Industry Trends

Securing the Future with AI-Driven Security Operations

By Courtney Radke, Renee Tarun, and Troy Ament | October 09, 2020

CISO on CISO Perspectives

As a result of continued digital innovation initiatives, new remote work realities, and the introduction of 5G, organizations across sectors are facing an increasingly complex and ever-evolving threat landscape. This is further exacerbated by a growing cybersecurity skills gap, which has resulted in a lack of skilled professionals to help secure networks against advanced threats. 

We were joined virtually by Fortinet’s Retail CISO Courtney Radke, Deputy CISO Renee Tarun, and Healthcare CISO Troy Ament for a discussion on how, with AI-driven Security Operations, CISOs are better equipped to protect their entire digital attack surface and meet the needs of today’s digital businesses.

Q: AI seems to be a buzzword across industries right now, including cybersecurity. How can CISOs cut through the hype to understand whether an AI-based solution is right for them, and if so, which one to select? 

Courtney - In the cybersecurity world, AI has been a buzzword for some time now and will continue to be for a long time to come. In my opinion, what has changed significantly over the last several years is two-fold: The wealth of threat intelligence and actionable data to fuel AI-based technology implementations, and the availability of real-world and valuable applications that can leverage AI within an organization. 

AI in its original cybersecurity context was used as a way for organizations to cut through the noise by automating event correlation events, alerting appropriately, and reducing alert fatigue. While this is still very much a key use-case, AI has also evolved to include augmented intelligence and machine learning used to increase the efficiency and efficacy of solutions deployed within an organization, making real-time, proactive security more attainable. More to the point, AI solutions are already being integrated with regularity into cybersecurity applications like email security, IDS/IPS, botnet detection, identity management, and many others. So, it is not necessarily a matter of whether an AI-based solution is right for you, as the answer is always yes, with few exceptions. It is more a matter of ensuring the company behind the solution has access to actionable threat intelligence, and also has the knowledge, expertise, and ability to operationalize it across the environment. Today, everyone says they have AI or are AI-driven, but few companies have the ability to back up these claims or implement it effectively in their networks. 

Renee - And recently, we have seen cyber adversaries leveraging AI and machine learning to their advantage. They are building platforms to deliver malicious payloads at unprecedented speeds and scale. And no industry or organization is immune to these attacks. To combat this, CISOs need to be leveraging AI-driven/machine learning security solutions to fight fire with fire. Organizations need to have a strategic, proactive approach that relies on having accurate, timely, and actionable threat intelligence. Actionable strategic and tactical information gleaned from a global threat intelligence network—and analyzed with AI/ML and sandboxing techniques—enables an organization to move into a proactive security posture. To achieve this, organizations should look for solutions that train their systems using all three learning modes of ML—supervised, unsupervised, and reinforcement learning—as such systems will become more and more accurate over time. 

Q: As AI-driven security solutions get smarter, faster, and more effective, we see AI-driven cyberattacks do the same. In this cyber arms race, how can CISOs come out on top? 

Courtney - The CISO, always mindful of the areas that are most impactful to the business if attacked, must also keep a watchful eye on those areas most susceptible TO attack, which is their people. While there is a myriad of AI-driven technologies focused on protecting different areas within an organization, ensuring there is a keen focus on user-centric technology is key. Protecting email and file-sharing, as well as employing user and behavior analysis techniques, may prove to be one of the most worthwhile AI investments a CISO can make, and is most likely to enable them to stay ahead of cyber-attackers. 

Renee - Threat intelligence is also less effective if it is not available in real time by all the security tools in the network. An integrated and automated security architecture helps organizations thwart today’s advanced persistent threats designed to move at machine speed. CISOs should look at AI-driven security operations for protection, detection, and response. Breaches can occur in mere seconds, so it is imperative that organizations look to reduce manual processes and leverage automation to do things at speed and scale.

Troy - Emerging threats have always taken advantage of the expanding attack surface and poor security posture. When security teams develop orchestrated and automated security responses utilizing AI technologies, bad actors will respond with new and enhanced attack techniques in a process that could be compared to a cyber arms race. As a result, CISOs should continually evaluate which AI-Driven Security operations technologies can increase the effectiveness and efficiency of their security operations center teams, especially those tools designed to increase in maturity and sophistication to combat new threats from bad actors. AI-driven solutions that continue to grow more advanced can solve new security challenges or eliminate redundant manual processes and allow information security professionals to work on higher value initiatives.

Q: How are you seeing CISOs leverage AI-driven Security Operations to mitigate resource challenges and close the cybersecurity skills gap? How impactful has this been on the overall security of these organizations? 

Courtney - Most organizations agree that a key factor in maintaining a competitive advantage is continued investment in digital innovation. This means a continued and rapid influx of technology is necessary, both in new technology and in the scaling of existing technology. This should also mean an in-kind expansion of these resources used to support them. Unfortunately, as most of us know, this is usually not the case. Luckily, CISOs can now augment their existing teams and create an AI-driven SOC with greater ease and effectiveness than ever before. This approach has allowed many organizations to confidently deploy technologies at speed and scale without overwhelming their existing IT staff—which has been crucial over the last several months. 

Troy -Technologies that leverage AI-driven security operations or automate tasks allow CISOs to hire a broad range of cybersecurity professionals while reducing the learning curve needed for new or junior staff to become highly effective in the security operations center. Traditional cybersecurity tools have generally been very complex, siloed, and require senior level technical expertise. This challenge has been compounded due to high staff attrition, and senior level staff spending significant time developing and training new and junior staff. And the complexity widens further as organizations expand the number of siloed system interfaces that need to be managed. Leveraging next-generation cybersecurity technologies allow for integrated, enhanced user interfaces that take advantage of the automation of tasks—enabling new and junior staff to be effective sooner, thereby reducing the need for senior level staff oversight. Further, these technologies can help fill holes left by the cybersecurity skills gap. This provides for more meaningful and high-value work across the range of cyber professionals and can also increase staff retention. 

Renee - To keep pace with emerging threats and new risk exposures, the average enterprise now deploys 47 different security solutions and technologies. All of these separate tools—especially when they have individual management consoles and operate largely in isolation—make it difficult to correlate events and execute a consistent, coordinated response to threats.  And at the same time, security teams have been stretched thinner and thinner, with 65% of organizations saying they lack the skilled staff, especially as tool-specific proficiencies become harder to maintain. Not to mention, in today’s environment there is a lot more data and far more alerts that SOC analysts must review, in part due to the sudden increase of traffic from outside the network due to remote access. The increase in traffic, and resulting log files, increases the chances of an alert falling through the cracks. Because of the proliferation of advanced attacks, today’s compromises can occur in a matter of seconds, which means that relying on manual human intervention to perform incident response is no longer a viable security strategy. By leveraging the right AI-driven solutions, however, especially those that include high degrees of automation and integration built in, organizations can establish and maintain more effective and efficient security operations, all while reducing their overall total cost of ownership.

Find out how Fortinet integrates AI and machine learning capabilities across our Security Fabric to detect, identify, and respond to threats at machine speed. 

Read these customer case studies to see how Warrior Invictus Holding Co., Inc. and Infosec Partners are using AI to efficiently collect, analyze, and classify cyber threats to keep their networks protected from evolving threats.