Every CISO is acutely aware of the double-edged sword presented by the use of AI technologies such as machine learning: They are increasingly being deployed by malicious actors as an offensive tool that can automate many of the tasks in building a weapon, at lower cost and with greater efficiency. That’s why the other edge of the sword—a strong, automated defensive bulwark—is critical for enterprises to secure their vast environments.
For Emily Heath, vice president and chief information security officer at United, the global airline, one of the key benefits of automation through machine learning is visibility into the network—understanding what is normal or anomalous activity. “Without a machine to help you, you can’t possibly weed through millions and tens of millions of events that happen across the data flow,” she says. “Automation is a core strategy for us. We’re always looking for ways to automate even simple activities and build automation into processes and workflows. The whole concept of our security program is centered around being proactive, which is where you get then into predictive analytics.”
Analytics is a force multiplier in the effort to detect and secure the network, amplifying the capabilities of security teams, reducing risk, and increasing efficiency and productivity. Here’s a closer look:
Augmenting humans. AI gives human experts visibility into their complex environments, enhancing the capabilities of security teams. Think of all the access privileges that need to be granted or modified quickly across the enterprise, at any given moment, as employees and other stakeholders enter or leave the network. And, in terms of incident response, think of all the false positives being investigated by the typical enterprise security team.
“When it comes to some of the incident response-related tasks, we’re automating the analysts as much to take away some of the noise,” Heath says. “When analysts actually do end up investigating an anomaly, they’ve already gotten a head start from the machines. They can focus on truly understanding any incident that they may be asked to investigate.”
Reducing risks. Time-series analysis and machine learning increase detection capabilities. Such adaptive, continuous-learning technologies adjust to evolving risk models and threats, and they enable something every security team chases: speed.
“It’s essential for us to be able to react quickly enough, and to be able to detect quickly enough that there’s an attack that might be happening,” says Dawn Cappelli, global security and chief information officer at Rockwell Automation, a provider of industrial automation and information technology. “AI is essential for us to be able to respond quickly enough to attacks.”
Efficiency and productivity. When IT and security teams spend less time chasing false positives and focusing more on higher-risk issues, the overall efficiency and productivity of security teams increases.
Productivity increases when automation removes the noise in the network—the millions and tens of millions of harmless events happening across the data flow. “If you can use analytics and machine learning to do that for you,” Heath says, “then your teams end up investigating something more meaningful. That will help them close down any potential issue much faster than they would if they were working alone.”
THE FUTURE IS AUTOMATION
In a cybersecurity environment that is changing at every moment, with new technologies and threats emerging, it’s important to accept that enterprises cannot defend against every possible attack. One of the key takeaways from the Forbes Insights report was a shift in attitude toward detection and response tactics.
“You have to use machine learning,” Heath says. “You have to use analytics because human beings just don’t have the practical power to do that. We have been using machine learning and analytics to help us make better decisions, especially when it comes to detection. Because the number of security events happening is enormous.”