Artificial intelligence is a valuable ally for security analysts. It can detect potential threats and even recommend response measures.
Cybercrime is a top concern for today’s IT managers. This isn’t surprising given the often astronomical costs of dealing with the consequences of cyberattacks. According to the Cybercrime Report by Cybersecurity Ventures, cybercrime cost the world US$3 trillion in 2015, and this figure is expected to double by 2021.
The global average cost of a data breach amounts to over CA$5 million, according to the 2018 edition of the Cost of a Data Breach Study, which was conducted by Ponemon Institute with sponsorship from IBM.
While some companies may still be underestimating the risk of cybercrime, it seems that most businesses are now aware of the threat, and they’re already using a whole arsenal of tools to protect their systems. Unfortunately, many traditional cybersecurity solutions are unable to keep up with the increasingly sophisticated strategies and tactics used by cybercriminals.
As Kevin Skapinetz, IBM Security Vice President of Strategy and Design, explained in a recent video, traditional security systems have two major shortfalls:
1- They are very rules-based. A major disadvantage of rules-based systems is that attackers are continually changing. As organizations implement new platforms or security procedures, attackers try to find loopholes to defeat the rule.
2- They are unable to scale fast enough for modern organizations. As organizations adopt more new technologies, their exposure to cyberattacks grows exponentially. In addition to protecting work stations on company premises, businesses must now take into account the security of the cell phones, tablets and other devices used by employees both inside and outside their offices, as well as a growing number of objects connected to their network. At the same time, more and more companies are turning to cloud solutions to host data and activate applications. This greatly expands the attack surface vulnerable to exploitation by cybercriminals.
The number of potential threats faced by today’s organizations goes far beyond what a human team can realistically control, posing a major challenge to cybersecurity teams.
As a result, many organizations are turning to AI, which is capable of screening for potential threats and detecting major risks quickly and across a large volume of data. AI allows human analysts to focus their attention where it is most useful: deciding if a threat is real and implementing effective protection measures as needed.
The clearest example of how AI can improve cybersecurity is by analyzing an organization’s log files, where all IT and network events are recorded. Security analysts periodically examine these files to identify events that pose a real or potential threat.
On any given day, an analyst may assess 10 to 20 incidents. While most are eventually found to be benign events, a handful constitute actual threats that warrant further investigation and active intervention.
In all, detecting and identifying potential threats can take hours, which limits the ability of analysts to generate quick responses to real threats. In addition, the volume and variety of the data to be examined makes filtering security events very difficult, especially since qualified analysts are hard to find in today’s labour market.
The stakes are high. Failure to detect threats in their early stages can lead to much more serious security incidents and cause a disaster—for example, by letting hackers take control of an organization’s infrastructure, steal critical data or damage a brand’s reputation.
Artificial intelligence can help analysts identify threats more accurately and resolve them more quickly. For example, IBM has designed an AI solution that integrates the Watson Discovery Service cognitive intelligence system into the QRadar Advisor security analytics platform.
IBM QRadar Advisor with Watson combines structured information and unstructured data which may come from blogs, websites or articles devoted to new cybercrime tactics. The system is capable of collecting data on the millions of IT events recorded in the organization’s infrastructure and then putting this data into context with breach reports and best practice guidelines.
By automating data mining about security attacks in other organizations, this combination makes it easier to discover hidden threats or those that pass unnoticed during a manual inspection. IBM QRadar Advisor with Watson provides contextual data on the origin of each incident, helps analysts identify and understand sophisticated threats, and suggests a research strategy to investigate each threat.
Security analysts can thus delegate to AI the laborious task of researching threats: the technology augments human intelligence to help analysts sort huge volumes of data at a speed and on a scale that cannot be equalled otherwise.
This AI solution is transforming the cybersecurity industry by revolutionizing the work methods of security analysts. A number of organizations, including Ernst & Young and the University of Rochester Medical Center, already use this technology.
Another notable example is Wimbledon. In 2017, the organizers of the world-renowned tennis tournament began using IBM QRadar Advisor with Watson to protect the event’s website. In the words of Martin Borrett, Chief Technology Officer of IBM Europe, “where it might have taken 60 minutes to analyze a security threat, with help from Watson an analyst can do it in just a minute.”
Have you considered using AI in your business? To see how AI could help your business—even if you’re not in the tech field—read the free white paper entitled Artificial intelligence: How to introduce AI to your business.