TDWI Articles

Putting AI to Work Protecting Your Data (Part 1 of 2)

Cybersecurity is a top priority for enterprises, but it often seems they’re losing an ever-changing battle. How can artificial intelligence help?

AI technology is attracting the attention of enterprises large and small, and given the current state of cybersecurity, it’s no wonder AI is being applied to keeping data safe. To learn more, we spoke with Grant Wernick, CEO of Insight Engines. In the first part of our conversation, we discuss the state of cybersecurity, how enterprises are tackling the issues, the impact of a shortage of skilled security professionals, and how hackers and attackers are gaining the upper hand. In part 2, we’ll discuss how AI technology can solve many of these problems.

For Further Reading:

All Data and No Security Orchestration Makes You an Ineffective Security Analyst

Can AI Solve Our Cybersecurity Challenges?


Putting AI to Work Protecting Your Data (Part 2 of 2)

Upside: We know that data protection is a top priority among enterprises, but a McKinsey survey says that cybersecurity is currently not as efficient as it could be. Where do you see the inefficiencies? What steps are enterprises taking to try to improve cybersecurity and overcome these inefficiencies?

Grant Wernick: With the emergence of new technologies such as AI, the expansion of data from the Internet of Things (IoT), and advanced analytics, companies and their customers are being exposed to a growing number of cybersecurity risks. IoT, in particular, is creating billions of new entry points where companies are connected to the Internet, further increasing their vulnerability to cyberattacks. The problem is that as the cyber universe is changing, most organizations’ security models and protocols are not changing with it. Having the latest state-of-the-art firewall and malware software is not enough to fend off today’s sophisticated hackers.

Some of the common inefficiencies we’ve seen include companies treating cybersecurity as overhead and only an IT problem. They make huge investments in technology without initiatives to reduce their complex data infrastructure. Most don’t fully understand what data they have or where it sits in the organization and therefore are in the dark when it comes to new vulnerabilities.

Additionally, most teams operate around a SIEM that focuses them on standard rules and processes for threat detection via fixed dashboards that can easily miss significant threats hiding in the dark corners. If you want to go beyond the fixed dashboards of these stagnant frameworks, you’ll have to write complex data-store search queries. These queries can take hours or days to craft, making it difficult to get ahead of attackers and uncover new insights.

Forward-thinking organizations have started to apply AI and machine learning (ML) to help with common issues and anomaly detection. However, this approach is only part of the solution, requiring extensive supervision from experienced analysts in order to reduce false positives.

Are these approaches succeeding or failing -- and how?

Using smart, functional AI to manage risk is a key advancement in cybersecurity management, but relying on AI alone is not enough. Machines are very good at exact processes and automation but can’t replace humans when it comes to interpreting meaning from results.

Another, more effective way to address what’s needed today is a hybrid model that uses AI to fuel human intuition and creativity in investigating and mitigating threats. With advances in natural language processing (NLP), both advanced security analysts and nontechnical beginners can ask questions of their machine data through English language search instead of learning complex query languages.

This enables organizations to discover the value of their machine data through real-time, intelligent questioning that goes beyond traditional static security frameworks and the typical model of log store search, which takes too long and leaves many gaps undiscovered.

Cyberattacks are on the rise, yet data shows that the cybersecurity industry suffers from a significant shortage of skilled professionals. How big a problem is this and what should be done about it? What steps should enterprises take to address the problem?

It’s true. The cybersecurity industry has been experiencing a major shortage in skilled personnel, placing organizations at greater risk. In 2017, the National Initiative for Cybersecurity Education (NICE) reported that 285,000 cybersecurity roles went unfilled in the U.S. alone.

There are a few reasons why. First, with the growing number of risks today, the specialized skill set required to monitor, respond to, and remediate threats has become highly valued. Organizations are feeling pressure to hire large teams to manage and monitor threats but can’t keep pace with this demand. These specialized IT professionals are in short supply, and involve a high cost to enterprises looking to employ these experts to build their teams.

Additionally, the lackluster processes involved for threat management can be extremely laborious and unimaginative for professionals. They spend hours to days, even weeks, monitoring possible threats before seeing any outcomes. The tedious nature of these roles makes it hard to both acquire and retain talented individuals who would rather be using their skills, knowledge, and creativity to proactively uncover threats and solve problems.

The issue of talent shortage directly affects the ability of organizations to adequately defend themselves against threats. We’ve been deployed in major security centers where an incident has occurred in real time, and they didn’t have the people there with the right technical skills in that moment to handle it. Organizations need to democratize that process and open it to a much broader set of data analysts who can quickly learn security concepts. The technology is here to do that.

Newer AI approaches that provide an easy-to-use NLP search interface to augment human intelligence enable nontechnical professionals to get involved with cybersecurity management, therefore minimizing some of the pressures caused by the talent shortage.

Attackers are becoming increasingly more creative as well. Are defenders able to adapt and remain effective? What is working and what isn’t?

Imagination and creativity have long been the advantage of hackers and cybercriminals. We need to turn the tables and enable security teams to use their own imaginations to identify potential vulnerabilities before the attackers do. The speed and efficiency with which AI is enabling defenders to sort through vast amounts of data is clearly a win for the defenders. However, as I mentioned earlier, AI needs to be a tool human teams can use to effectively spot defects in data sources and investigate in any number of directions.

For organizations to become more creative, proactive, and comprehensive in threat detection, they need to do three things:

  • Embrace the culture of data curiosity and continuous learning
  • Adopt a dynamic (not static) security stance
  • Make sure their data is in good shape.

By doing these three things, you empower security teams to be problem solvers much earlier in the cybersecurity game.

How have disruptive technologies such as IoT exacerbated the cybersecurity problem?

IoT has created enormous efficiencies in just about every aspect of our world you can think of, from manufacturing to healthcare to financial services and our daily consumer lifestyles. The efficiencies come from a greater and richer connectedness that has created huge networks of data. This is mostly good, but one unintended consequence is that it created many more points of vulnerability from a security perspective. It’s like trying to protect millions of ports of entry all at once. This is a major factor in our current cybersecurity crisis, spurring the need for better, faster modes of threat investigation, detection, and remediation.

How has big data transformed cybersecurity operations?

Even though the explosion of big data has created more security risks for organizations’ many data-driven initiatives, this vast amount of data is also advantageous to cybersecurity operations. With the right systems and tools in place, security teams can tap into enterprise data for more timely analytics, cross-reference the various sources, and thus increase their threat visibility. As internal and external threats evolve daily, enterprises, federal agencies, and others need the ability to unlock the power of their data to regain advantage.

TDWI Membership

Accelerate Your Projects,
and Your Career

TDWI Members have access to exclusive research reports, publications, communities and training.

Individual, Student, and Team memberships available.