The ever-evolving role of Artificial Intelligence (AI) in cybersecurity presents a valuable opportunity and growing challenge for chief information security officers (CISOs).
Across all sectors, business leaders and decision makers are envisioning new ways to empower their workforce and streamline processes. Yet, in this surge of enthusiasm, they also need to be aware of the fresh issues, concerns, and threats AI may bring.
AI has the potential to revolutionize how security teams detect, respond to and mitigate emerging cyberthreats. This is driving increased adoption, with 55% of organizations planning to adopt Generative AI (GenAI) solutions in 2024, signaling a substantial surge in GenAI integration, according to Cloud Security Alliance.
On the other hand, AI is creating more complex threats for security teams to tackle.
According to findings from the National Cyber Security Centre (NCSC), all types of threat actors, both state and non-state, are already using AI to varying degrees. AI is lowering the barrier for cybercriminals and will likely worsen the global ransomware threat over the next two years.
As this new era reveals new risks, CISOs need to consider how AI could be used against their organization and whether they are prepared for the implications it brings. At the same time, AI also holds the potential to transform their security operations through greater efficiency. Achieving the best AI outcomes will depend on an organization’s ability to effectively balance risks with reward.
An Advancing Threat Landscape
AI tools are already enabling cybercriminals to craft more sophisticated and convincing cyberattacks. One example of this is the rise of GenAI-driven phishing attacks. The increasing accessibility of AI is enabling adversaries to easily generate an entire ecosystem of non-existent products, people, and companies to support their social engineering efforts. This allows them to quickly create believable phishing content that can be produced and distributed at a faster pace than ever before.
Looking ahead, polymorphic malware, with its ability to escape detection systems with advanced evasion techniques, will likely become more sophisticated. Adversaries are expected to exacerbate the already unsettling shift from purely opportunistic attacks to purposeful, highly targeted ones that can culminate in ransomware or outright extortion.
When it comes to network security, employees with trusted access credentials continue to be the weakest links, and emerging technologies have the potential to exploit them like never before. The goal is to prevent unauthorized access, manipulation, or misuse of AI systems, which could lead to privacy breaches, misinformation, or other forms of cyberattacks.
Arming Against Evolving AI Risks
While AI is giving new weapons to attackers, security teams can adopt the same tools to find out how they work and how to fight them. For example, the same GenAI that produces phishing emails for threat actors also enables security teams to educate their staff, and their organizations as a whole, about how to spot and defend against potential dangers.
The most successful tools for cyber defense are built on proven, well-established technologies. One powerful way that security teams can fight back and gain the advantage over evolving threats is by deploying a security information and event management (SIEM) solution that leverages advanced User and Entity Behavior Analytics (UEBA) capabilities.
The advanced analytics of a modern UEBA solution use variations of AI and machine learning (ML), data enrichment, and data science to effectively combat advanced threats. The solution ingests operational data from many sources to determine what is “normal” behavior by users and entities on an enterprise network.
Organizations gain a future-proof solution that looks for abnormalities instead of a limited, predetermined set of activities. It enables them to scale up their security foundation with:
Enhanced Automation: Modern UEBA solutions automate the detection, triage and investigation of the alert lifecycle. Instead of presenting discrete events, a machine-built timeline of a user’s session presents the results with context and risk scoring to help rapidly distil the essence of a threat and resolve it. In this way, UEBA provides superior insider threat detection compared with conventional SIEM correlation rules.
Streamlined Incident Response: User behavior analytics can provide dramatic time savings because teams don’t have to dig into logs in diverse locations to put together a story of the incident. A sophisticated UEBA system ingests data from all the different log sources—such as Windows AD, VPN, database, badge, file, proxy, and endpoints—and builds a contextual story around the incident for security teams to analyze.
Comprehensive Visibility Across IT Environments: Analyzed optimally, UEBA provides a 360-degree view of user and device behavior and ultimately allows an organization to establish a baseline of normal behavior for each within standard daily operation. By monitoring the long-term activities of individual users and devices, examining the local contexts, and exploring relationships between credentials and devices, a data-science-based system can find anomalies with minimal false alarms.
Visualization and Reporting Tools: UEBA tools come equipped with visualization and reporting tools. They can visualize patterns and trends, identify hotspots of activity, and track changes over time.Additionally, UEBA tools provide detailed and actionable reporting on the detected threats. They can generate reports on various metrics, such as the number and types of threats detected, the affected assets, the response times, and more. These reports can aid in decision-making and strategic planning, helping organizations enhance their cybersecurity posture.
In parallel to deploying effective AI-driven security tools, security teams can also balance risk and reward by providing continuous training for employees so they can understand its dangers and benefits.
Organizations should exercise responsible use by establishing clear use cases for its deployment and governance frameworks to outline ethical guidelines. It’s crucial to note that AI augments the analyst experience rather than replaces the need for human expertise.
Navigating the AI-Era
As threats continue to evolve, security teams need solutions that can adapt and grow to keep pace as the threat landscape. This becomes increasingly important as AI-powered attacks continue to escalate and put critical assets at risk.
UEBA enables organizations to transform their cybersecurity approach from reactive to proactive. Its AI and ML capabilities enable security teams to easily monitor and analyze abnormal behavior, mitigate insider threats, and strengthen their security foundation as a whole.
About the Author
Key Eley is VP UKI at Exabeam. Kev Eley is Vice President UKI & Europe at Exabeam. For nearly three decades he has delivered expert insight and solutions to the IT and software industry, dedicating 15 years specifically to cybersecurity and fraud detection. He has been personally involved in over 150 security information and event management (SIEM), User and Entity Behavior Analytics (UEBA) and Security Analytics deployments, with a core focus on customer success and value realization.
Previous to Exabeam, Kev held notable positions at IBM, Microsoft, TrapX Security and Egress Software Technologies. He possesses a keen interest in all aspects of cyber and its impact on business and society and has worked across a wide variety of sectors, including financial services, utilities, the public sector and more.
