Industry Focus
Augmenting Cybersecurity Prof
essionals with AIAugmenting Cybersecurity Prof
essionals with AIAugmenting Cybersecurity Prof
essionals with AICybersecurity professionals are facing an uphill battle. As the rate of attacks surges, the skills gap continues to widen. But AI could be the answer, as Lucy Ingham discovers from Chris Morales, head of security analytics at Vectra
There are many fields where workers fear what AI could do to their jobs. Cybersecurity is not one of them.
Facing a constant battle with an ever-changing adversary, alongside a growing frequency of attacks, the cybersecurity industry is struggling to find enough experts to fill the number of positions available. But as artificial intelligence has matured, it has become a promising means to ease heavy workloads, with companies such as AI cybersecurity vendor Vectra tailoring their services in response.
“Our big focus was just reducing the initial workload that security has to deal with just to respond to a threat,” explains Chris Morales, head of security analytics at Vectra.
“I think that was the hardest problem to solve actually: not creating more data, but creating less data and more valuable data.”
Now the company has dealt with this initial challenge, it is looking at how to further apply AI to cybersecurity so that it can help combat the people shortage that the field faces.
“Now we're looking at where else is it slow; where else are there not enough people,” says Morales.
“There has been more AI going into more of the automation of the response. For our part, we're thinking how else we can detect. We started with real-time detection, now our discussion is around how do we do predictive modelling, so the word predictive starts to come up.”
Giving cybersecurity professionals the power to predict
This increased shift towards a predictive approach is effectively allowing Vectra to extend the capabilities of seasoned professionals.
“All AI and data science, quite frankly, is about predicting things; it's all statistics. You're like 'oh, this is probably a problem. I have a 90% confidence that this is an issue'. But now we're saying: how do we enable an analyst to sit down and start playing with the data themselves, assisted with AI?” says Morales.
“Instead of it making the decisions, they're asking questions and the AI is driving answers, and effectively creating insight.”
“They're asking questions and the AI is driving answers, and effectively creating insight.”
This allows professionals to gain an understanding of where attacks are going to happen, and where potential problems might lie. Morales likens this to defensive driving, where a road user will avoid other drivers behaving erratically or in a manner that increases the risk of a crash.
“We can start applying AI in the same way we look on the network for things like, okay, we start with looking for the attacks that are happening now,” he says.
“Now what we discuss is how we start looking for the things that are going to be an attack, or are going to be a higher risk, and you can start correcting those problems or avoiding them.”
Adapting to change
One of the reasons AI is so effective in cybersecurity, Morales argues, is that attackers are forever changing their techniques, which AI is very well suited to responding to.
“I think it's inevitable and necessary that we use AI and machine learning, [because] by its nature it's very adaptive,” he says.
“A lot of security has been very static, and absolutely that's been the fundamental issue because attackers are also dynamic and are really smart. They stare at it and go 'oh, look at your system. I'll just do this; I'll turn left instead of going right'. It's silly, they laugh at us.
“So systems have to be dynamic and adaptive to the people in real-time, and no human is going to be able to keep up with that, nor is a static system.”
Augmenting cybersecurity professionals
Notably, while AI is beginning to see widespread use in many parts of the cybersecurity industry, it hasn’t led to the loss of jobs.
“It hasn't reduced the headcount at all. A lot of our customers actually have more human employees now: the humans never go away,” explains Morales.
This is because AI is truly complimenting the work cybersecurity professionals do by handling much of the tedious side of the job and freeing up more time for the complex human challenges. Essentially, AI is augmenting the role of the average cybersecurity professional.
“Our take away from this is man and machine. There's work that's suited to machines, and there's work that is suited to humans.”
“Our takeaway from this is man and machine. There's work that's suited to machines, and there's work that is suited to humans,” he says.
“It's funny: our first product was all about automated initial detection, our new technology is all about assisting the human for the deeper investigation they do.
“Humans are very creative and intuitive, and there's ways that we can link together ideas that seem non-associated. It's like looking at an apple and thinking of gravity. That's very human. Trying to teach a machine that is hard.
“But they're very good at repetitive tasks and large volumes of data, and getting rid of that part. And we're horrible at that. So when you put them together, I really think it really takes to win. One or the other by itself doesn't do it.”
Easing entry into cybersecurity
An interesting secondary benefit of this AI-enabled approach to cybersecurity is that it is also making it easier for juniors to more effectively get into cybersecurity. And at a time when routes into cybersecurity remain challenging, this is an appealing prospect for companies struggling to find enough workers.
“You can take a junior person and give them a high level of automation by AI and they'll be more effective at their job,” says Morales.
“Some of our clients for the initial – what we call tier one work, which is the entry-level work – they're able to take students, interns, people from network operations, helpdesk, other people who are, intelligent, skilled, and teach them security using a heavy level of automation and AI.”
Over time, these people can acquire new skills, meaning the level of AI they need to do the job reduces, but this approach allows the technology to act as training wheels that ensure a smooth ride while people are still learning.
“Those people will eventually learn to get into the heavier areas, where you're talking about the real, manual threat-hunting and or deep investigation. Those actually still take a high skill level, but even the really experienced people need some level of automation and assistance to be more efficient in that.”
Images courtesy of Brolly