Author, Maeve Mulholland
Director of Artificial Intelligence
An Overview of AI in Cybersecurity Automation
In the cyber domain, many enterprises seem to be making plays based on automation and orchestration as well as report management. It took folks a while, but they have finally figured out that applying artificial intelligence (AI) to cybersecurity is a hard problem. The datasets needed for high-quality machine learning solutions rarely exist, and when they do, customers are unwilling to make sensitive data available to vendors.
Because of data quality and access hurdles, many ethical hackers are choosing to avoid AI that directly leverages cybersecurity data, and instead focus on helping security analysts and SOC team members with their workflows and improving risk assessments. We’ve seen security professionals claiming to use AI to assist with content management, task automation, and for generating risk ratings, but minimally in detecting threats.
The focus on improving quality of life in a SOC is admirable and potentially a modest force multiplier since analysts and detection and response teams will have more time to spend protecting the IT infrastructure, but the application of AI in cyber threat detection scenarios has been a daunting task, left behind by many new enterprises.
AI Applications in Cybersecurity: Threat Hunting
This trend constitutes a retreat from the original motivation behind using AI in the cybersecurity data domain. After witnessing the success of artificial intelligence in the fields of image recognition and fraud detection, the hope was that AI could revolutionize threat detection by learning to recognize general patterns of malicious behavior, and then scaling detection algorithms across the firehose of data that is present in an enterprise’s infrastructure.
Where security teams can empower threat hunters through artificial intelligence…
While most companies are abandoning the idea that they can help improve threat detection, SnapAttack is bucking the trend and providing a platform specifically for advancing detection and response capabilities. The platform integrates detections and real attack data, providing a natural environment to apply state-of-the-art AI to the problem of threat hunt and detection logic.
SnapAttack gives teams an artificial intelligence accelerated workbench for researching attacks and developing detections. The datasets generated by users during research and development are exactly what was missing from the industry’s early attempts to implement cyber machine learning tools. As customers use the platform, the AI tools we’re able to create improve. Our goal is to share as much of the data and our strategies for building the data as possible. As an industry, we need to try and share more data for ethical hackers to work with and drive industry-wide insights.
…and where security teams are missing out.
The trend away from improving threat hunt and detection logic is a huge opportunity cost. A SOC that is made more efficient in its current activities will still be faced with too many false alerts and failure to keep up with a changing threat landscape. Security professionals need AI tools designed to improve capability, not just capacity. We hope that more companies and researchers will join us and take the leap to adopt AI for cyber head-on.
AI adopters are shifting tactics to take advantage of fresh concepts and approaches. What can we expect to see this year?
How are Enterprises Benefitting from AI in Cybersecurity in 2022?
This year, because of the increasing accessibility of new AI language tools, we are going to see some creative new solutions based on exploiting unstructured text data with AI. Unstructured text data, such as reports, emails, and web content, often gets stored and unused by an enterprise. It is now easier for companies to develop AI applications to exploit these oft-ignored data to reveal a wider range of insights for customers.
These new AI language tools are referred to as “transformers”; these are the text analogs of the neural networks that have revolutionized visual data processing and made technology like autonomous cars possible. They were developed a few years back, but recently APIs and software modules have been released that make them easily accessible to companies that don’t have the time or expertise to implement a transformer from scratch.
One of the key insights that are going to result in some wild applications is that human language is not the only type of data these transformers can be used with. For example, both computer code and cyber log data can be interpreted as a sort of “language”.
At SnapAttack, we have found ways to exploit cyber log data as unstructured data, and we are incorporating transformers into our threat intelligence pipeline and log analyzers. NVIDIA has also researched the use of transformers on log data, retraining the BERT model specifically for use with network logs (see NVIDIA’s CyBERT https://developer.nvidia.com/blog/cybert-rapids-ai/).
Reimagining Data Through the Lens of AI
We expect other security teams to also be researching ways to reimagine their data as an abstract language and look forward to additional vendor and academic research to help accelerate insight from using existing data sets with new AI techniques. We know actions convey meaning (and indeed speak louder than words), so perhaps the next step is to interpret computer user actions or even videos of people’s body language as a target for machine learning using these transformers.
SnapAttack was built by CISOs, SOC leaders, and threat hunters for CISOS, SOC leaders, and threat hunters.
By rolling intel, adversary emulation, detection engineering, threat hunting, and purple teaming into a single, easy-to-use product with a no-code interface, SnapAttack enables you to get more from your technologies, more from your teams, and makes staying ahead of the threat not only possible – but also achievable.
Schedule a demo today to see how you can finally answer the question, “Are we protected?” with confidence.
