Wednesday, August 9, 2023, 07:03 PM
In the Spy vs. Spy universe of security teams and cyber criminals, the good guys and the bad guys are constantly preparing themselves for another day of battle. But instead of blasting dynamite and chucking bombs, they’re both equipping themselves with the same tool these days: artificial intelligence (AI).Demand from both sides is driving a booming global cybersecurity AI market that will reach an estimated $103 billion by 2032, up from $17.4 billion last year. For the criminals, AI reduces barriers to entry while saving time and resources, significantly contributing to a 50 percent increase in phishing attacks. Experts and analysts have also linked AI to advanced persistent threats (APTs), deepfakes, malware incidents and distributed denial of service (DDoS) attacks large and small: For example, one of the most devastating cyberattacks in history, NotPetya, spread rapidly by using an AI-powered algorithm to infect computers without detection, resulting in worldwide damages of at least $10 billion.
Clearly, organizations must maximize the value of AI to counter their adversaries’ efficacy with these tools. However, this requires navigating through all of noise. After all, AI is emerging as a massively consumable resource for even everyday end-users. But, in the process, there is a fundamental reality which is getting lost in translation: Without good data, AI in cybersecurity is useless.
Good network data/telemetry enables security teams to detect, identify, investigate and make impactful decisions that improve defenses over time. AI on its own does not embody an oracle for detection and protection. It should serve more as an assistant to investigations, so teams can swiftly reduce time for alert assessments and remediation/response.
Weak, inconclusive data will forever hinder security professionals as they attempt to truly understand what’s happening within the network. Teams need network detection and response tools that allow them to capture good, structured network data. As a result, analysts can apply AI-driven language processing to the collected, structured data, to boost their decision-making and overall defense.
To make this possible, Corelight recently announced that we integrated AI in the form of generative pre-trained transformers (GPTs) and advanced machine learning (ML) analytics into our portfolio to expand network detection coverage and further supplement security teams’ investigations. This is made possible because of the quality of evidence born from the Zeek project, an open-source network monitoring tool which our founders created. Corelight Sensors run on Zeek, taking the detailed logs it generates to identify security events/anomalies and investigate incidents quickly and efficiently.
In terms of moving forward with AI in cybersecurity, we recommend that teams keep in mind the following three core “truths”:
Don’t simply buy into the loudest AI hype. In selecting any product or vendor, make sure you’re investing in a solid foundation of good data that you can keep building upon for continuous improvement.
Accept reality. Attackers love AI, and they’re getting better and better at deploying it. Organizations must stay at least one step ahead of what the bad guys are doing.
Achieving this begins and ends with good data. Quality data is required to build powerful AI tools that lead to good analytics and, ultimately, informed security decision-making.
We were in a similar situation two decades ago when the cloud hype cycle commenced- too many companies bought in while overlooking the need for strong data storage and computing power. Today, they’re making the same mistakes by attempting to conduct optimal analytics without good data.
For now, and the indefinite future, we should assess tools based upon two paths of inquiry: In which part of the product do we ask questions, and which part contains the data that will answer the questions? We will arrive at the required state of absolute fortified protection if we embed this awareness into our knowledge base. And that means – in our Spy Vs. Spy universe – our side will be best prepared for battle.