How AI powers cyber security automation

It's no secret that organisations are struggling to keep up with the ever-changing methods of cyber criminals and the growing volume of attacks. Enter artificial intelligence (AI) driven automation which allows CISOs to complement, support and replace human behaviour and actions in ways well beyond anything originally envisaged.

Automated investigation and response, leveraging both Robotic Process Automation (RPA) technologies and AI, is cited as a solution for minimising operational overheads and other costs, ultimately reducing the time taken to detect and react to threats to the organisation. 

At Logpoint, we have previously argued that, in fact, AI and automation are set to become the primary methods of keeping pace with the brazen sophistication and proliferation of today's cyber threats. Gone are the days when it was often about 'script kiddies' out to prove their cleverness; today's cyber penetration of organisations is frequently about maximising financial gain via systematic and sophisticated criminal operations.

Sometimes going beyond even gangs with vast resources to involve nation state-based attacks from the likes of North Korea or Russia.

The battle to keep up with ever-evolving cyber threats, coupled with a global shortage of cyber professionals, means organisations must increasingly find alternative solutions if they are to stay ahead of the curve and remain secure. 

IBM has reported rising average data breach costs to the tune of US$4.24mn in 2021, higher than the average cost has been for some 17 years. Research by security vendor Check Point has found that the number of cyberattacks per week on corporate networks increased 50% in 2021 from 2020, peaking at a record high in December thanks to the myriad Log4j exploits.

Even Mac users are no longer relatively safe, unlike years ago when Windows networks were more likely to be targeted. 

It hardly needs to be added that the damage done from attacks is of increasing concern to all organisations, with an American insurance firm in 2021 paying out the largest ransom so far - some US$40mn to a Russian ransomware gang in order to recover their network access.

Rethinking organisational cyber security challenges

Overall, this is contributing to a clear shift in the way that organisations think about their cyber security challenges, such that the strategies for tackling them have to change as well.

Let's look more closely at the abilities of AI and automation when it comes to optimising cybersecurity operations.

First of all, and most clearly, machine learning and AI approaches allow for a dynamic stance that adapts or even 'learns' (in the case of AI) in response to changing patterns of cyber threat, rather than statically presenting an essentially fixed response to the incredibly varied and ever-changing attack landscape.

Using automation, the time taken to not only detect but deal with a threat can be dramatically reduced. This in turn cuts the potential for significant financial losses from downtime, ransomware demands, legal issues and multiple other adverse consequences of a cyberattack or breach. 

This automation can be 'smart', harnessing AI, or an RPA application with non-learning software robots.

Costs can be proactively reduced through judicious automation, especially as solution saturation continues to plague the cybersecurity market, with organisations (and even individuals) very often maintaining installed security solutions from multiple different vendors at any one time. 

This often reflects the typically reactive approach taken to cyber security investments: in other words, patching gaps and vulnerabilities as they appear, bringing in tools for a specific need or point solution rather than tackling the cyber security approach as a whole.

Obviously, this strategy can be rather inefficient, encouraging significant technological overlap with the potential for the additional incompatibility issues that entails. It's often better if possible, to reduce the number of brands in-house and thereby maximise the value of cyber security investments.

Getting smarter about data

Automated analytics and correlation technologies can provide key insights through the correlation, dissection and pinpointing of how specific solutions are performing, helping organisations define which solutions are delivering value versus which are not needed and can be jettisoned, ultimately minimising operational cybersecurity expenditure.

Similarly, by ensuring that only the right data is stored, used and analysed, 'noise' and operational costs alike can be excised. Machine learning models provided with adequate information can drive insights. However, given the advance in cyber threats, dataset expansion and augmentation with more intelligence can be needed to truly work in a security context. 

Advanced, automated analytics applied to data in operational use cases helps reduce the costs and cyber security risk presented by the rise of integrated RPA-driven IT/OT, which is increasingly attractive to malicious actors.

AI or machine learning and RPA, when fully leveraged and integrated with key ERP applications to provide end-to-end automation, can provide the levels of dynamic, adaptive oversight of organisational networks that should be considered essential for proactive protection.

Organisations need to understand what users are doing, what applications they use, at what times and in what ways. This will ensure that anomalous activities can be spotted immediately, triggering an automated response.

Leveraging the full benefits of AI alongside RPA technologies allows security teams to be armed with full transparency and forewarned, giving organisations the best chance of mitigating both seen and unforeseen consequences of cyber risk in a timely, cost-effective manner.