Integration of AI, Machine Learning and Modern Threat Management
Integration of AI, Machine Learning and Modern Threat Management
Cyber threats are evolving at an unprecedented rate, as COVID continues to open doors for a more organized group of bad actors. George Nastassi, Associate Partner, Threat Management, Cloud and Cognitive Software, with IBM Canada, says AI-fueled systems are the best line of defense.
A subject matter expert with extensive experience in security operations, Nastassi outlined the challenges of modern threat management during her keynote address in Security and AI, one of three seasons of ITWC's MapleSec Satellite series. "We usually don't do a great job or consistently do a great job at incorporating past knowledge, primarily what we've done before, how we've done it, and how we can use that knowledge further." are," he said.
streamlining threat management
Citing an example from her area of expertise in cybersecurity operations, Nastassi looks at the three phases of a threat management lifecycle, from insight and discovery to systems restoration. “If you really think about it, a lot of the work in these three phases can be augmented with AI and machine learning to improve our work,” he said. "A good part of the effort has been made and resources expended which can thus be better distributed."
Obtaining critical information and saving analyst time
According to Nastassi, some tools have matured significantly over the years and the adoption of User and Entity Behavior Analysis (UEBA) with machine learning capabilities gives us important insights. By continuously monitoring activities and building a baseline of normal behavior, machine learning can detect deviations from that normal baseline and identify malicious activity. Machine learning can also generate detailed risk scores for individual users and entities that are tracked and automatically add points for more conclusive threat escalation.
In another example of the integration of AI, machine learning and threat detection analysis, Nastassi said IBM typically spends a lot of time analyzing security incidents, many of which turn out to be either false or benign. “It happens all the time, so why not run a security program through a machine learning model and make decisions in seconds instead of hours,” he asked. "If we can get machine learning to do this for us, we save our analysts valuable time, which they can use on more high-value work, such as investigations or follow-up."
driving a fast reaction time
Nastassi is also an advocate for using AI and machine learning to enhance response capabilities. "We spend hours researching indicators of compromise," he explained. “AI can gather that information in seconds or minutes and correlate the information for easy inclusion in analysis. The time saved makes a big difference in how quickly we respond to legitimate threats, and the faster we can respond, the less likely the impact of that cyber security incident will be. "
As remote work continues to erode the edge of IT infrastructure, the risks are coming fast and furiously. Detecting threats is an important first step, but the difference Nastassi estimates is using AI and machine learning to detect behavioral abnormalities, reduce reaction times, and thwart serious attacks.
No comments