reduced manpower cost. Security analytics solutions that leverage AI technologies like machine learning (ML) can provide more accurate threat detection and shine a spotlight on advanced threats that might otherwise go undetected. AI can also augment or eliminate a large number of manual tasks, allowing analysts to instead concentrate on more valuable activities that require human cognition and judgment.
When it comes to detecting advanced threats, we must assume threat actors will constantly evolve their tactics to evade existing protective and defensive measures. AI-enabled security analytics can analyze vast amounts of forensic data and build complex and deep behavioral profiles of users, servers and endpoints. When a user, server or endpoint is inevitably compromised by a threat actor, behavioral shifts will occur. AI systems will be able to detect these behavioral shifts and determine, with increasing accuracy, when they represent a security incident.
Even more potent, cloud-based AI can leverage the wisdom of the crowd to self-evolve its threat detection capabilities. Imagine an AI-enabled security analytics technology capable of incorporating real-world feedback from security operations centers across the world. Such a technology would self-evolve and eventually become able to detect hidden and previously unknown threats with unprecedented speed and accuracy.
This is just the tip of the spear. Ultimately, AI will profoundly change the way the modern system on a chip (SOC) conducts all of its primary missions. In fact, I believe that as much as 90% of today's activity in the SOC will eventually be automated or augmented through the application of AI within the technologies that support the SOC, such as technologies like security information and event management (SIEM).
For example, it won't be long before AI will intelligently handle or guide much of the workflow around the investigation of and response to a threat. Today, responding to a threat can consume an inordinate, if not dangerous, amount of time. This is because incident response workflows are often disjointed and very manually intensive and require accessing siloed forensic information and leveraging a collection of disparate tools.
In the near future, AI-enabled technologies will pre-qualify security events and alarms, automatically eliminating false positives and elevating high-risk threats. AI-enabled technologies will augment threat investigations, immediately associating new forensic data and alarms with an active investigation or incident. AI will also play a role in predicting the appropriate response for a given class of threat and ultimately automate some or all of the responses to that threat. Ultimately, AI-enabled technologies will automatically detect and respond to threats within seconds, where today they may go unnoticed and unresolved for days or even months.
Up until now, the cyber war has not been a fair fight. Motivated threat actors have increasingly had the upper hand. Artificial intelligence will alter the terms of engagement. While full vision realization for the AI-enabled SOC is in the future, there are technologies available today that can force multiply your security operations team. Enterprises that want to get serious about their ability to rapidly detect, investigate and neutralize threats should reevaluate whether their current SIEM is up to the task or consider augmenting it with solutions like user entity and behavior analytics (UEBA). Modern, next-generation SIEM technologies and UEBA solutions are leading the way in the application of artificial intelligence and automation, and are finally tilting the battlefield in the favor of the good guys.