How AI Empowers Cybersecurity Defenders from Hackers
AI augments defense strategies, debunks myths, and empowers defenders in the cybersecurity field. Eoin Hinchy of Tines explains how AI can improve cybersecurity operations to benefit organizations and improve their defenses against hackers.
Eoin Hinchy, CEO of Tines, dispels fears of AI-fueled cyberattacks, highlighting its greater benefits for security teams. Find out how to leverage AI as a force multiplier for organizational protection.
In cybersecurity, the rise of artificial intelligence has sparked fears of an “AI arms race,” where hackers harness AI-powered techniques and tools to launch more sophisticated and successful attacks.
This might make for good headlines — not to mention a highly effective marketing strategy for security software vendors — but the narrative doesn’t quite match up with reality. AI may indeed give hackers some new tools to play with, but the truth is that AI benefits security defenders far more than malicious actors.
Why AI Offers Limited Gains for Attackers
It’s true that AI may help hackers craft slightly better malware or social engineering techniques. However, it’s also worth remembering that bad actors successfully gained access to systems long before the arrival of AI and that traditional attack vectors — like phishing — remain highly effective. People are still clicking on phishing emails. The fact that bad actors are crafting slightly better emails with AI will not shift the balance of power dramatically.
Hackers’ main challenges aren’t problems that AI can easily solve. Targeting the right victims and maintaining access once inside systems require deception and stealth, something that algorithms have a hard time matching. AI might offer attackers some new tricks, but it doesn’t radically change their game, making it an incremental gain at best.
Addressing the Needle-In-A-Haystack Challenge
As the 2023 Voice of the SOC report outlined, security teams face enormous pressures as the threat landscape grows and budgets and resources shrink. With petabytes of information coming in daily, it’s extremely difficult and time-consuming to manually sift through logs and alerts and spot anomalies lurking within.
AI is uniquely positioned to help with this. Through machine learning, AI systems can be trained to scour security data rapidly and at scale, spotting patterns and detecting anomalies in a fraction of the time it would take a human analyst. Not only does this help organizations identify and mitigate risks more quickly but it also frees up security practitioners to focus on the most relevant threats, making it easier to allocate resources effectively.
The time savings were clear for Snowflake. As the data cloud organization grew, identifying, analyzing, and remediating threats became incredibly cumbersome as the volume of alerts grew with the number of employees and systems they needed to protect. Snowflake’s internal security data lake contained all the relevant information to investigate security alerts, but connecting the relevant data was manual.
Snowflake’s incident response team looked to automation to manage the growing volume of alerts across their environments. By creating an internal case management workflow, Snowflake reduced manual alert correlation by 91.4% and saved about ten human hours per day.
See More: Decoding AI Security: Risk, Research and Innovation
Gaining Time Back Through Automation
Many SOC functions, plagued by repetitive tasks, are prime candidates for automation. Steps like updating tickets, responding to common requests, and deploying updates can be easily handled by AI, and automating these processes allows security analysts to redirect their energy into more strategic, high-value work.
In the 2023 Voice of the SOC report, security professionals named spending time on manual work as what frustrated them the most. If they could automate part of that work, security teams would devote more time to researching and evaluating new tools, developing advanced detection rules, and integrating more systems and logs. A striking 93% of respondents agreed that automation at their workplace would improve their work/life balance.
Take this example. Until recently, the InfoSec team at a software company carried out little to no automation, and any automation they did implement was done manually through Python. Then, they created one automated workflow for rolling out multi-factor authentication (MFA) updates and another for detecting activity from unmanaged IP addresses.
Their automated alert investigation and triage workflow processed the same amount of work that would have taken them 93 days previously. Automation allows the team to perform investigations that would be impossible without the technology. The company estimates automation is now doing the work of at least three full-time employees.
AI can also help in making cybersecurity tools more user-friendly. Advancements like large language models (LLMs) are transforming how security systems understand and process security-related information, eliminating the need for security practitioners to be coding experts or master the unique query languages of individual security tools.
As LLMs evolve, they’ll be capable of interpreting security issues described in natural language, allowing security practitioners to automate through something as simple as a chat interface. By standardizing and simplifying these processes, AI makes security tools more accessible to a broader range of employees within the company, allowing people with various levels of technical expertise to participate in and contribute to the organization’s security efforts.
Seeing through the FUD
There are legitimate concerns about AI and how bad actors could exploit it. Hence, it’s important not to get swept up in the fear, uncertainty, and doubt (FUD) about how much it ups the ante. If there is an “AI arms race,” security teams are winning it.
Hackers usually seek the path of least resistance, which involves exploiting human behavior and psychology — something current AI is not especially well-equipped for. It’s also worth noting that most security breaches continue to succeed without AI and that the challenges hackers face in flying under the radar and staying undetected cannot be solved by AI alone.
On the opposite side of the table, AI represents a real force multiplier. By removing the restrictions that once limited defenders’ potential, AI significantly enhances security operations centers’ analytical and operational capabilities and empowers security teams to focus on the most important parts of their job. In this respect, AI is a true game-changer in cybersecurity — but for defenders, not attackers.
What AI tools have you adopted to enhance your organization’s cybersecurity systems? Let us know on Facebook, X, and LinkedIn. We’d love to hear from you!
Image Source: Shutterstock
MORE ON AI SECURITY
