Artificial Intelligence Fuelled Human Threat Hunting Is Changing The Face of Cyber Security
As cyber attackers continually look for new ways to infiltrate and compromise networks, Information Security teams are faced with a sheer mass of new emerging threats. Clearly, building higher walls with the same traditional security technologies isn’t the answer.
To combat these sophisticated threats a different approach is needed. Leveraging artificial intelligence (AI) based solutions provides the ability to accelerate detection of sophisticated threats and minimise the “Dwell Time” a threat goes undetected within the target environment from the current average of over 200 days, to a few days or hours.
Identifying new and disguised threats can be hugely time consuming manual process for Security teams to correlate pertinent information. Leveraging machine learning as artificial intelligence to spot unusual patterns of behaviour in the deluge of available data can be an effective way to empower the Security Analyst.
Trends which are driving demand for this approach:
- The number and severity of attacks rising.
- Previously ‘unknown’ attack types aka “zero-day” attacks are on the rise.
- Zero day ‘as a service’
- The demand for cyber security professionals is outstripping the supply of qualified personnel.
- Sheer volume of information generated
Human skills are still crucial to threat hunting
AI based solutions have now taken a firm hold in this field and proven themselves invaluable to the threat hunting process, tying together atomic events from the soup of data. However, this does not provide the full answer. Human investigative skills and insight are as important as the technology, providing essential local context to the subtler behaviour patterns, giving the best possible chance of protecting against subtle and unknown threat, keeping businesses safer and more secure.
How man and machine work hand in hand
Despite developments in AI / machine learning technologies for cyber security, humans are not redundant. Machine learning solutions can parse large quantities of data faster than any human, which is key in protecting personally identifiable data and corporate assets. But, machine learning algorithms for cyber security cannot achieve 100% accuracy rates in spotting unknown malware. Merging mans’ ingenuity and machine learning as artificial intelligence is key to identifying unknown threats and fighting polymorphic threats which change behaviour from one victim to another i.e. Ransomware.
With machine learning technology condensing the volume of triage work and providing focus, Security Analysts’ can prioritise their time to effectively deal with the serious and more sophisticated incidents.
Will AI or machine learning in cyber security become autonomous?
Artificial Intelligence in cyber security is progressing. Fully unsupervised machine learning algorithms are currently in development, but still very much in their infancy. An example of this is Antigena from Darktrace that aims to take automated actions based on threats uncovered through machine learning. The technology works by intercepting or slowing down activities related to threats, but can also go further and quarantine users, systems or devices. However, until businesses are confident that they can trust the technology to make the right decision, human oversight is still required.
The combination of AI and humans is a different and interesting approach to cyber security which can be more effective than traditional solutions. In its current stage, AI isn’t likely to replace the role of a Security Analyst. However, when used collaboratively, AI and humans are simply better.
Looking for more information? You may find these resources useful:
- Document – Applying Machine Learning to Cyber Security
- Document – What Cyberseer Threat Analyst Find
- White Paper – 12 use cases for User Behaviour Analytics
- Cyberseer MDR service
If you would like to discuss artificial intelligence fuelled human threat hunting or find out about how the Cyberseer team can make difference within your organisation’s threat detection process, contact us today.