Playbook Volume 9 - ChannelVision Magazine

“Already, AI as part of an ICS (indus- trial control systems) cybersecurity so- lution is allowing for functions such as proactive threat hunting and behavior- based anomaly detection to advance at the pace of new and evolving threats,” added Thomas Nuth, product marketing director for Nozomi Networks. “Customers can rest assured that expensive and time-intensive changes to an already-deployed ICS cyberse- curity solution aren’t necessary thanks to embedded AI and machine learning functionality,” said Nuth. “In the future, AI will undoubtedly grow effective in not only anticipating cyber-born threats but also identifying critical states in process before they occur.” Respondents to the Ponemon sur- vey believe the most important benefits of automation technology is the ability to reduce the amount of time and ef- fort required to investigate an alert (71 percent of respondents), followed by a reduction in the number of false posi- tives that analysts must investigate (68 percent of respondents). The top ex- pected benefits from machine learning and advanced analytics, meanwhile, include increased effectiveness of secu- rity teams, more efficient investigations and the ability to find stealthy threats that have evaded the standard security defenses, show Ponemon’s findings. Currently, 29 percent of respondents say machine learning is implemented throughout their IT infrastructure either extensively (12 percent) or partially (17 percent). Forty-six percent of respon- dents say they will have machine learn- ing in the next 12 months (26 percent) or in more than a year (20 percent). Of those organizations that have machine learning, 30 percent say they acquired a turnkey product or engaged a managed service provider (26 percent). Only 20 percent of respondents say they built their own machine learning capabilities. Of course, as with all things security and IT, any tool the good guys have is also available to the bad guys. “AI is helping the good guys do more automation and process intelligence faster, allowing cyber threats to be de- tected faster. However, the downside to this is that the bad guys have the same AI and are using it to counteract being detected,” said Joseph Carson, chief security specialist at Thycotic, which offers privileged password and endpoint protection solutions. “We have to re- member cybercriminals have been us- ing AI for several years and already are several steps ahead of the good guys.” In other words, AI and automation will be integrated into security solutions not only because of the inherent ben- efits but because it will be necessary to simply keep pace with cyber criminals and other threat actors that are actively employing automation to morph and scale their attacks. “Cybersecurity is an arms race, and the weaker party will resort to asymmet- ric means to achieve its goals,” added Banic. “Just as organizations are adopt- ing machine learning and AI to improve their cybersecurity posture, so are the threat actors.” Attackers will increasingly use machine learning to speed up the process of finding vulnerabilities in com- mercial products, said Banic, “with the end result being that attackers will use ever-more new exploits without signaling that AI was involved in their creation.” “AI and automation are helping nefarious actors to develop more sophisticated attacks and to exploit vulnerabilities more quickly, often be- fore organizations can test and apply patches,” added Ken Ammon, chief strategy officer at security-as-as-service company OPAQ. “However, the use of AI and automation by the good guys is gaining significant momentum and is proving to significantly help reduce time to detection and response.” Ultimately, expectations for AI and automaton need to be kept at healthy levels of exuberance, Zeltser warns. While they have an important role to play within cybersecurity, there are no silver bullets and even advanced intel- ligence has its limitations. “Just because an antivirus tool uses AI doesn’t mean attackers cannot craft malware that evades it,” said Zeltser. Like other aspects of IT, cyberse- curity needs to involve a diverse set of technologies, he said. “This is espe- cially important in security architecture, which recognizes the fallibility of relying on a single layer and advocates the de- fense in depth.” Zeltser ’s advice: “Automate tasks best handled by computers,” he said, “use AI where appropriate and include other defense strategies to have a healthy and diversified security stack.” o The top security benefits from ML and advanced analytics Source: Ponemon Institute 68% 60% 59% 58% 0% 10% 20% 30% 40% 50% 60% 70% 80% Reduce the number of false positives that analysts must investigate Find attacks before they do damage Automate key tasks in the investigation, decision making and remediation process Improve the coordination between the networking, operations and security teams Three responses permitted Source: Ponemon Institute 0% 10% 20% 30% 40% 50% 60% 70% 63% 60% 56% 44% 32% 28% 18% Increase effectiveness of security teams More efficient investigations Find stealthy threats that have evaded the standard security defenses Better integration with threat intelligence sources Automate routine tasks Reduction in white noise/false positives Supplement to Security Information and Event Management Systems (SIEM) 14 THE CHANNEL MANAGER’S PLAYBOOK