Cyber Defense Magazine Special Annual Edition for RSA Conference 2021
Cyber Defense Magazine Special Annual Edition for RSA Conference 2021 - the INFOSEC community's largest, most popular cybersecurity event in the world. Hosted every year in beautiful and sunny San Francisco, California, USA. This year, post COVID-19, virtually with #RESILIENCE! In addition, we're in our 9th year of the prestigious Global InfoSec Awards. This is a must read source for all things infosec.
Cyber Defense Magazine Special Annual Edition for RSA Conference 2021 - the INFOSEC community's largest, most popular cybersecurity event in the world. Hosted every year in beautiful and sunny San Francisco, California, USA. This year, post COVID-19, virtually with #RESILIENCE! In addition, we're in our 9th year of the prestigious Global InfoSec Awards. This is a must read source for all things infosec.
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
approach to analyzing network activity. This alternate method of uncovering security threats may prove<br />
to be a pivotal technology in the struggle to protect critical infrastructure, important assets and sensitive<br />
data.<br />
However, AI/ML threat detection tools require a significant investment in time and resources to deploy<br />
correctly to each environment. It’s not enough to just throw them into an infrastructure: we need to make<br />
sure that we can trust the technology, and that it’s attuned to our environment. It’s imperative to make<br />
sure that it is deployed in such a way that increases efficiency, provides greater clarity into lurking threats,<br />
and reduces the number of alerts we investigate every day, rather than simply adding additional noise<br />
and workload to already overstretched security teams.<br />
The promise of AI and ML<br />
Adopting AI/ML threat detection tools is not about replacing existing security tools.<br />
Rather, it’s about supplementing them with AI/ML to deliver additional capability<br />
and benefits.<br />
AI/ML threat detection tools have the potential to significantly improve detection<br />
by identifying threats that other tools can't, especially at the earliest stages of the<br />
attack lifecycle. They can potentially detect emerging unknown threats such as<br />
Zero-day vulnerabilities - <strong>for</strong> which there are no existing ‘signatures’ - or threats<br />
that signature-based tools struggle to detect - such as fileless malware. And they<br />
can help associate related events to identify coordinated attack activity that might<br />
indicate a high priority threat while reducing the amount of “noise” caused by lots<br />
of individual event alerts. Their ability to detect abnormal behavior also enables<br />
them to spot potentially malicious “insider threats” other tools may miss.<br />
The other potential benefit that AI/ML tools offer is to improve productivity by<br />
automating elements of the threat remediation process - particularly <strong>for</strong> commonly<br />
occurring threats - and thereby free up time <strong>for</strong> analysts to focus on the high-priority<br />
and more advanced threats.<br />
Ultimately, AI/ML tools have the potential to automate many of the manual activities involved in SecOps,<br />
such as isolating suspected compromised hosts from the network and blocking access to the network<br />
from potentially compromised devices or users. The challenge is, however, that in order <strong>for</strong> security teams<br />
to hand over responsibility <strong>for</strong> these sorts of activities to an AI/ML tool, they need to be able to trust that<br />
tool to make the right decisions and know how it arrived at its decision. Otherwise, the danger is that<br />
15
Change language