The capabilities of automation tools have not gone unnoticed in the cybersecurity market. Here, Tim Wallen, LogPoint Regional Director, UK&I, discusses what is needed for AI, Machine Learning and RPA to transform cybersecurity.
2020 was a wakeup call for security professionals globally as cybercriminals capitalised on the uncertainty and changes induced in the pandemic era.
Unfortunately, this trend was not bucked in 2021. Indeed, the threat landscape continued to intensify, driven by a growth in attacks and the increasing sophistication of techniques used by perpetrators, adding additional pressures into a profession that – in the eyes of many – is nearing breaking point.
Reports that a record US$40 million ransomware payment was paid by a US insurance company after its network was brought down and data stolen, merely scratches the surface of the cybercriminal events of last year.
Indeed, other reports suggest that corporate networks saw a 50% spike in attacks year over year in 2021, while IBM reveals that the average cost of a data breach rose to US$4.24 million – the highest in 17 years.
Despite popular belief, cybercriminals are not lone actors operating on basic laptops out of the back of garages. Today, they are highly sophisticated, organised networks that are often backed by nation states, leveraging vast resources, powerful technologies and highly skilled technicians.
Meanwhile, on the other side of the fight, it is estimated that the number of unfilled cybersecurity positions grew from one million in 2013 to 3.5 million in 2021, representing a significant capability deficit among those tasked with combatting cybercrime.
The importance of an intelligent approach
This current situation is a major challenge, consistently leaving security professionals at least one step behind criminals and constantly playing catch up.
Thankfully, however, new technologies are beginning to emerge that are demonstrating significant potential in tilting the balance in favour of security teams.
Specifically, I’m referring to a new breed of intelligent solutions powered by Artificial Intelligence (AI), Machine Learning and Robotic Process Automation (RPA). If deployed in the right way, these technologies are capable of undertaking much of the heavy lifting of security operations – and doing it in a more effective and efficient manner than any human could dream of.
Given the current context, they could be critical for any organisation, entirely transforming their ability to identify and respond to threats. They can provide the building blocks for automated detection and response capabilities that can identify and even predict when and where attacks might be happening, removing the need for security teams to scramble in attempts to get eyeballs on everything and put out multiple flames at once.
Indeed, detection simply isn’t enough anymore – it can still leave cybersecurity professionals struggling to look at every individual threat. Rather, a more intelligent approach is needed and these technologies are vital to achieving that.
A quantum leap in cybersecurity
Those that do implement automated detection and response effectively stand to benefit in numerous ways.
Without the need for human intervention, the time to react to threats can be dramatically reduced, preventing the potential success of attacks. Indeed, it could be the difference between success and failure, helping to prevent potentially catastrophic financial losses induced by ransomware demands, downtime and other adverse impacts.
Equally, the use of AI and Machine Learning can help to streamline security operations by shining a light on what processes are effective versus those which offer little to no real value.
Solution saturation is prevalent in many organisations right now. Where historically they may have opted to adopt new tools in order to deliver quick fixes and plug gaps, this can culminate in security postures built on tens of different solutions from tens of different vendors.
Not only is this complex, requiring security staff to understand and manage multiple different accounts and dashboards, but it also makes it difficult to understand where overlaps and potential gaps lie.
AI and Machine Learning can unravel this complex web of tools, showing which solutions offer sustained value and which ones are rarely used, if ever, helping firms to minimise their operational overheads.
Automation begins with comprehensive, reliable data
The benefits of intelligent security tools are night and day with those driven almost entirely by human cognition. Yet achieving the former setup is easier said than done.
Indeed, these technologies will not begin to deliver immense benefits simply overnight. Rather, much like a new employee, they require time and knowledge of a specific network and environment before they can begin to support security teams effectively and accurately.
This knowledge has to come from reliable, comprehensive data – something that organisations may not be able feed into Machine Learning models right away. Without this, they will fail to develop the adequate intelligence needed to power accurate and informed detection and response activities.
For this reason, it is imperative that companies expand and organise their datasets, creating something of a data lake for security purposes in the first instance.
These data lakes should be continually evolving. In order for Machine Learning models to learn and operate effectively, they need to always map users, showing what they are doing, the applications they are using, how they are using them and at what times. This is vital to spotting anomalous activities which in turn can trigger an effective automated response.
To deal with sophisticated threats, security responses need to be dynamic, requiring cutting-edge technologies. Simply put, they can offer complete visibility of an organisation’s network, provide an appropriate response for any given threat, as well as unlock a stream of benefits relating to cost, efficiencies and operations.
Yet for these technologies to work, a data-led security mindset is non-negotiable.
Indeed, with time, patience and effective inputs in the form of clean, reliable, accurate and comprehensive datasets, Machine Learning and AI can become game-changing weapons in the fight against cybercrime.