AI/ML Powered Automation: The Future of Cybersecurity at Scale

Cybersecurity professionals are simply not able to keep up with the growing flood of enterprise security alerts. A 2020 survey determined that the volume of security alerts had increased as much as 50% for four out of five SOC analysts over the preceding year, as reported by ITSecurityWire.

As a result, 70% of security professionals said that they needed to manually investigate more than 10 security alerts a day—that’s up 25% from two years prior, and that’s a concern because only 40% of survey participants said that they have the time they need to adequately analyze and remediate actual security events of concern.

Simply put, an alert-centric security operations approach results in valuable time and resources being wasted chasing down false positives, time that could better be used for addressing significant security events and other high priority tasks.

Embracing AI/ML and Their Benefits

Many organizations are turning to tools powered by Artificial Intelligence (AI) and Machine Learning (ML) to allow their teams to automate triage, investigation and remediation efforts at scale. Over half (52%) of executives at U.S. companies told PwC that they had accelerated their AI/ML adoption plans following the events of 2020, and even more (86%) said that AI/ML would be a “mainstream technology” in their environments by the end of 2021.

These findings highlight the extent to which AI/ML can benefit an organizations security efforts. Booz Allen wrote that organizations can also use these technologies to better detect more nuanced attacks earlier than manual investigation can achieve.

This automation of security operations enables organizations to expedite their incident detection and response capabilities, thereby minimizing the scope of potential threats and strengthening their security postures.

What’s more, AI/ML can enable security teams to cut through the noise introduced by a constant flood of threat alerts, allowing security professionals to spend less time sifting through alerts and chasing false positives and more time working to improve the organization's overall security posture.

Artificial Intelligence and Machine Learning as a Force-Multipliers

Another primary benefit of AI/ML technologies is in addressing the ongoing cybersecurity skills gap. Organizations don’t have enough people with the prerequisite skill sets to maintain robust security operations around the clock. This can make the task of implementing AI/ML technologies more difficult in the short run, but the benefits realized in the long run far outweigh the cost of overcoming this initial inertia.

AI/ML technologies are really good at analyzing large scale data sets with a high degree of accuracy to identify events of concern at a volume manual human analysis can never match. The advantage here is in automating the detection of events that actually require human analysis and relieving security teams of the inefficient task of sorting the signal from the noise on the network.

AI/ML alone are not a “silver bullet”--for the foreseeable future there will always need to blend humans and AI/ML working together, but AI/ML will amplify the effectiveness of each and every member of their existing security teams.

Cybereason Delivers Advanced AI/ML

Using techniques such as behavioral analytics that leverage Indicators of Behavior (IOBs) offer a more in-depth perspective on how attackers actually conduct their campaigns. This operation-centric approach is far superior at detecting attacks earlier--especially highly targeted attacks employing never before seen tools and tactics that cannot be identified when relying on known Indicators of Compromise (IOCs) like malware signatures and IP addresses.

Finding one component of an attack via behavioral signals provides defenders with the opportunity to see the entire operation from root cause across every impacted user and device. But even the most skilled human analysts are incapable of quickly and efficiently querying all available telemetry in realtime to uncover meaningful attack indicators.

This is where Artificial Intelligence and Machine Learning are critical to automatically correlate and analyze data at a rate of millions of events per second. Instead of manually querying data, analysts can spend more time acting on the insights produced by AI/ML across disparate assets on the network.

The Cybereason Defense Platform leverages multiple layers of AI/ML analysis to quickly identify malicious chains of behavior, never before seen malware strains, complex ransomware attack sequences and other digital threats. These capabilities allow security teams to swiftly remediate both known and unknown threats regardless of where they’re occurring in an organizations' environment.

Such visibility enables security teams to respond to an event before it becomes a major security issue and introduce measures designed to increase the burden on attackers going forward. The Cybereason Defense Platform was built from the ground up for scale and for artificial intelligence and machine learning at all levels: the machine level, the enterprise level, the regional/cluster level, and the full global context level.

And in case you missed it, Cybereason and Google Cloud recently entered into a strategic partnership to bring to market a joint solution in support of our mission to reverse the adversary advantage. This pivotal partnership delivers an AI/ML-powered XDR security platform that can ingest and analyze petabyte-scale telemetry across the complete IT and security stack and offers unrivaled speed and accuracy for the prevention of advanced threats against endpoints, networks, containers, application suites, user personas and cloud infrastructure.

Competing offerings like those from Crowdstrike and SentinelOne have no ability to scan non-executable files or provide effective behavioral ransomware prevention because their platforms are not capable of analyzing events at scale. This is why they must apply “smart filtering” that effectively eliminates critical telemetry required to detect and stop an attack at the earliest stages-- and eliminating telemetry from analysis hobbles any ability to effectively apply AI/ML to automate detection and response.

But organizations can now reap the benefits of Cybereason XDR powered by Chronicle which combines the industry-leading Cybereason Defense Platform with its patented MalOp™ (malicious operations) engine which analyzes more than 23 trillion security-related events per week with Google Cloud’s cybersecurity analytics engine that ingests and normalizes petabytes of telemetry from across the entire IT environment. The combination of Cybereason and Google capabilities means absolutely no telemetry is filtered out, which allows the AI/ML predictive analytics engine to identify attack activity earlier and remediate threats faster.

Cybereason and Google Cloud are dedicated to teaming with Defenders to end cyber attacks from endpoints to the enterprise to everywhere. Schedule a demo today to see how your organization can benefit from an operation-centric approach to security powered by AI/ML.

Anthony M. Freed
About the Author

Anthony M. Freed

Anthony M. Freed is the Senior Director of Corporate Communications for Cybereason and was formerly a security journalist who authored feature articles, interviews and investigative reports which have been sourced and cited by dozens of major media outlets. Anthony also previously worked as a consultant to senior members of product development, secondary and capital markets from the largest financial institutions in the country, and he had a front row seat to the bursting of the credit bubble.

All Posts by Anthony M. Freed