Today, a major cybersecurity challenge is the accelerated pace of operations and threats. The velocity, variety and sophistication of threats, and the complexity of today’s networks have outpaced the effectiveness of traditional perimeter-based defenses. Data breaches are now considered inevitable and the practical reality is that it is simply impossible to prevent all attacks. Therefore, the object of the exercise in cybersecurity is implementing a reasonable level of care to identify and manage risk. In practice, this means a balance of prevention and detection to mitigate as many threats as possible.
This trend is reflected in the findings of the survey Making Tough Choices: How CISOs Manage Escalating Threats and Limited Resources, conducted by Forbes Insights in conjunction with Fortinet. Results show that CISOs currently devote 36% of budget to response, and 33% to prevention. However, as security needs change, many CISOs desire to shift budget away from prevention tactics. An optimal budget would reduce spend on prevention and increase detection and response resources to 33% and 40% of security budget respectively. This shift gives security teams the speed and flexibility they need to react quickly in the face of a threat – especially as 21% of surveyed CISOs believe capabilities of cyber criminals are outpacing their defensive capabilities.
When it comes to keeping pace with the speed of modern cyberattacks, the challenge is that CISOs have limited resources in terms of personnel and budget. The report finds that to overcome these obstacles and attain the detection and response speeds necessary for today’s cyber strategies, CISOs must leverage AI and automation.
CISOs are not the only ones adopting AI and automation – cyber criminals are too. Attacks now move at machine speed, using AI and automation to actively locate and exploit multiple vulnerabilities while evading detection. Without the need for manual input, these attacks can be far more prolific, and faster. With the use of ransomware and malware-as-a-service, they can even be carried out by more amateur cyber criminals.
The result is that even very experienced IT and security teams cannot keep up. No individual can detect and react to a threat at the same speed as a machine. Even so, most organizations do not have the cybersecurity personnel to consider manual response as a primary strategy. With the cybersecurity skills gap continuing to grow, many security teams are understaffed or are still being trained in how to deal with the onslaught of new threats.
Furthermore, most organizations are deploying multiple disparate security tools across their distributed environments. The lack of integration here means that security teams are getting alerts to possible security events from a multitude of devices – which can cause alert fatigue and events to slip by unaddressed for longer periods of time.
By using AI and automation, CISOs can mitigate the risk brought on by automated cyberattacks with faster response times.
Because organizations cannot detect and respond to threats manually, they can use AI and automation to fill these gaps. Solutions enabled by artificial intelligence can learn what normal behavior looks like in order to detect anomalous behavior. For example, certain employees may regularly access a specific type of data, or might only log on at certain times. If the user begins to operate outside of these standard parameters, the solution can detect these anomalies and inspect or isolate the device until it is determined to be safe. If the device is infected with malware or is otherwise acting maliciously, the tool can issue automatic responses. Making these tactical tasks the responsibility of AI-driven solutions gives time back to security teams to develop strategic security initiatives, focus on developing threat intelligence, or hone in on detecting unknown threats.
As a result of digital transformation, networks are becoming increasingly complex and distributed. Many organizations have deployed multi-cloud environments, hybrid environments, BYOD policies, SaaS apps, connected devices, and more. AI and automation simplify network management across these environments – alerting security teams to imminent threats and responding automatically. Automated tools that leverage machine learning and integration can also alert other areas of the network to a potential threat. For example, a cloud security tool could alert endpoint security solutions of malicious activity to facilitate a faster response in that area of the network.
A key benefit of increased visibility into security alerts across distributed networks is a more productive and efficient security program. If teams feel confident in the ability of AI-enabled tools to monitor the network, respond to threats at machine speed, and collect analytics, they can spend more time honing strategy, performing historical analysis, and building a cyber-aware culture.
If security teams decide to adopt AI and automation, they must be sure the solution chosen can compete with modern threats. In selecting a solution, take time to ensure it is powered by best-in-class threat intelligence and research and analytics technology. Make sure this data is collected from a variety of nodes – both globally and locally to best inform your cyber strategy. Finally, bear in mind that AI is only as effective as the training that went into it. The amount data ingested, the number of nodes and accuracy of analysis are also key considerations.
Speed is an essential component of threat management. However, with attacks growing more sophisticated and security resources sparser, organizations are hard-pressed to keep pace. By leveraging solutions that incorporate AI and automation, CISOs can close the resource gap and stay a step ahead of cyber criminals.
Read more about how CISOs can manage escalating threats and limited resources.
Find out how Fortinet integrates AI and machine learning capabilities across our Security Fabric to detect and identify threats, protecting organizations from increasingly sophisticated threats.