What Automation has to do with AI and Cybersecurity

What’s the first thing that comes to mind when you hear the words “security automation”? For many people in the cybersecurity industry, the idea of security automation is synonymous with automated response. But the truth is, automating response actions is only half of the value of security automation, and it’s the easier technology to build. 

The harder problem to solve is how to ingest large volumes of data from disparate sources, correlate, enrich, aggregate, and process the data. This needs to be done in a precise way and presented so that a human can make the right decision at the right time. This is the cybersecurity problem that security automation has been addressing for nearly a decade. It is also a problem that can be improved through the use of artificial intelligence.  

Artificial Intelligence and Automation – A Powerful Duo

We all know that there is no silver bullet or quick fix when it comes to security operations, but together AI and security automation have the power to enable teams with enhanced contextual information, better signal-to-noise, and ultimately reduced response times. Both technologies can be thought of as the ability for computers to do tasks that are usually done by humans. Many organizations are more familiar with the role that automation plays in security than that of AI. In many ways, automation strategy, and the importance of keeping humans in the loop, helps inform how AI should be used in SecOps. The role of AI and automation is critical to define because AI is disrupting cybersecurity as we know it. 

How is AI Disrupting Cybersecurity?

The concept of artificial intelligence in security is not new. AI is disrupting cybersecurity from every angle. The concept of offensive AI is a current reality. AI cybersecurity threats include any use of AI for malicious purposes like AI deep fakes, swarm malware, ML zero day attacks, AI-powered phishing, and more. On the flip side, there are many examples of AI cybersecurity companies that are building AI-driven products that aid and empower SecOps teams to secure their organizations. 

The use of generative AI in cybersecurity is one of the most notable revolutions that the industry has seen this year. Some security professionals are already leveraging ChatGPT cybersecurity strategies, while others remain skeptical of the unknown implications. From my perspective, ChatGPT should be considered a security risk, but we will still use it intelligently, paired with the proper controls. If you’re interested in more of my thoughts on how to safely use ChatGPT in cybersecurity check out this blog. 

There is no shortage of AI cybersecurity companies these days. As a CISO, it’s daunting to sift through the noise to understand what is marketing sizzle versus what’s real and trustworthy technology. The role of AI in cyber security ought to be to help enable humans to do their job better than previously possible. It can do so by supporting threat detection and prevention, providing predictive analysis, enhancing the automation of security tasks, conducting behavioral analysis, preventing phishing and fraud, and augment incident response. As AI-driven continues to disrupt cybersecurity, we must consider its future implications. The future of AI in cyber security must consider the privacy concerns that are associated with our popular large language models. It needs to be transparent, private and promote secure use of such a powerful technology advancement. 

How is AI Improving Cybersecurity?

Together, automation and artificial intelligence have the power to be the ultimate human enabler. Neither will replace the value of the human mind. Instead, they can empower humans to make the right decisions faster, and more effectively through  AI enabled features like: 

• Threat detection, intelligence & prevention
• Real-time monitoring & prioritization 
• Behavior analysis
• Case summarization 
• Predictive analysis 
• Anomaly detection 
• Deception technologies

As different types of cybersecurity attacks and threats become more sophisticated, AI is a crucial tool in helping organizations stay ahead and protect their digital assets.

AI in Various Aspects of Cybersecurity

Just like how security orchestration and automation can be applied to every aspect of cybersecurity, so too can artificial intelligence. Here are a few examples of how AI is being applied to cybersecurity functions and processes. 

AI in Network Security

Network security strategies date back to the era of castles and moats, and even it is not immune to the disruption that is AI. As networks, and the data that resides in them, become increasingly dynamic it is critical that network security teams have the latest technology at their disposal. AI in network security can help enhance threat detection and intelligence signals or even recommend the optimal automated response action.  

AI Data Security

Data is the crown jewel of any organization, so effective data and information security is critical. AI and automation can help SOC teams keep pace with the increasingly common threat of data breaches and unauthorized access to sensitive data. Modern AI information security strategies focus on data classification and encryption, monitoring controls and authentication + authorization, behavioral analytics, insider threat detection, risk mitigation to name a few.

AI and Governance, Risk and Compliance (GRC) 

AI has an important role to play in enterprise risk management, corporate governance, and compliance strategies. GRC platforms are beginning to leverage AI to assist with risk detection, auditing, horizon scanning, policy management, and regulatory change management. This is particularly beneficial in the context of internal controls, financial risks and ensuring business resilience. 

Some of the latest developments in cybersecurity AI are related to the Biden Administration’s executive order on the safe, secure and trustworthy development and use of artificial intelligence. 

AI-Driven Threat Intelligence 

Threat intelligence solutions provide cybersecurity teams with value in three main areas. First, they are built to be able to acquire information from extensible data sets. Then, they aggregate telemetry from multiple formats and types to provide unique insights. Finally, they present the information in a way that can trigger automated actions. AI is increasingly being used by threat intelligence providers to help during the aggregation and action phases. It helps to prioritize the right intelligence and assist in recommending response actions. 

Pros and Cons of AI in Cybersecurity

Nearly every cybersecurity function, and most security practitioners, are embracing the use of artificial intelligence. Some are jumping on the bandwagon without hesitation, while others maintain a healthy skepticism about AI. Regardless of where you find yourself on this spectrum, here are some pros and cons to consider. 

Pros

Some of the many security functions that benefit from the application of cyber AI include: 

• Threat Modeling 
• Threat Detection & Incident Response
• Alert signal-to-noise ratio 
• Behavioral Analysis & Analytics
• Vulnerability & Patch Management
• Adaptive Defense
• Deception Technologies

Cons

Emerging technologies, especially AI, come with their own risks. It’s important to be aware of the dark side that comes with the growth of AI adoption, including:

• Offensive AI and ethical considerations 
• Data privacy concerns 
• AI programmed bias, training and maintenance 
• Lack of transparency 
• Misuse and attacks 
• Compliance and regulations 

The Future of AI in Cybersecurity

So, how will AI impact the future of cybersecurity? If I were a better man, the future of cybersecurity with AI will feel like cybersecurity today but on steroids. Adversaries are constantly becoming more frequent and more sophisticated, AI will perpetuate this reality. SecOps is a highly complex and nuanced discipline, AI will have a mix of positive and negative impact on the cybersecurity complexity problem. Ethical considerations and regulations are being defined in real time, we have seen this with emerging technologies of the past. Security leaders will need to plan strategically and focus on security awareness training. 

A world with AI is a new reality. But at the end of the day, AI will never replace the power of the human mind. In a future with AI, fundamental SecOps principles will be more important than ever. 

Learn more about how Swimlane is leveraging AI within our low-code automation platform inside and outside of the SOC. Now you can build and apply automation within SecOps, Fraud, OT, Cloud, Compliance, Audit, and more.