Security Experts:

Connect with us

Hi, what are you looking for?


Incident Response

Realizing the Potential of AI-Driven Security Operations

Artificial Intelligence in Security

Artificial Intelligence in Security

Managing security is an increasingly complicated task for a number of reason. First, networks are expanding rapidly, and many organizations have found that their visibility across the network has been significantly reduced. Siloed security tools and isolated network development and security projects have resulted in vendor sprawl, which means more management consoles to track and more data that isn’t being correlated quickly enough to detect fast-moving threats.

Filling the Skills Gap with Machine Learning and Artificial Intelligence

The other issue is the security skills gap. When finding people with even general security skills is becoming increasingly difficult, finding individuals with specialized skills, such as security analysts, is becoming nearly impossible. But without enough skilled people on the IT staff to analyze the growing volume of data being generated, threats get missed, or they get discovered too late to do anything about them. 

Traditionally, ML and AI are used by organizations to perform mundane tasks that bog down security teams, such as correlating log files or performing device patching and updating. But that only scratches the surface of their potential. But Machine Learning (ML) and Artificial Intelligence (AI) can also help fill the cybersecurity skills gap by reducing the complexity and overhead that comes from an expanding security infrastructure. They are perfectly suited for data-oriented tasks, such as the correlation and analysis of log files and threat alerts being generated by an organization’s growing number of security and networking devices. 

The Critical Role of Machine Learning

ML-enhanced systems are quite capable of performing higher-order tasks, such as assessing new files, web sites, and network infrastructures to automatically identify malware and other exploits. They can even detect previously unknown attacks that may reach an organization ahead of threat intelligence updates from vendors to upgrade their security devices. It can also generate threat intelligence about threats and threat patterns, known as security playbooks, to enable organizations to more accurately predict and prevent cyberthreats, as well as automatically.  

ML can also find and inventory devices with known vulnerabilities, and even schedule those devices for patching, upgrade, monitoring, or replacement. This function is especially critical as the volume of vulnerable IoT devices being deployed in networks continues to increase. When combined with the inability to easily patch or harden many of these devices, many organizations simply do not have systems in place to identify and secure these potential points of attack. ML-based systems can take the guesswork out of analyzing and securing IoT resources.

AI-based Security Operations Level the Cybersecurity Playing Field

Likewise, some AI systems are now able to aggregate and analyze massive amounts of data coming from hundreds of sources across an organization’s IT and security infrastructure to detect hidden threats – a process that not even the best data analysts could match. It can also enrich and alert on those threats, with the option of orchestrating a coordinated response using selected resources from across the network to improve the efficiency of security operations.  

AI can also leverage playbooks generated by ML systems to improve the accuracy and efficiency of its data analysis. By correlating threat patterns and practices with live network traffic, an AI system should be able to detect threat patterns and interrupt an attack before it has the opportunity to execute its objectives. Over time, this process will become increasingly efficient, giving organizations a significant advantage over their cyber adversaries.

Such groundbreaking advances in AI enable the automatic prevention, detection, and response to cyber threats at a level of accuracy and speed that human resources and siloed management platforms have never been unable to achieve. By weaving AI across the network through strategically deployed security platforms, organizations not only enjoy comprehensive visibility and protection across all devices, users, endpoints, and environments, but centralized AI-driven security operations can also collect, correlate, and communicate across that security fabric to ensure faster and more comprehensive response and remediation. 

This provides organizations with an unprecedented capacity to manage the sprawling – and growing – collection of security devices they have in place, as well as see and protect the data, applications, and workflows spread across their deployed network systems, access points, and mobile and IoT devices, whether physical or virtual.  

AI Shifts the Advantage from Cyber Criminals to Cyber Defenders 

By integrating these systems with SOC environments, AI-enhanced cybersecurity systems can augment an entire team of threat researchers, security analysts, incident responders, and more. This enables the organization to reduce the risk and potential impact of security incidents by blocking more threats, detecting them sooner, and responding to breaches and exploits faster – while simultaneously improving the overall efficiency and cost of their security operations.

And by driving advanced AI technologies deep into the distributed network and security infrastructure, organizations can significantly enhance their ability to detect and respond to threats, adapt security policies and protocols in real time to keep up dynamic network changes, and extend visibility and control across the entire distributed network. This, in turn, amplifies and accelerates the services of on-staff threat researchers and data analysts, enabling them to oversee security operations rather than trying to keep up with the correlation and processing of a growing volume of threat intelligence. By combining ML and AI with a team of advanced cybersecurity professionals to deploy true AI-driven security operations, organizations can stay a step ahead of cybercriminals, ensuring that they can more consistently and efficiently keep their organization out of harm’s way.

RelatedHuman Intelligence is Pivotal in a Data-Driven World

Written By

John Maddison is EVP of Products and CMO at Fortinet. He has more than 20 years of experience in the telecommunications, IT Infrastructure, and security industries. Previously he held positions as general manager data center division and senior vice president core technology at Trend Micro. Before that John was senior director of product management at Lucent Technologies. He has lived and worked in Europe, Asia, and the United States. John graduated with a bachelor of telecommunications engineering degree from Plymouth University, United Kingdom.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...

Application Security

GitHub this week announced the revocation of three certificates used for the GitHub Desktop and Atom applications.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.

Incident Response

Cygnvs emerges from stealth mode with an incident response platform and $55 million in Series A funding.

Incident Response

Meta has developed a ten-phase cyber kill chain model that it believes will be more inclusive and more effective than the existing range of...

Application Security

Password management firm LastPass says the hackers behind an August data breach stole a massive stash of customer data, including password vault data that...

Incident Response

Implementation of security automation can be overwhelming, and has remained a barrier to adoption