The key problems facing security operations centres today and how AI will help to solve them

Greg Martin (left) of Jask

The security industry is facing a huge problem and one which, until recently, looked intractable. There are just not enough cyber security operatives in the world’s Security Operations Centres (SOCs) and there are just too many threats that the average organisation has to deal with on a daily basis.

However, there are techniques, drawn from the Machine Learning subdomain of Artificial Intelligence (AI), which can automate the work of security analysts in the SOC. By applying AI tools, says Greg Martin co-founder of Jask, the SOC can alleviate the burden on overloaded business defenders. There is also the problem of the scarcity of the very analysts who are holding these threats at bay.

There are more than three million cybersecurity jobs vacant in North America alone. The number is much, much larger as you look to the rest of the world. So, we face a simple but frightening problem. If we do not develop Artificial Intelligence to start to accelerate identifying, automating and helping the analysts that we do have, to deal with these massively increasing cyberthreats, we are going to continually fall behind.

This is going to have potentially catastrophic effects on our industries. We are going to suffer even bigger breaches, more destructive breaches and events, like we saw here in the US with Equifax are going to start becoming routine. The Equifax breach was simply a matter of not having the appropriate amount of resources to be able to deal with the threats that they had coming through their systems.

We have to start using the only serious methodology that modern organisations have to protect themselves from the threat of a successful cyberattack. The repetitive tasks, which we do every day, that are more scripted, should be given to machines. This is to acknowledge that machines are better at some things like high-frequency pattern matching, than humans ever will be.

We use AI and machine learning to scan the vast amount of data coming into the SOC and reveal patterns and inconsistencies – if you’re looking for these patterns over time in very large volumes you can only keep up using these methods – a human cannot possibly do this job – it is perfectly suited to AI.

Where a SOC analyst can get tired if they’re working the overnight shift and they haven’t had enough Red Bull, the machines can just crunch through that and find those patterns more quickly. The human just doesn’t have the speed to do it. What AI will not be able to do is take the human out of the loop.

We believe that in our lifetime, AI will not surpass the human ability to be the best defence against cyberattacks, at least the complex ones. However, we do believe that within the next five to 10 years AI will be able to deal with some of the more lower-level automated attacks, dealing with more financial crime, but the truly targeted government-grade attacker – where there’s a human behind the keyboard – the best defence for that will be a robot behind the keyboard.

What AI will do, it will allow us to filter that advance attacker from all of the noise of the automated lower-level cybercrime attacks. This is where the industry is really struggling right now: how do I identify what I should care about versus the malware that I see every Monday?

We had this phrase in cybersecurity that we used to use years ago ­­–– that we’re looking for the needle in the haystack, but where today, we have a stack of needles, there are thousands of these threats and they are now hidden in multiple haystacks. The real task is finding what is that ‘sharpest’ or most dangerous needle in the stack of needles that we have. So, the game has totally changed and that’s what AI is going to help us with.

We are now in a full-on 24×7 global cyberweapons arms race and this is not mere speculation, for example the WannaCry tool was built from a stolen cyberweapon from the US Government, from the National Security Agency. That was weaponised and used against the public and public companies. This cyberweapon proliferation is the new normal, and we are absolutely certain that government entities are using AI to develop new cyberweapons.

WannaCry, which was based on a weapon called EternalBlue is about a five or six-year-old piece of technology, so you imagine what happens when the newer pieces of these technologies leak out, whether it comes from the US or another government entity, the ramifications can be quite scary. AI is the only game in town that can let us keep on top of the current threat landscape.

The author of this blog is Greg Martin co-founder of Jask

Comment on this article below or via Twitter: @IoTNow_OR @jcIoTnow

RECENT ARTICLES

SiTime expands addressable market with its new precision timing solution for autonomous vehicles

Posted on: September 30, 2022

Santa Clara, United States. 27 September, 2022 – SiTime Corporation, a provider in precision timing, introduced a new automotive oscillator family, based on SiTime’s advanced MEMS technology. The new differential oscillators are 10x more resilient and ensure reliable operation of ADAS across extreme road conditions and temperatures. The launch of the new automotive oscillator, AEC-Q100 SiT9396/7,

Read more

Semtech’s LoRa devices featured in Kiwi Technology gas metering solution

Posted on: September 30, 2022

Camarillo, United States. 29 September, 2022 – Semtech Corporation, a global supplier of high performance analog and mixed-signal semiconductors and advanced algorithms, announced that Kiwi Technology, an advanced internet of things (IoT) turn-key solutions and data analytics provider, is using Semtech’s LoRa devices for its new third party class B network control unit (NCU) that connects gas meters

Read more
FEATURED IoT STORIES

9 IoT applications that will change everything

Posted on: September 1, 2021

Whether you are a future-minded CEO, tech-driven CEO or IT leader, you’ve come across the term IoT before. It’s often used alongside superlatives regarding how it will revolutionize the way you work, play, and live. But is it just another buzzword, or is it the as-promised technological holy grail? The truth is that Internet of

Read more

Which IoT Platform 2021? IoT Now Enterprise Buyers’ Guide

Posted on: August 30, 2021

There are several different parts in a complete IoT solution, all of which must work together to get the result needed, write IoT Now Enterprise Buyers’ Guide – Which IoT Platform 2021? authors Robin Duke-Woolley, the CEO and Bill Ingle, a senior analyst, at Beecham Research. Figure 1 shows these parts and, although not all

Read more

CAT-M1 vs NB-IoT – examining the real differences

Posted on: June 21, 2021

As industry players look to provide the next generation of IoT connectivity, two different standards have emerged under release 13 of 3GPP – CAT-M1 and NB-IoT.

Read more

IoT and home automation: What does the future hold?

Posted on: June 10, 2020

Once a dream, home automation using iot is slowly but steadily becoming a part of daily lives around the world. In fact, it is believed that the global market for smart home automation will reach $40 billion by 2020.

Read more

5 challenges still facing the Internet of Things

Posted on: June 3, 2020

The Internet of Things (IoT) has quickly become a huge part of how people live, communicate and do business. All around the world, web-enabled devices are turning our world into a more switched-on place to live.

Read more

What is IoT?

Posted on: July 7, 2019

What is IoT Data as a new oil IoT connectivity What is IoT video So what’s IoT? The phrase ‘Internet of Things’ (IoT) is officially everywhere. It constantly shows up in my Google news feed, the weekend tech supplements are waxing lyrical about it and the volume of marketing emails I receive advertising ‘smart, connected

Read more
IoT Newsletter

Join the IoT Now online community for FREE, to receive: Exclusive offers for entry to all the IoT events that matter, round the world

Free access to a huge selection of the latest IoT analyst reports and industry whitepapers

The latest IoT news, as it breaks, to your inbox