Cybersecurity tools evolve towards leveraging machine learning (ML) and artificial intelligence (AI) at ever deeper levels, and that’s of course a good thing. However, we often see results that feel cookie cutter and counter-productive, raising the question: can AI really do as good of a job as a human?
Related: Business logic hacks plague websites
The larger question: Can cybersecurity be truly automated? The answer is yes, but perhaps not exactly in the ways the industry currently envisions.
Threat actors are now using advanced methods to conduct intricate, personalized phishing and targeted attacks. For example, researchers at Group-IB uncovered a targeted worldwide scam campaign using over 121 popular brands as bait in over 90 countries, including the US, Canada, South Korea and Italy.
Scamming with giveaways and surveys is an old scheme, but this campaign was exceptionally effective due to the highly targeted nature of the approach to victims. Sophisticated tools were employed to auto generate content that compelled users to respond. The bad actors employed AI to discover social footprints, buying patterns and personal data, and launched personalized attacks unique to each potential victim.
Offers from such supposedly trusted brands can prove hard to resist. According to Group-IB, the victims found themselves:
“. . .in a long chain of redirects, during which scammers gather information about their session, including country, time zone, language, IP, browser, and etc. The content on the final page will be determined based on what was learned about the user and tailored as much as possible to their possible interests. The final scam link is customized to a specific user and can be opened only once. This complicates the detection of such links, which inevitably leads to the scam’s longer life cycle, and hampers the takedown and investigations.”
Such campaigns are driving the move to similarly marshal automation to detect and thwart such advanced attacks. Here are three things automated cybersecurity technology does exceptionally well:
•Tackle mundane tasks. Continuous monitoring and detection tasks are repetitive, and often are a waste of cybersecurity talent. Outsourcing this work to automated systems frees in-house or third party cybersecurity experts to focus on more high level tasks.
For instance, taking inventory of a company’s assets, while necessary, can quickly become monotonous for security team members. The right tools and tracking can help the team better and more effectively manage those assets.
•Accelerate time-sensitive processes. Automated software can not only handle both mundane and urgent tasks, it can do so more quickly and efficiently. For example, AI can interpret data sets in mere moments – which matters greatly when an attack is underway and seconds count.
Those organizations with thousands of assets and millions of users or customers present an enormous potential attack surface and combined with the new realities of automated attacks, make automated cybersecurity scanning an essential. And when automated scanning and detection software are orchestrated with services such as threat and vulnerability management, a safer and more secure experience results.
•Help advance cybersecurity. Human intelligence, process innovations and automation drive constantly evolving cybersecurity. One of the most compelling reasons for implementing automated cybersecurity: its machine learning abilities.
Automated cybersecurity tools – with appropriate human interaction and processes – leverage machine learning to evolve quickly.
As cybersecurity AI works to keep the organization secure, it also learns along the way and can inform cybersecurity teams, who in turn continue to tune both tools and processes to combat ever-evolving threats.
Email security management, for example, learns through each experience with an organization’s email system. It’s knowledge base evolves quickly and soon identifies with new precision what cyberattacks look like, hardening the organization’s defenses against the human error of “bad clicks.”
Automated cybersecurity can’t do everything. Just as Virtual CISOs (Chief Information Security Officers) rely on a mix of automated tools and software with the power of the human brain and real-life experience, cybersecurity can’t be 100% automated – at least not just yet.
The role of cybersecurity experts — in diagnosing and understanding issues, creating and executing action plans, prioritizing and balancing needs, and communicating to the organization – is critical. Automated tools do not replace IT and security professionals, they arm them. And with the knowledge that automated tools provide, best practices evolve to meet the dynamic threatscape.
Automated cybersecurity technology and tools are now doing much of the heavy lifting to keep organizations secure. Harnessing their power while simultaneously using the expertise of skilled professionals is the key to effective, proactive security.
About the essayist: Corey White is Chief Executive & Experience Officer of Cyvatar.AI. Previous posts include serving as SVP of Worldwide Consulting and Chief Experience Officer at Cylance as well as the Southwest Director of Consulting for Foundstone & McAfee/Intel Professional Services.
*** This is a Security Bloggers Network syndicated blog from The Last Watchdog authored by bacohido. Read the original post at: https://www.lastwatchdog.com/guest-essay-marshaling-automated-cybersecurity-tools-to-defend-automated-attacks/