Security Experts:

Realizing the Potential of AI-Driven Security Operations

Artificial Intelligence in Security

Managing security is an increasingly complicated task for a number of reason. First, networks are expanding rapidly, and many organizations have found that their visibility across the network has been significantly reduced. Siloed security tools and isolated network development and security projects have resulted in vendor sprawl, which means more management consoles to track and more data that isn’t being correlated quickly enough to detect fast-moving threats.

Filling the Skills Gap with Machine Learning and Artificial Intelligence

The other issue is the security skills gap. When finding people with even general security skills is becoming increasingly difficult, finding individuals with specialized skills, such as security analysts, is becoming nearly impossible. But without enough skilled people on the IT staff to analyze the growing volume of data being generated, threats get missed, or they get discovered too late to do anything about them. 

Traditionally, ML and AI are used by organizations to perform mundane tasks that bog down security teams, such as correlating log files or performing device patching and updating. But that only scratches the surface of their potential. But Machine Learning (ML) and Artificial Intelligence (AI) can also help fill the cybersecurity skills gap by reducing the complexity and overhead that comes from an expanding security infrastructure. They are perfectly suited for data-oriented tasks, such as the correlation and analysis of log files and threat alerts being generated by an organization’s growing number of security and networking devices. 

The Critical Role of Machine Learning

ML-enhanced systems are quite capable of performing higher-order tasks, such as assessing new files, web sites, and network infrastructures to automatically identify malware and other exploits. They can even detect previously unknown attacks that may reach an organization ahead of threat intelligence updates from vendors to upgrade their security devices. It can also generate threat intelligence about threats and threat patterns, known as security playbooks, to enable organizations to more accurately predict and prevent cyberthreats, as well as automatically.  

ML can also find and inventory devices with known vulnerabilities, and even schedule those devices for patching, upgrade, monitoring, or replacement. This function is especially critical as the volume of vulnerable IoT devices being deployed in networks continues to increase. When combined with the inability to easily patch or harden many of these devices, many organizations simply do not have systems in place to identify and secure these potential points of attack. ML-based systems can take the guesswork out of analyzing and securing IoT resources.

AI-based Security Operations Level the Cybersecurity Playing Field

Likewise, some AI systems are now able to aggregate and analyze massive amounts of data coming from hundreds of sources across an organization’s IT and security infrastructure to detect hidden threats – a process that not even the best data analysts could match. It can also enrich and alert on those threats, with the option of orchestrating a coordinated response using selected resources from across the network to improve the efficiency of security operations.  

AI can also leverage playbooks generated by ML systems to improve the accuracy and efficiency of its data analysis. By correlating threat patterns and practices with live network traffic, an AI system should be able to detect threat patterns and interrupt an attack before it has the opportunity to execute its objectives. Over time, this process will become increasingly efficient, giving organizations a significant advantage over their cyber adversaries.

Such groundbreaking advances in AI enable the automatic prevention, detection, and response to cyber threats at a level of accuracy and speed that human resources and siloed management platforms have never been unable to achieve. By weaving AI across the network through strategically deployed security platforms, organizations not only enjoy comprehensive visibility and protection across all devices, users, endpoints, and environments, but centralized AI-driven security operations can also collect, correlate, and communicate across that security fabric to ensure faster and more comprehensive response and remediation. 

This provides organizations with an unprecedented capacity to manage the sprawling – and growing – collection of security devices they have in place, as well as see and protect the data, applications, and workflows spread across their deployed network systems, access points, and mobile and IoT devices, whether physical or virtual.  

AI Shifts the Advantage from Cyber Criminals to Cyber Defenders 

By integrating these systems with SOC environments, AI-enhanced cybersecurity systems can augment an entire team of threat researchers, security analysts, incident responders, and more. This enables the organization to reduce the risk and potential impact of security incidents by blocking more threats, detecting them sooner, and responding to breaches and exploits faster – while simultaneously improving the overall efficiency and cost of their security operations.

And by driving advanced AI technologies deep into the distributed network and security infrastructure, organizations can significantly enhance their ability to detect and respond to threats, adapt security policies and protocols in real time to keep up dynamic network changes, and extend visibility and control across the entire distributed network. This, in turn, amplifies and accelerates the services of on-staff threat researchers and data analysts, enabling them to oversee security operations rather than trying to keep up with the correlation and processing of a growing volume of threat intelligence. By combining ML and AI with a team of advanced cybersecurity professionals to deploy true AI-driven security operations, organizations can stay a step ahead of cybercriminals, ensuring that they can more consistently and efficiently keep their organization out of harm’s way.

RelatedHuman Intelligence is Pivotal in a Data-Driven World

view counter
John Maddison is EVP of Products and CMO at Fortinet. He has more than 20 years of experience in the telecommunications, IT Infrastructure, and security industries. Previously he held positions as general manager data center division and senior vice president core technology at Trend Micro. Before that John was senior director of product management at Lucent Technologies. He has lived and worked in Europe, Asia, and the United States. John graduated with a bachelor of telecommunications engineering degree from Plymouth University, United Kingdom.