If you are searching for ways to actualise benefits from cybersecurity AI tools or want to find out what AI tools will really make a difference in your SOC, you’re not alone.
A World Economic Forum survey last year showed that almost half of all security leaders thought AI and machine learning would have the greatest influence on stopping cyber attacks and malware in the next two years. And that was before ChatGPT started an AI frenzy.
But as we’ve explained before, AI hype and AI actuality are two different things.
Since pioneering aspects of AI security and cybersecurity machine learning algorithms in 2017 (and winning the Institute of Engineering and Technology (IET)’s “Cybersecurity Innovation of 2019” award as a result), we know that developing and deploying effective AI-powered security solutions for your SOC is a huge challenge.
To make the most out of AI cybersecurity tools, you need to understand your people, processes, and tech and find the attack surface gaps where AI can add value and stop threats.
Here’s a short guide on how to choose the most effective AI cybersecurity tools – based on our clients’ experiences.
When the non-profit housing provider bpha started looking for an AI-powered threat detection and response solution, they knew their biggest security operations limitations (and business challenges) were time and visibility.
With a small security team, they couldn’t sustain the time it was taking security analysts to investigate alerts by pulling together disparate sources of data. Alert investigation, which often turned up false positives that looked like suspicious activity, consumed IT resources desperately needed elsewhere.
bpha knew that using AI algorithms and automation could help them understand the link between multiple data flows from endpoints and network traffic. It would also give them security against the sophisticated attacks that cybercriminals increasingly use.
Specifically, bpha wanted an AI system that could sort through log records from apps, devices and network traffic and find cyber threats by spotting outliers in user behaviour. For example, a privileged user logging into a system, creating a new account and then immediately copying the contents of a database and deleting an account.
They also knew that to reduce incident response time, they needed to understand how different events may be connected in real time. An event might seem harmless on its own, but if it happens alongside other events in a short space of time, it could indicate hackers, potential threats or malicious activity.
To get this kind of context at scale, bpha needed to find something that could do user and entity behaviour analytics (UEBA) across their environment and give their small security team rapid context. Fortunately, this is a perfect AI use case.
How bpha improved threat detection and response with an AI cybersecurity tool:
AI-enabled tools like SenseOn can do advanced UEBA through a combination of unsupervised statistical learning and autonomous class labelling. This deep learning technology allows the creation of a supervised classification engine around baseline user and device behaviour.
In layperson’s terms, the AI technology that SenseOn uses can find out what normal patterns of user and device behaviour look like (through analysing thousands of device and network events) and then spot when an action (or series of actions) is not normal.
You don’t always have to rip and replace your cyber security systems or change your tooling to gain the benefits of AI.
One way our customers have done this is by identifying the role AI can play in reducing security data costs by augmenting their existing security stack and solving legacy issues.
For example, much of the data ingestion costs that security information and event management (SIEM) tools create are wasted. A 1,000-person company will likely spend around £200k each year processing and storing the logs that their SIEM solution uses.
One of our customers, a large financial institution running a Microsoft SIEM, recognised this issue and found that they could use an AI-powered SIEM augmentation solution to reduce their log ingestion volume by over 60%. Cutting down on the volume of logs that had to be normalised and stored resulted in a direct saving of over £10k per month.
Learn more about SIEM augmentation in this short webinar
How a financial service organisation reduced costs with an AI cybersecurity tool:
The AI-driven solution they used was not only able to identify the most voluminous and expensive datasets and logs (which would cost the most to normalise) and figure out whether they were useful but also add context to the alerts the company’s SIEM surfaced.
This meant that in addition to reducing costs, the company was also able to decrease the mean time to respond (MTTR).
AI can add immense value. We know that organisations with AI tooling in place experience data breach lifecycles 108 days shorter (according to IBM) than their peers. But it’s also true that AI does not always add value.
Companies that can link real business value from the expense of adding or incorporating AI into their security programs do two things:
One of these proven AI-powered solutions is SenseOn.
SenseOn is powered by a patented artificial intelligence engine called “AI Triangulation,” which uses multiple different detection approaches, including UEBA, advanced deception technologies, and supervised and unsupervised machine learning, to provide data-driven anomaly detections.
To learn more about how SenseOn actualises AI cybersecurity benefits today, contact us.