The ever-evolving role of artificial intelligence (AI) in cybersecurity presents a valuable opportunity and growing challenge for chief information security officers (CISOs).
Across industries, business leaders and decision-makers are considering new ways to empower their staff and streamline processes. Yet in this burst of enthusiasm, they must also be aware of the new issues, concerns and threats that AI may bring.
AI has the potential to revolutionize the way security teams detect, respond to, and mitigate emerging cyber threats. This is driving increased adoption, as 55% of organizations plan to adopt generative AI (GenAI) solutions in 2024, signaling a substantial increase in GenAI integration, according to Cloud Security Alliance.
On the other hand, AI creates more complex threats for security teams to deal with.
According to the conclusions of the National Cyber Security Center (NCSC), all types of threat actors, state and non-state, are already using AI to varying degrees. AI is lowering the barriers for cybercriminals and will likely worsen the global ransomware threat over the next two years.
As this new era reveals new risks, CISOs need to consider how AI could be used against their organization and whether they are prepared for the implications it brings. At the same time, AI also offers the potential to transform their security operations through greater efficiency. Achieving the best outcomes from AI will depend on an organization’s ability to effectively balance risks and rewards.
An evolving threat landscape
AI tools are already enabling cybercriminals to design more sophisticated and convincing cyberattacks. One example is the rise of phishing attacks driven by GenAI. The increasing accessibility of AI makes it easy for adversaries to generate an entire ecosystem of non-existent products, people, and companies to support their social engineering efforts. This allows them to quickly create credible phishing content that can be produced and distributed at a faster rate than ever before.
In the future, polymorphic malware, capable of evading detection systems through advanced evasion techniques, will likely become more sophisticated. Adversaries are expected to exacerbate the already worrying shift from purely opportunistic attacks to deliberate, highly targeted attacks that can result in ransomware or outright extortion.
When it comes to network security, employees with trusted access credentials remain the weakest link, and emerging technologies have the potential to exploit them like never before. The aim is to prevent unauthorized access, manipulation or misuse of AI systems, which could lead to privacy breaches, misinformation or other forms of cyberattacks.
Arming yourself against the evolving risks linked to AI
As AI gives attackers new weapons, security teams can adopt the same tools to learn how they work and how to combat them. For example, the same GenAI that produces phishing emails aimed at bad actors also allows security teams to educate their staff, and their organization as a whole, on how to detect and defend against potential dangers .
The most effective cyber defense tools rely on proven, well-established technologies. An effective way for security teams to fight back and gain an edge against ever-evolving threats is to deploy a security information and event management (SIEM) solution that leverages advanced security behavior analytics capabilities. users and entities (UEBA).
The advanced analytics of a modern UEBA solution uses variations of AI and machine learning (ML), data enrichment, and data science to effectively combat advanced threats. The solution ingests operational data from numerous sources to determine what is “normal” behavior of users and entities on an enterprise network.
Organizations benefit from a scalable solution that looks for anomalies instead of a limited, predetermined set of activities. It allows them to extend their security base with:
Improved automation: Modern UEBA solutions automate detection, triage, and investigation of the alert lifecycle. Instead of presenting discrete events, an automatically constructed timeline of a user’s session presents results with context and risk assessment to help quickly distill the essence of a threat and resolve it. In this way, UEBA provides superior insider threat detection compared to conventional SIEM correlation rules.
Streamlined incident response: Analyzing user behavior can save considerable time because teams don’t need to dig through logs in various locations to piece together a story of the incident. A sophisticated UEBA system ingests data from all different log sources (such as Windows AD, VPN, database, badge, file, proxy and endpoints) and creates a contextual story around the incident that teams security can analyze.
Complete visibility across all IT environments: Analyzed optimally, UEBA provides a 360-degree view of user and device behavior and ultimately allows an organization to establish a baseline of normal behavior for everyone within standard daily operation. By monitoring long-term activities of individual users and devices, examining local contexts, and exploring relationships between credentials and devices, a data science-based system can detect anomalies with minimal false alarms.
Visualization and reporting tools: UEBA tools are equipped with visualization and reporting tools. They can visualize patterns and trends, identify hotspots of activity, and track changes over time. Additionally, UEBA tools provide detailed and actionable reports on detected threats. They can report on various metrics, such as the number and types of threats detected, assets affected, response times, and more. These reports can facilitate decision-making and strategic planning, helping organizations improve their cybersecurity posture.
Along with deploying effective AI-powered security tools, security teams can also balance risks and rewards by providing ongoing training to employees so they can understand the dangers and benefits.
Organizations must exercise responsible use by establishing clear use cases for its deployment and governance frameworks to define ethical guidelines. It is crucial to note that AI augments the experience of the analyst rather than replacing the need for human expertise.
Navigating the AI Era
As threats continue to evolve, security teams need solutions that can adapt and grow to keep pace with threats. This is becoming increasingly important as AI-based attacks continue to escalate and put critical assets at risk.
UEBA enables organizations to transform their cybersecurity approach from reactive to proactive. Its AI and ML capabilities enable security teams to easily monitor and analyze anomalous behavior, mitigate insider threats, and strengthen their overall security foundation.
About the author
Key Eley is Vice President UKI at Exabeam. Kev Eley is Vice President UKI and Europe at Exabeam. For nearly three decades, he has provided expert knowledge and solutions to the IT and software industry, devoting 15 years specifically to cybersecurity and fraud detection. He has been personally involved in over 150 Security Information and Event Management (SIEM), User and Entity Behavior Analytics (UEBA) and Security Analytics deployments, with a focus on customer success and value realization.
Prior to Exabeam, Kev held senior roles at IBM, Microsoft, TrapX Security and Egress Software Technologies. He has a keen interest in all aspects of cybersecurity and its impact on business and society and has worked across a wide variety of industries including financial services, utilities, public sector and more .
