Connect with us

Hi, what are you looking for?


Artificial Intelligence

The Role of Artificial Intelligence in Cyber Security

Machine Learning Speed Up Remediation, But Will it Ever be Able to Autonomously Protect Organizations Against Cyber-attacks?

Machine Learning Speed Up Remediation, But Will it Ever be Able to Autonomously Protect Organizations Against Cyber-attacks?

Cyber-attackers are leveraging automation technology to launch strikes, while many organizations are still using manual efforts to aggregate internal security findings and contextualizing them with external threat information. Using these traditional methods, it can take weeks or months to detect intrusions, during which time attackers can exploit vulnerabilities to compromise systems and extract data. To address these challenges, progressive organizations are exploring the use of artificial intelligence (AI) in their day-to-day cyber risk management operations.

According to the Verizon Data Breach Report, more than 70 percent of attacks exploit known vulnerabilities with available patches. At the same time, the findings show that hackers take advantage of vulnerabilities within minutes of their becoming public knowledge. These statistics emphasize the importance of time-to-remediation. However, due to the shortage of security professionals and the general challenge of dealing with big data sets in security, it is not surprising that vulnerability remediation efforts are not keeping up with cyber adversaries. Recent industry research shows that it takes organizations on average 146 days to fix critical vulnerabilities. Obviously, this benchmark indicates we need to rethink existing approaches to enterprise security.

Cyber Security Benefiting from Machine LearningCyber adversaries have long leveraged machines and automation techniques to streamline their operations. So why shouldn’t organizations do the same?

Last year, the IT security community started to buzz about AI and machine learning as the Holy Grail for improving an organization’s detection and response capabilities. Leveraging algorithms that iteratively learn from data, promises to uncover threats without requiring headcounts or the need to know “what to look for”. Ultimately, AI can assist in conquering three specific uses cases that are currently handled in manual fashion.

Identification of Threats

Organizations face an uphill battle when it comes to cyber security, since the attack surface they have to protect has expanded significantly and is expected to balloon even further. In the past, it was sufficient to focus on network and endpoint protection, but now with applications, cloud services, and mobile devices (e.g., tablets, mobile phones, Bluetooth devices, and smart watches) organizations are battling a broadly extended attack surface.

This “wider and deeper” attack surface only adds to the existing problem of how to manage the volume, velocity, and complexity of data generated by the myriad of IT and security tools in an organization. The feeds from these disconnected systems must be analyzed, normalized, and remediation efforts prioritized. The more tools, the more difficult the challenge. And the broader the attack surface, the more data to analyze. Traditionally, this approach required legions of staff to comb through the huge amount of data to connect the dots and find latent threats. These efforts took months, during which time attackers exploited vulnerabilities and extracted data.

Advertisement. Scroll to continue reading.

Breaking down existing silos and automating traditional security operations tasks with the help of technology has therefore become a force-multiplier for supplementing scarce cyber security operations talent. In this context, the use of human-interactive machine learning engines can automate the aggregation of data across different data types; map assessment data to compliance requirements; and normalize the information to rule out false-positives, duplicates, and enrich data attributes.

Risk Assessment

Once internal security intelligence is contextualized with external threat data (e.g., exploits, malware, threat actors, reputational intelligence), these findings must be correlated with business criticality to determine the real risk of the security gaps and their ultimate impact on the business. Ultimately, not knowing the impact a “coffee server” has on the business compared to an “email server”, makes it virtually impossible to focus remediation efforts on what really matters. In this context, human-interactive machine learning and advanced algorithms play a big role in driving the appropriate response to individual risks.

Orchestration of Remediation

Increasing collaboration between security teams which are responsible for identifying security gaps and IT operations teams which are focused on remediating them, continues to be a challenge for many organizations. Using a risk-based cyber security concept as a blueprint, it’s possible to implement automated processes for pro-active security incident notification and human-interactive loop intervention. By establishing thresholds and pre-defined rules, organizations can also orchestrate remediation actions to fix security gaps in a timely fashion.

While machine learning can help reduce time-to-remediation, will it ever be able to autonomously protect organizations against cyber-attacks?

Too often, unsupervised machine learning contributes to an onslaught of false positives and alerts, resulting in alert fatigue and a decrease in attention. For opponents of AI, this outcome provides ammunition they typically use to discredit machine learning in general. Whether we choose to admit it or not, we have reached a tipping point whereby the sheer volume of security data can no longer be handled by humans. This has led
to the emergence of so-called human-interactive machine learning, a concept propagated among others by MIT’s Computer Science and Artificial Intelligence Lab.

Human-interactive machine learning systems analyze internal security intelligence, and correlate it with external threat data to point human analysts to the needles in the haystack. Humans then provide feedback to the system by tagging the most relevant threats. Over time, the system adapts its monitoring and analysis based on human inputs, optimizing the likelihood of finding real cyber threats and minimizing false positives.

Enlisting machine learning to do the heavy lifting in first line security data assessment enables analysts to focus on more advanced investigations of threats rather than performing tactical data crunching. This meeting of the minds, whereby AI is applied using a human-interactive approach holds a lot of promise for fighting, detecting, and responding to cyber risks.

Related Reading: Hunting the Snark with Machine Learning, Artificial Intelligence, and Cognitive Computing

Written By

Torsten George is a cybersecurity evangelist at Absolute Software, which helps organizations establish resilient security controls on endpoints. He also serves as strategic advisory board member at vulnerability risk management software vendor, NopSec. He is an internationally recognized IT security expert, author, and speaker. Torsten has been part of the global IT security community for more than 27 years and regularly provides commentary and publishes articles on data breaches, insider threats, compliance frameworks, and IT security best practices. He is also the co-author of the Zero Trust Privilege For Dummies book. Torsten has held executive level positions with Centrify, RiskSense, RiskVision (acquired by Resolver, Inc.), ActivIdentity (acquired by HID® Global, an ASSA ABLOY™ Group brand), Digital Link, and Everdream Corporation (acquired by Dell).

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Artificial Intelligence

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Artificial Intelligence

ChatGPT is increasingly integrated into cybersecurity products and services as the industry is testing its capabilities and limitations.

Artificial Intelligence

The degree of danger that may be introduced when adversaries start to use AI as an effective weapon of attack rather than a tool...

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...

Network Security

Attack surface management is nothing short of a complete methodology for providing effective cybersecurity. It doesn’t seek to protect everything, but concentrates on areas...

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...