Cybersecurity Solutions - Cyber Security Platform | SenseOn

View Original

How Can AI Improve Cyber Security?

Laura Martisiute

Right now, organisations using AI cybersecurity tools like SenseOn can improve their cybersecurity in three core ways: 

  • Saving money – using AI to augment your SIEM can cut your data ingestion costs by 10X. 

  • Saving time – AI-powered detection and response can reduce the amount of false alerts surfaced to analysts by 90%+. 

  • Automatic threat detection and response – Linked into the MITRE ATT&CK framework, AI can help you detect and isolate threats faster.

But, in the future, one of the most significant benefits of AI will be its ability to protect organisations from….AI.

To see why, let’s jump into a time machine.

It’s 2033, And You’re a CISO In a Mid-Sized Company 

You’ve got around 5,000 endpoints, a hybrid cloud environment, hundreds of employees and a threat landscape that’s just like today’s but worse. 

With the rate of advances in generative AI, in 2033, even the most basic script kiddies are likely to be using AI-powered malware. Worms, viruses and ransomware can all change their code and even attack techniques in real-time based on the kind of controls they encounter.

In this threat landscape, “polymorphic malware” is all malware, and a single layer of signature-based security controls is redundant.

Malware developers have learned to use generative AI to supercharge the rate at which they can detect vulnerabilities and develop exploits. 

We predict that the average time between a vulnerability being discovered, patched, and an exploit development has gone from an average of 35 days today to almost nothing. Patching all but the very worst CVEs is effectively impossible.

There will also be more legacy IT in your environment than ever. By 2033, even your newest Windows Server 2022 endpoints will be out of support, just like Windows 2012 is today.

While it’s likely that Zero Trust adoption will keep getting more mature, there will still be plenty of gaps – primarily due to access misconfiguration – that cybercriminals will exploit to gain network access.

In 2033, staff will likely be just as hard to find. The cybersecurity skills shortage of the 2020s will only partially resolve, and while this could be great for your career, skilled analysts have become some of the most sought-after hires in the world. 

Thanks to the decline of foundational computing skills and the rise of easy-to-use interfaces, your direct reports, the older crop of Generation Z juniors and graduates, are also sadly not going to be as technologically literate as you were at their stage.

Retaining the best analysts on your team will be the number one priority, and no one will stay for long in a job where routine analysis is 80% of the workload.

Using AI to Improve Cyber Security

In the future threat landscape described above, AI-powered cybersecurity will be as essential to endpoint, network and cloud security as antivirus is today. 

Organisations must take massive amounts of data from every part of their environment, process and normalise it in real-time, and take immediate automated action to filter out false positives. 

There will be no other way to stop the mysterious insider threats, polymorphic malware, 2FA bypasses, cloud data breaches and other signatureless threats that will dominate the threat landscape in 203.…wait a second. 

That sounds like today’s threat landscape!

That’s because it is. Forget 2033; many threats and risks that will drive AI adoption over the next ten years are present today. 

Right now, security teams need AI to improve cybersecurity by:

  • Solving the security data problem plaguing many present-day solution types like XDR (which by 2033 might mean something) and combining endpoint, network, cloud and user telemetry into a single analysis and output. 

  • Protecting human analysts from burning out while chasing false positive alerts by figuring out and flagging only genuine threats in their environments. 

  • Automating threat detection and analysis and taking immediate action, i.e., blocking an IP used in a C&C attempt. 

AI can help ensure the majority of alerts analysts see are actually incidents they must deal with and put all the information they need for remediation and threat intelligence into a single pane of glass. 

In 2033, everyone will have this kind of AI technology in their environments. But you don’t need it then; you need AI cybersecurity improvements now.

Stopping Tomorrow’s Threats with Today’s Tech

It will not take long before articles quoting security researchers claiming that “AI is still in its early days in the criminal underground” are seen as naive.

SenseOn’s AI-powered engine uses supervised and unsupervised machine learning to understand your digital systems, whether on internal networks or the cloud, and learn what is usual or abnormal behaviour. 

This AI telemetry comes from all across your environment, processing what would otherwise be disparate log data into a single unified format.  

Contact us today to find out more.