Automation: A Pathway to Smarter Cybersecurity
Under regular circumstances, the cybersecurity industry operates against the backdrop of a long-standing labor gap. But, as reported recently by The Wall Street Journal, cybersecurity leaders are currently looking closely at costs, and until widespread economic recovery is established, many organizations will be facing a growing range of security risks without their usual flexibility to recruit.
As the report points out, the pressure to do more with less is likely to focus cybersecurity decision-making and investment across many teams. For example, immediate priorities have shifted, with the challenges of enabling and protecting a remote workforce moving to the top of the agenda. Compounding this, we recently learned that 75% of security teams in the U.S. and U.K. have furloughed employees in recent months, and 68% have made staffers redundant.
At the same time, cybercriminals around the world are “capitalizing on the crisis,” according to Deloitte. Indeed, security agencies in the U.S. and U.K. have warned that individuals and companies are being targeted with COVID-19 scams and phishing emails, with a recent joint advisory notice highlighting the increased threat posed by the sudden shift to remote working.
In light of this, it’s increasingly important that cybersecurity teams work more efficiently to balance business needs with their ability to detect, investigate and respond to cyberattacks quickly and effectively. And, while it’s tempting to point to AI and automation as the answers to just about every business challenge today, in this case, they are key to the future of the industry, particularly when implemented in the cloud.
According to a recent MarketWatch CIO survey, “68% said cloud services would become more of a priority,” and “CIOs expect to reduce their mix of on-prem workloads from 59% in 2019 to 35% in 2021.” After the COVID-19 pandemic, these numbers will undoubtedly increase.
AI and ML to the Rescue
One of the primary ways that security teams can react to this trend is to accelerate the transition of their security controls to the cloud, including those driven by AI. This approach will offer increased flexibility and protection, whether the company chooses to stay remote or return in part, or in full, to the office.
So how can machine learning and AI, both on premises and in the cloud, help close the skills gap? Machine learning is a branch of AI where prediction algorithms automatically improve through experience. Machine learning and automation have the potential to take on a lot of the mundane work that cybersecurity analysts do, particularly tasks such as prioritizing security alerts, reducing false positives, mapping devices to IPs and their users, and containing, investigating, and remediating threats.
Machine learning can also enhance a security team’s abilities, for example, with pattern matching. Machine learning can quickly detect attacker activity, such as lateral movement – a technique used by cybercriminals to systematically move through a network – that would otherwise have required large amounts of time by security analysts. Similarly, it can build out employee profiles, including their peer groups and personal email addresses, to help analysts identify insider threats more rapidly.
When machine learning is applied to tasks that are high-volume and repetitive, people can then focus their efforts on problems that require human minds. Our own study has shown that a modern security management solution with machine learning can reduce the time to complete security tasks by 50%.
Additional research recently revealed that 28% of security teams in the U.S. and U.K. increased the use of automation during the COVID-19 pandemic and remote work shift. This is likely because an increasing number of repetitive security tasks are also being automated. Most of the attention has focused on security orchestration, automation, and response (SOAR).
Triaging alerts is one area where systems can pattern match to identify higher priority incidents, ultimately helping security teams be more efficient. Another notable advance is the automatic creation of user and device timelines to provide security analysts with chronologies and context during incident investigations. Fortunately, security teams are generally receptive to automating some of their tasks. Less than 20% of participants in a recent survey of security practitioners saw automation as a threat to their jobs.
People Led, Technology Enabled
So, if 50% of an analyst’s time is spent on mundane tasks, for argument’s sake, let’s consider that AI, machine learning, and automation could help us tackle half the problem.
But what about the other half? While technology definitely has the potential to take care of a range of important tasks, AI and automation aren’t suited to many of the roles critical in cybersecurity. Things like interfacing with and teaching end users good security practice and possessing the intuition needed to hunt down bad actors inside and out—they require the experience and expertise of actual (good, skilled) people, not machines.
With that in mind, I think there’s a lot more we can do as an industry.
One thing we have in abundance is knowhow—and we should be sharing it more widely. While there is a great deal of knowledge sharing happening, it tends to be siloed among people already in the industry, at events for the industry — which is great, but we also need to be reaching new audiences, educating and advocating, and that will require a broader culture of giving back.
Companies can put this into action by enabling their experts to give back to the community through volunteering and mentoring, with an education focus. Security companies should focus on helping security practitioners and leaders improve how they work, teaching cyber skills, and offering training, not just showing product demos. We also recommend scholarship programs for those studying cybersecurity, computer science, programming, data science and related disciplines to encourage more students to pursue an education in cybersecurity.
There is also value in diversity, and recruiting to add different perspectives and new voices to teams is key. Organizations should reach across industries to find talent, such as hiring military veterans who often have an aptitude for cybersecurity with directly relevant or transferable skills. All of these efforts will contribute towards widening the opportunity for people who might not otherwise have thought about a career in cybersecurity, while also helping to close the skills gap.
It’s my belief that the difficult problems facing us in these unprecedented times can be tackled with fresh eyes, critical thinking and smart new approaches, along with persistence and teamwork. It’s an approach which applies to the current worldwide crisis in general, and to smarter cybersecurity in particular.
Despite current difficulties, I believe we are on a pathway to a better future where organizations have all the cybersecurity resources they need, when they need them, and we have an industry that can flex to deliver the protection organizations require when circumstances unexpectedly change. Even if people return to the office in the semi-near future, implementing the right machine learning and AI tools and utilizing the cloud prepare us for similar events down the line. They help security teams skate to where the puck is going by providing the visibility and control required in any environment. Why not start that now, as you’re looking to prepare your business for a post-COVID-19 world?
About the author: Nir Polak is CEO of Exabeam and has 13 years of experience in information security, including executive experience setting company strategy, driving execution, building new products, and bringing them to market.