The key problems facing security operations centres today and how AI will help to solve them

Greg Martin (left) of Jask

The security industry is facing a huge problem and one which, until recently, looked intractable. There are just not enough cyber security operatives in the world’s Security Operations Centres (SOCs) and there are just too many threats that the average organisation has to deal with on a daily basis.

However, there are techniques, drawn from the Machine Learning subdomain of Artificial Intelligence (AI), which can automate the work of security analysts in the SOC. By applying AI tools, says Greg Martin co-founder of Jask, the SOC can alleviate the burden on overloaded business defenders. There is also the problem of the scarcity of the very analysts who are holding these threats at bay.

There are more than three million cybersecurity jobs vacant in North America alone. The number is much, much larger as you look to the rest of the world. So, we face a simple but frightening problem. If we do not develop Artificial Intelligence to start to accelerate identifying, automating and helping the analysts that we do have, to deal with these massively increasing cyberthreats, we are going to continually fall behind.

This is going to have potentially catastrophic effects on our industries. We are going to suffer even bigger breaches, more destructive breaches and events, like we saw here in the US with Equifax are going to start becoming routine. The Equifax breach was simply a matter of not having the appropriate amount of resources to be able to deal with the threats that they had coming through their systems.

We have to start using the only serious methodology that modern organisations have to protect themselves from the threat of a successful cyberattack. The repetitive tasks, which we do every day, that are more scripted, should be given to machines. This is to acknowledge that machines are better at some things like high-frequency pattern matching, than humans ever will be.

We use AI and machine learning to scan the vast amount of data coming into the SOC and reveal patterns and inconsistencies – if you’re looking for these patterns over time in very large volumes you can only keep up using these methods – a human cannot possibly do this job – it is perfectly suited to AI.

Where a SOC analyst can get tired if they’re working the overnight shift and they haven’t had enough Red Bull, the machines can just crunch through that and find those patterns more quickly. The human just doesn’t have the speed to do it. What AI will not be able to do is take the human out of the loop.

We believe that in our lifetime, AI will not surpass the human ability to be the best defence against cyberattacks, at least the complex ones. However, we do believe that within the next five to 10 years AI will be able to deal with some of the more lower-level automated attacks, dealing with more financial crime, but the truly targeted government-grade attacker – where there’s a human behind the keyboard – the best defence for that will be a robot behind the keyboard.

What AI will do, it will allow us to filter that advance attacker from all of the noise of the automated lower-level cybercrime attacks. This is where the industry is really struggling right now: how do I identify what I should care about versus the malware that I see every Monday?

We had this phrase in cybersecurity that we used to use years ago ­­–– that we’re looking for the needle in the haystack, but where today, we have a stack of needles, there are thousands of these threats and they are now hidden in multiple haystacks. The real task is finding what is that ‘sharpest’ or most dangerous needle in the stack of needles that we have. So, the game has totally changed and that’s what AI is going to help us with.

We are now in a full-on 24×7 global cyberweapons arms race and this is not mere speculation, for example the WannaCry tool was built from a stolen cyberweapon from the US Government, from the National Security Agency. That was weaponised and used against the public and public companies. This cyberweapon proliferation is the new normal, and we are absolutely certain that government entities are using AI to develop new cyberweapons.

WannaCry, which was based on a weapon called EternalBlue is about a five or six-year-old piece of technology, so you imagine what happens when the newer pieces of these technologies leak out, whether it comes from the US or another government entity, the ramifications can be quite scary. AI is the only game in town that can let us keep on top of the current threat landscape.

The author of this blog is Greg Martin co-founder of Jask

Comment on this article below or via Twitter: @IoTNow_OR @jcIoTnow

RECENT ARTICLES

Get a US$50 Amazon voucher for sharing your IoT brand knowledge

Posted on: March 28, 2024

We want to know what you know about the IoT space. Just 3 minutes could earn you a US$50 Amazon digital gift card!

Read more

Enhance EV charging performance with cellular connectivity

Posted on: March 28, 2024

Electric vehicles (EVs) are steadily growing their market share at the expense of internal combustion engine vehicles. The growth is fuelled by several factors. Perhaps most importantly, prices for EVs have started to drop as competition in the industry is intensifying. New players and models are emerging, prompting several established EV makers to lower their

Read more
FEATURED IoT STORIES

What is IoT? A Beginner’s Guide

Posted on: April 5, 2023

What is IoT? IoT, or the Internet of Things, refers to the connection of everyday objects, or “things,” to the internet, allowing them to collect, transmit, and share data. This interconnected network of devices transforms previously “dumb” objects, such as toasters or security cameras, into smart devices that can interact with each other and their

Read more

The IoT Adoption Boom – Everything You Need to Know

Posted on: September 28, 2022

In an age when we seem to go through technology boom after technology boom, it’s hard to imagine one sticking out. However, IoT adoption, or the Internet of Things adoption, is leading the charge to dominate the next decade’s discussion around business IT. Below, we’ll discuss the current boom, what’s driving it, where it’s going,

Read more

9 IoT applications that will change everything

Posted on: September 1, 2021

Whether you are a future-minded CEO, tech-driven CEO or IT leader, you’ve come across the term IoT before. It’s often used alongside superlatives regarding how it will revolutionize the way you work, play, and live. But is it just another buzzword, or is it the as-promised technological holy grail? The truth is that Internet of

Read more

Which IoT Platform 2021? IoT Now Enterprise Buyers’ Guide

Posted on: August 30, 2021

There are several different parts in a complete IoT solution, all of which must work together to get the result needed, write IoT Now Enterprise Buyers’ Guide – Which IoT Platform 2021? authors Robin Duke-Woolley, the CEO and Bill Ingle, a senior analyst, at Beecham Research. Figure 1 shows these parts and, although not all

Read more

CAT-M1 vs NB-IoT – examining the real differences

Posted on: June 21, 2021

As industry players look to provide the next generation of IoT connectivity, two different standards have emerged under release 13 of 3GPP – CAT-M1 and NB-IoT.

Read more

IoT and home automation: What does the future hold?

Posted on: June 10, 2020

Once a dream, home automation using iot is slowly but steadily becoming a part of daily lives around the world. In fact, it is believed that the global market for smart home automation will reach $40 billion by 2020.

Read more

5 challenges still facing the Internet of Things

Posted on: June 3, 2020

The Internet of Things (IoT) has quickly become a huge part of how people live, communicate and do business. All around the world, web-enabled devices are turning our world into a more switched-on place to live.

Read more