As the number and severity of cyber threats has increased, organizations have implemented a plethora of security tools to combat them. Nevertheless, it takes an average of 279 days to identify and contain a breach, according to the 2019 Global Cost of a Data Breach Report from the Ponemon Institute. Breaches with a lifecycle longer than 200 days cost $1.2 million more on average than those that are contained more quickly.
Problem is, organizations have so many security tools generating so many alerts that IT teams simply cannot keep up. In a recent Capgemini study, 56 percent of cybersecurity analysts said they are overwhelmed by the number of devices and platforms they must protect, and 23 percent said they are unable to investigate all security incidents.
That’s why more and more organizations are using artificial intelligence (AI) to handle many cybersecurity tasks. In fact, 83 percent of U.S. enterprises said they cannot detect cyberattacks without the help of AI. Globally, 73 percent of organizations are testing cybersecurity use cases for AI, especially for network, data and endpoint security. Almost half (48 percent) said their budgets for cybersecurity AI will increase in the coming year.
These investments should pay off. Automated security solutions that use AI, machine learning and advanced analytics enable faster detection and remediation and thus substantially lower data breach costs. According to the Ponemon report, organizations with fully deployed security automation tools have breach costs that are 95 percent less than organizations without such tools.
Increasingly, manufacturers are embedding AI capabilities into their security products. Organizations are also using proprietary AI algorithms for specialized use cases. According to the Capgemini study, 42 percent of organizations are using or plan to use both embedded and proprietary AI tools.
Maximizing the benefits of AI-enabled cybersecurity tools requires a strategic approach that maps the strengths of intelligent automation to the organization’s security challenges:
- Choose the right use cases. The five use cases with the potential to create the greatest impact, according to Capgemini, are fraud detection, malware detection, intrusion detection, risk scoring and behavioral analysis. Organizations should prioritize use cases that are relatively easy to implement and can deliver rapid, tangible results.
- Identify and optimize data sources. AI requires the right data to be effective, and that data must be continuously updated in order for the algorithms to improve. Organizations should identify the data sources that will best drive the chosen use cases, and implement storage platforms that enables efficient, real-time data access.
- Enhance internal data with third-party threat intelligence. While internal data enables analysis that is highly specific to the organization’s security posture, it doesn’t provide a complete picture of the threat climate. External threat intelligence data can add valuable context.
- Pair AI-enabled solutions with automation and orchestration tools. With security orchestration, automation and response (SOAR) tools, IT teams can define workflows to be driven by AI analyses and other data. SOAR further accelerates threat detection and minimizes the need for human intervention.
- Establish processes for effective AI governance. Someone should be responsible for monitoring AI output and assessing it against key performance indicators. There should also be processes in place for improving AI algorithms.
It’s virtually impossible for human analysts to keep up with increasingly sophisticated threats and the flood of security alerts. Technologent’s automation experts can help you leverage AI-enable tools to improve the speed, accuracy and effectiveness of your security defenses.
December 16, 2019