sdecoret -

Guest Post

How AI can help security teams detect threats

AI and machine learning are reshaping modern threat detection. Learn how they help security teams efficiently and accurately detect malicious actors.

Cybersecurity is constantly changing because technology and hackers are always on the move.

In the 1980s, we had antivirus software. In the 1990s, we determined rules and installed firewalls to ensure only good activity, users and traffic were allowed in our networks. By 2000, we added network intrusion detection. In 2010, we had web application firewalls and introduced second-generation WAFs. Then came the cloud and learning how to store and secure data off premises.

Throughout the decades, we've often followed the same universal formula: identify files and traffic we consider bad, give them a fingerprint and then try to keep them out.

However, the cloud, BYOD and work from home have changed the traditional perimeter. IoT has also created an interconnected cloud, resulting in ever-expanding enterprise attack surfaces. Cybercriminals are using these changes to stay one step ahead of us through deceptive tactics, such as malware, phishing schemes, ransomware, credential stuffing and domain hijacking.

It's no longer sufficient to identify and block the bad. Unknown attacks happen every day -- there are now more than 1 billion malware samples, and they continue to proliferate. Security teams are inundated with alerts about unusual and suspicious day-to-day activity, interactions and patterns. These strained teams often find themselves drowning in false positives: Organizations, on average, receive 5,000 alerts a day, and cybersecurity professionals can usually only investigate 10 to 20 in a single shift. Nearly 70% of these professionals also report at least 25% to 75% of the alerts they receive are false positives.

After decades of trying to keep up with an ever-shifting technology landscape and cyber adversaries, security teams are still overwhelmed by the volume and velocity of threats. It's more than humans can manage on their own.

Fortunately, AI and machine learning can help security teams manage their workload by monitoring, detecting, preventing and mitigating threats. Through sophisticated algorithms and predictive intelligence, these tools hunt down malware, run pattern recognition, and find and thwart attacks before they can cause damage. They also inform teams of new anomalies, attacks and prevention strategies.

Given the limitless opportunities, 69% of senior executives believe AI will play a necessary role in responding to attacks, with the technology already delivering the following advantages:

  • Three in five firms said AI improves the accuracy and efficiency of their analysts.
  • Nearly 75% of executives said AI increases the accuracy of detecting a breach.
  • AI reduces overall detection time, on average, by 12%.

It's not the time, however, to euphorically declare victory over malicious actors. AI and machine learning-enabled cybersecurity is still in its infancy. It will generate alerts for valid threats, but it will also generate false alerts, which will require human investigation.

As AI and machine learning continue to advance, we should develop capabilities that consider the risk tolerance of individual organizations in assessing activity and threats so teams can work on a finite number of alerts, while maintaining an acceptable level of protection.

We've always struggled to match the pace of increasingly formidable cyber foes. We won't ever catch up if we insist on clinging to antiquated products and manual processes.

AI and machine learning could be the liberators. If we can work out issues such as alert overload, we may find ourselves keeping up with threat actors. It's an exciting time -- and, in years to come, we may view this period as the era where we shifted the outcome to our advantage.

About the author
Rohit Dhamankar is vice president of threat intelligence at
Alert Logic. Dhamankar has more than 15 years of security industry experience across product strategy, threat research, product management and development, technical sales and customer solutions. Prior to Alert Logic, Dhamankar served as vice president of product at Infocyte and founded consulting firm Durvaankur Security Consulting. He holds two Master of Science degrees: one in physics from the Indian Institute of Technology in Kanpur, India, and one in electrical and computer engineering from the University of Texas.

Dig Deeper on Security analytics and automation

Enterprise Desktop
Cloud Computing