Cyber attacks targeting Internet of Things (IoT) devices, the rise of state-sponsored incidents targeting both businesses and rival governments, and rate of attempted cyber attacks of approximately one every 39 seconds all paint an alarming picture.
The array of digital threats facing modern businesses has never been more sophisticated or diverse. Cyber criminals are getting more creative, and the tools they use to target their victims have grown both more sophisticated and more widely accessible.
Consequently, security teams remain understaffed, with the global IT security skills shortage topping 4 million professionals as of November 2019. There simply aren't enough skilled professionals to keep up with the unending barrage of cyberattacks.
I'm reminded of an opinion piece I read in SC Magazine by Chris Triolo, former vice president of professional services, education, and support at HP Enterprise Security Products and now a vice president at Respond Software.
"Hackers only need to find one weak point to steal valuable information. On the flip side, you need to account for every possible vulnerability across your entire infrastructure."
—Chris Triolo
While there's still no feasible end in sight for the skills shortage, there is a solution just over the horizon: artificial intelligence (AI). By applying machine learning to your organization's cybersecurity, you can use predictive analytics to create a "digital immune system" for your networks and devices.
Unfortunately, it isn't as simple as booting up a security tool and diving in. Here's how to get the most out of AI-enabled cybersecurity, and a few things you'll need to understand before you do so.
Know what you want to accomplish
Like any software tool, an AI-based cybersecurity platform needs to be applied intelligently if you're to gain anything from its use. You cannot succeed with a generalist approach, and you cannot simply slap some new software onto your existing infrastructure and call it a day.
You need not only an implementation plan but also a clear understanding of your organization's risk profile.
This includes the systems and data you need to protect, and what you need to protect them from. It also includes your crisis response and disaster recovery plans, and how you intend to comply with any regulatory frameworks to which your organization is subject.
Armed with this knowledge, you can then begin your search for a platform built with your specific needs in mind.
While I do recommend performing this legwork on your own before you look for a vendor, it's not strictly necessary. Many cybersecurity vendors working in predictive analytics also offer specialized cybersecurity consulting services. As such, if you have the budget for it, you can skip the early stages and engage directly with a vendor that's knowledgeable about your industry.
Narrow your dataset (but not too much)
The most frequent misconception I see around analytics of any kind involves data volume. Like it or not, most of the raw data your business generates in its day-to-day operations isn't particularly useful from a cybersecurity perspective. This data isn't useless; it's just not going to provide you with any security insights.
You want to focus on a few specific data points as part of your approach to analytics:
Employee data—Monitor (with employee consent) staff behavior in the workplace and when connected to your servers via VPN. This will help you establish a baseline for each employee, allowing you to flag anything that might constitute suspicious activity. Pay especially close attention to access data, location data, and any personally identifying information.
Network, application, and cloud traffic—Again, you're monitoring and analyzing digital traffic to establish how it looks on an ordinary day. When something falls outside this norm, such as a connection to an unrecognized remote server, you can configure your platform to notify security staff.
External intelligence—This includes newly reported malware and vulnerabilities, newly discovered attack vectors, and so on. Feeding this data into your analytics platform can train it to recognize the flags that indicate you're being targeted.
Understand the limitations
Among the most persistent myths about AI-based cybersecurity is that it's some sort of incredible cure-all, and that incorporating it means your organization is light-years ahead in terms of its security posture. At the end of the day, AI is a tool.
Like any tool, it's only as good as the people using it. As such, in order to wield predictive analytics to its fullest extent, you'll need more than trained security professionals. You'll need to hire people with big data expertise or find a way to train internal staff in data analytics.
Predictive analytics also won't fix your security if it's fundamentally broken on any level. It cannot replace traditional security measures such as malware scanning, firewalls, and access controls. Instead, it should complement these utilities.
Moving toward an AI-driven future
I've heard predictive security analytics platforms referred to as something akin to a digital immune system, a network that can proactively protect itself against emerging threats, detecting potential data breaches and cyber attacks before they even happen. Such an assertion isn't that far from the truth, but only if said platform is properly deployed.
To use AI to its fullest extent, you have to understand not only your security posture, but also how big data and data analytics actually work. Otherwise, it'll just be little more than another Band-Aid fix.
Keep learning
Learn from your SecOps peers with TechBeacon's State of SecOps 2021 Guide. Plus: Download the CyberRes 2021 State of Security Operations.
Get a handle on SecOps tooling with TechBeacon's Guide, which includes the GigaOm Radar for SIEM.
The future is security as code. Find out how DevSecOps gets you there with TechBeacon's Guide. Plus: See the SANS DevSecOps survey report for key insights for practitioners.
Get up to speed on cyber resilience with TechBeacon's Guide. Plus: Take the Cyber Resilience Assessment.
Put it all into action with TechBeacon's Guide to a Modern Security Operations Center.