Reducing the complexity of security tasks with the involvement of AI

Next story
Márk Szabó

As outlined in one of our recent XDR blogs, practical design considerations implemented in key functionalities of cybersecurity solutions can go a long way toward increasing the impact of in-house security, while also reducing the sometimes-necessary complexity of their use.

However, processing actionable data, be it detections or threat intelligence, is also complex and takes considerable capacity, manpower, and maturity. At the same time, AI is also causing a lot of commotion in the security space… Are we due for a practicality convergence? Is AI capable of augmenting cybersecurity tasks? The likelihood of such a thing is a resounding yes.

Gaining the AI advantage

Two major approaches are visible at present: automation (ML/AI-driven) and outsourcing (with cybersecurity services such as managed detection and response). While neither approach presents a security net capable of protecting a business 100% of the time, there is something to be said for the efficiency and productivity gains involved, especially when seeing how both approaches positively address associated complexity, reducing the burden on security operators.

In a manner of speaking, both possibilities present varying degrees of automation, as modern comprehensive software cannot exist without it; this is especially true of comprehensive multi-layered security software – under the hood, most protective algorithms are, one way or another, powered by some form of machine learning.

More recently, vendors have injected a new functionality into their security solutions – AI chatbots that act as assistants to exponentially more capacity-challenged security analysts. These generative AI chatbots aim to increase the organization’s efficiency by arming security analysts with an AI engine that can help identify, analyze, and mitigate threats using conversational prompts and interactive dialogue, taking those machine learning capabilities into a different dimension in the form of artificial intelligence.

For example, a security engineer, with the help of a chatbot, could more easily summarize information that is pertinent to their security environment. On the XDR side, a chatbot could provide additional context around the tactics, techniques, and procedures used by adversaries, giving opportunities to ask important questions such as what happened, what can be done (with a detection), how can such an incident be prevented in the future, and whether the current preventive measures are good enough, among other relevant queries.

At the same time, an assistant injected into a threat intelligence platform could empower an engineer with logically summarized background intelligence, further broadening their knowledge around the specific threats that might target their environment, simultaneously improving their understanding of latest developments in cyber threats and how to be proactive or even predictive.

Even though this all is technically doable by individual security analysts without the assist, imagine the productivity gains enabled by not having to rely on additional dedicated human resources and brain power. On offer is the potential to preserve human capacity to carry out enhanced response capabilities, shortening the time it takes to react to incidents and gaining an important advantage over threat actors and limiting their time to do wrong.

Advisors needed

An AI assistant can transform the way security admins, operators, and researchers look at their jobs, since novices will be able to learn from data-driven insights, while seniors can focus on more important tasks, all the while lowering the chances of missing important detections/data.

Overworked security operators can miss notifications, and in some cases, company resources can be stretched so thin that even with an XDR solution, there might not be enough capacity to deal with critical detections.

However, additional functionalities can help amend these problems. For example, the ESET AI Advisor enables security analysts of all skill levels to work with interactive risk identification, analysis, and response capabilities that are all provided in an easily understandable format. Without missing a beat, an admin or an engineer can have additional resources at hand.

Learn more about our XDR solution ESET Inspect here.

ESET AI Advisor in ESET Inspect can provide additional context to detections, making incident response more effective.

While the Incident Creator functionality in ESET Inspect uses its AI-native power to prioritize detections according to their severity (providing an incident map as seen in the above pictures), the ESET AI Advisor can plug itself in here to augment user understanding, providing more context and opportunities to tackle these detections. This helps security operators figure out the best possible response through telemetry-based AI logic outputs, which, as opposed to other similar assistants that might primarily work with public data, is undeniably more accurate in the quality of its responses since it operates only with its own product-fed detections and telemetry.

An example is an AI assistant that can help with specific incident data and create summaries of incidents for reporting purposes (like for compliance reasons), sidestepping the need to do certain menial tasks, further relieving administrative cybersecurity burdens. Since SOC analyst workflows can be quite complex, unburdening and letting the analysts focus on expertise-heavy activities is the perfect recipe for success.

Often the problem with comprehensive security solutions is that while they can detect and analyze complex telemetry, context is often left to security engineers. Searching for the techniques used on MITRE ATT&CK knowledge base and exploring an incident’s entire process – while very educative – can be enhanced and made easier by using more automated solutions, streamlining the whole process.

Even Threat Intelligence can gain from this. A security analyst could simply ask the ESET AI Advisor to describe the threats their specific environment can face, and thanks to all the collected data, the assistants can shortly summarize the most business-relevant points.

The ESET AI Advisor can summarize the most pertinent threat intelligence for your environment

For example, in the case of ESET Threat Intelligence, the ESET AI Advisor can answer pertinent questions thanks to the data being sourced from a variety of internal sources combined there – from both ESET APT Reports and select WeliveSecurity articles where ESET presents its top research, on to telemetry gathered from across the globe, providing precise data outputs, which the ESET AI Advisor can effectively work with, as seen on the above picture. This means that Compared to the competition, ESET can guarantee the quality of its telemetry, as it is not using publicly available sources, but in-house intelligence.

So, whether there are questions about cybersecurity best practices, needed guidance on configuring security settings, or a requirement for immediate assistance with a potential security incident, assistants like the ESET AI Advisor can pave the way for more efficient security. It is a round-the-clock digital advisor, tirelessly providing personalized security insights tailored to one’s specific needs and concerns, automatically adjusting itself to the environment it is supposed to monitor, working in tandem with ESET cybersecurity solutions.

The AI revolution has begun

From what we can see these days, AI is here to stay. Threat actors will keep using generative AI to make malware development and campaigning easier, so why not take advantage and use it proactively for defensive purposes?

Cybersecurity has often been described as a cat-and-mouse game – and the better equipped the cat is with various tools at his disposal, the more likely he is to catch that pesky mouse. Defenders have to keep ahead of the attackers to have a chance at stopping them, and using AI-supported solutions to increase the efficiency of their work is one way to achieve that.

For more information about ESET Threat Intelligence and the way its data feeds and APT Reports can be integrated and used in a prevention-first approach to security, please read our blog here.

To discover more about our XDR-enabling solution, ESET Inspect, click here. For its application against threats like ransomware, click here.

To learn more about AI at ESET click here.