Sponsored by:
Produced by:
Manjesh Kumar
CHIEF SECURITY ARCHITECT
How have changing work habits impacted cybersecurity professionals?
Advances in technology are making life easier for employees more than ever before. They can access information and do their work from anywhere. But with this new interconnected way of working pose a greater risk to the business. So for cybersecurity professionals, it has become vital to understand how your state, processes and services are exposed to threat vectors, the capabilities of potential cyber-attackers and the scenarios that might trigger a cyber-attack.
To minimise the risk of cyberattacks, the first thing to do is to deploy automation in the cyber detection process to identify potential threats almost immediately. AI and machine-led is there to augment the human brain with an ability to handle huge amounts of data efficiently and accurately and filter the relevant information from the noise. This can help SOC analysts to focus on more relevant stuff rather than being lost when the system is flagging an uncontrollable number of false positives and warnings. With the right amount of supervised learning, AI is a powerful partner in cutting through the noise and focusing on the relevant data. This helps identify threats far quicker than before and minimises the damage to the business.
It has become vital to understand how your state, processes and services are exposed to threat vectors, the capabilities of potential cyber-attackers and the scenarios that might trigger a cyber-attack.
There should be a human check as a part of the process to validate and authorise before execution in an operational environment. They can ensure the process has run as expected before permitting the orchestration to finish the operation. This human involvement also reduces the risk of data poisoning, a common symptom of fully machine-run processes.
What opportunities and risks do automation and orchestration present in cybersecurity?
Automation and orchestration is a hot topic in cybersecurity right now. There’s no denying that orchestration can help employees save time by automating known frequent tasks or series of tasks. Successful automation and orchestration are tightly defined and have a clear set of tasks that make up the workflow. But if a malicious actor/group knows how your automation and orchestration model works, they can get into your automation and orchestration engine, potentially causing considerable damage without being noticed. Machine-led threat detection and prevention is not mature enough yet. So, to minimise this threat, which is particularly important in Critical National Infrastructure sectors, there should be a human check as a part of the process to validate and authorise before execution in an operational environment. They can ensure the process has run as expected before permitting the orchestration to finish the operation. This human involvement also reduces the risk of data poisoning, a common symptom of fully machine-run processes.
Is AI essential for modern cybersecurity?
With available tools and modern technologies, adversaries can launch high-speed and high-impact attacks, which are almost impossible to detect and deal with in time if the business has an overreliance on manual processes and pre-built use case scenarios. But the danger with AI is that a lot of people think that they can set it up once and never have to worry about it again. This couldn’t be further from the truth. AI is only as good as the training and learning that it is fed as a baseline for anomaly detection. Suppose the AI has been able to learn from robust training and is adaptive enough to evolve into future pattern building. In that case, it is far more likely to detect cyberattacks successfully. Alongside your training system, you should also have a fallback validation and verification process behind the scenes to ensure AI behaves the way it should be.
AI is only as good as the training and learning that it is fed as a baseline for anomaly detection.
Manjesh Kumar is an Executive level Technologist with over 20 years IT experience. He operates at the strategic level, whilst keeping track of the technical details. Manjesh is dedicated, thorough and understands the key business drivers, whilst providing innovative technical solutions. Manjesh has worked across a variety of programme and leading organisations in UK and overseas, across a number of industry sectors such as Insurance Services, Education, Public Sector, most recently specialising in UK Government - Defence and Security.