Fighting Cybercrime with AI

about fate and free will

In the short story “The Minority Report,” sci-fi author Philip K. Dick presents three precog mutants who have the power to predict crimes yet to be committed. In the future described, precrime officers apprehend and detain potential offenders before they commit any crimes, based on the precogs’ foreknowledge. Precognition and free will coexist in Dick’s dystopian New York City and should lead to the same outcome. The future is already here when it comes to proactively detecting breaches and cyberattacks before they are launched. Using predictive analytics and machine learning technologies, organizations can achieve maximum efficiency in detecting threats at a very early stage. 

The wolf and the pack  

As the creeper that girdles the tree trunk, the law runneth forward and back; 
For the strength of the pack is the wolf, and the strength of the wolf is the pack.” 

The law of the jungle, The Jungle Book

The traditional image of a lone-wolf hacker plotting to launch an attack is no longer relevant. Attackers nowadays move in groups when they hunt in an established formation, using advanced tools like automation and AI. It allows them to initiate attacks on a larger scale, with a broader scope, break the traditional cyber kill chain. More importantly, it helps them shorten the end-to-end attack life cycle from weeks to hours. 

If it feels sometimes like an arms race, that is because it is. The constant evolution of cyberattacks forces organizations to adapt their strategies and reconfigure their solutions to protect their data. The world we live in appears to be spinning faster and faster with adversary attacks. It does not allow us the choice of settling for the existing security solutions and operations.  

Mind the gap – The increasing cybersecurity skills shortage    

There is an undeniable increasing shortage of cybersecurity skills, knowledge, and expertise. With the widening skills gap and the growing number of disparate security solutions, organizations struggle to reduce the complexity and operational overhead of deploying, setting, and managing the entire security stack. If not tuned properly, the devastating outcome would be an inadequate security posture with security gaps. 

In addition, the evolving cybersecurity regulatory environment highlights a growing number of best practices. It increases the overhead on risk management teams and all other security functions within the organization. This makes security teams overloaded with security procedures and best practices to follow, investigations to lead, and alerts to handle. These time-consuming and repetitive actions consume more time and resources than available to keep pace with the ever-changing threat landscape. 

Fighting Fire with Fire 

To close the gap and harden the defenses against complex attacks fueled by AI and machine learning, organizations should adopt a resource-efficient risk-based strategy, consolidating all security tools into a unified platform and automating security processes and operations. 

They must be able to automatically identify, triage, and remediate potential security risks and disruptive patterns throughout the entire security stack via a single, unified platform. For example, if Cybersecurity and Infrastructure Security Agency (CISA) spots a new vulnerability in the wild, risk management, security infrastructure, and operation teams should be notified automatically and proactively remediate the security gap in the relevant places in the organization with minimal human intervention. 

Increase Operational Efficiency 

Security organizations can use automation to handle low-risk and repetitive tasks. For instance, security hygiene-related, and let security teams take care of tasks that require discretion and direct oversight. Importantly, automating risk assessment and change management for all churn of required actions from discovery, triage, remediation, and validation leads to a more efficient security and risk management with minimal operational overhead and potential business disruption. 

Leverage the Scarcity WITH AUTOMATION

The workforce shortage should be translated to the implementation of automated processes to augment and complement security teams’ efforts to improve the organization’s overall security posture. As attackers adopt AI and automation techniques, cybersecurity teams must evolve and scale up the corresponding capabilities. Organizations should automate the root cause analysis of security incidents and employ machine learning to correlate different sources such as security logs and telemetries, threat intelligence, and vulnerability assessment feeds, and cull all unnecessary information until the needle finally shines through the haystack. 

Veriti is a unified security-posture management platform that integrates with the entire security stack. The unique platform proactively detects and remediates security gaps or business disruption anomalies. Using predictive analytics, including machine learning and heuristics, Veriti identifies potential risks, misconfigurations, or false-positive events and provides actionable insights to remediate them before any business outage or security event occurs.