What Your Plan for AI-Powered Cybersecurity Should Look Like

What Your Plan for AI-Powered Cybersecurity Should Look Like

Your Plan for AI-Powered Cybersecurity
We’re overloaded by security alerts these days. The Anticipating the Unknowns: Chief Information Security Officer (CISO) Benchmark Study reveals that 41 percent of participants received more than 10,000 security alerts per day. A much smaller number (about one percent of respondents) even reported seeing over 500,000 warnings a day. Not surprisingly, SOC teams can’t deal with all these alerts and are responding to a smaller percentage of alarms—50.7 percent in 2019 versus 55.6 percent in 2018. Only 24.1 percent of alerts in 2019 turned out to be legitimate, down from 34 percent in 2018.

A report from CapGemini reveals that many of us are now turning to AI-powered cybersecurity to grapple with the increasing alert volume. To better understand why this is happening, we’ll discuss the report’s findings on why organizations are turning to this type of technology. We will cover the report’s conclusions and provide additional information on the value of an AI-driven network detection and response (NDR) platform.

In What Ways Are AI-Powered Cybersecurity Increasing?

CapGemini found that AI-powered cybersecurity is increasing at a time when we are already dealing with the monetary costs of a data breach. Indeed, approximately one in five executives (21 percent) told CapGemini that their organization had experienced a breach in 2018 that produced unauthorized access to networks, devices, applications or data. Of those, about a fifth reported having suffered losses of more than $50 million. This doesn’t even account for the reputational damage and other damages that organizations can suffer following a breach.

Did these execs think that things would improve over the next year? Not by a long shot. In fact, 14 percent of them said they expected that the number of cyberattacks against their organization could double over the next 12 months. This means more monetary penalties could be heading their way.

Clearly, we have an incentive to avoid these types of costs in the future. The skills gap makes it difficult to hire more skilled personnel, so the best answer is to invest in technology that can help protect against future security incidents. This is the promise of AI-based systems. By learning malicious behavior that might not be bound by known signatures, these tools can help protect us against a wider array of attacks than signature-based tools.

Not surprisingly, many of us are looking to make room for AI in our security infrastructure. CapGemini’s study found that close to half (48 percent) of respondents’ budgets for AI cybersecurity would increase by an average of 29 percent in FY 2020. About a quarter (28 percent) of participants revealed they were already using AI-enabled products, while close to three-quarters (73 percent) of firms said they were testing uses cases for AI-powered tools.

The Benefits of AI for Organizations

Why are so many of us turning to AI? It’s because of all the benefits that adopters can reap. Here are three of the biggest rewards, as identified by CapGemini:

  • Lowers the costs to detect and respond to breaches: AI helps organizations identify and reuse threat patterns to spot new threats. Via this means of analysis, it takes everyone less time to detect security concerns, thereby enabling security personnel to investigate and remediate potential incidents more quickly than they otherwise could.
  • Lowers time to detect security incidents: Ultimately, fast timing is essential for defending against a security event. AI positively contributes to this sense of speed; CapGemini found that AI-powered solutions could reduce overall incident response time by up to 12 percent and dwell time by up to 11 percent.
  • Improves efficiency for analysts: If security professionals can hand over some of their repetitive work to an AI-powered security solution, they can spend their time focusing on more important things like actually investigating potential security incidents. This improved efficiency helps make up for the skills gap by maximizing the time and effort of your analysts.

Recommendations for Going Forward

Are you interested in implementing an AI-powered cybersecurity solution? CapGemini has several recommendations for you. These include making sure to have the necessary data sets available in order to operationalize AI, building use cases for these complete data sets and making sure there are subject matter experts who can make changes, if necessary. The CapGemini report also advises that organizations deploy a security orchestration, automation and remediation (SOAR) platform, as it can help streamline incident response activities by gathering data from different sources.

To be effective, SOAR needs accurate threat detection and relevant context that AI doesn’t always deliver. For example, NDR leverages AI to identify and flag threats in network traffic, but if its AI relies solely on unsupervised learning, it can mistakenly identify anomalies as threats and miss threats that aren’t anomalies. To avoid this issue, look for an NDR solution that blends unsupervised and supervised learning to reduce false positives and false negatives. Supervised learning classifies data to distinguish between good and bad to accurately identify real threats. In addition, NDR should provide broad visibility across all forms of communication including endpoints, servers, mobile and devices so that it can provide intelligence on business context to further reduce false positives.

Learn more about how to evaluate an AI-powered cybersecurity solution. 

Teresa Wingfield

Teresa Wingfield

As a cyber security evangelist at Lastline, Teresa Wingfield enjoys sharing new perspectives on top security challenges such as SOC efficiency, sophisticated threats, network visibility, and hybrid data center protection.Teresa has more than ten years of security experience at leading companies such as McAfee (cloud and data center security), VMware (mobile security) and Symantec (virtual machine protection and website security).She has also worked at several startups in the endpoint detection and response and compliance fields.Teresa holds a M.S. in Information Technologies from the Massachusetts Institute of Technology.
Teresa Wingfield