Reducing complexity is a never-ending task. As outlined in one of our previous blogs, just the design of particular cybersecurity solutions with some practical functions can go a long way toward increasing in-house security potential.
Vendors also understand now that it is intelligence, as much as anything else, that can tip the scales in the favour of security defenders, especially as a means to empower both threat intelligence and detection and response solutions. However, processing actionable data, be it detection or threat intelligence, takes considerable effort and manpower, or are the tides turning in the experts’ favour?
Gaining the advantage
Two major approaches are visible at present: automation (ML/AI-driven) and outsourcing (with cybersecurity services such as managed detection and response). While neither approach presents a security net capable of protecting a business 100% of the time, there is something to be said for the efficiency and productivity gains involved, especially when seeing how both approaches positively address requisite complexity, reducing the burden on security admins.
In a way, both possibilities present a degree of automation, as with more complex modern software, one cannot exist without it, this is especially true of multi-layered security software – under the hood, most protective algorithms are, one way or another, powered by some form of machine learning.
Lately, many vendors have injected a new feature into their security solutions - AI chatbots that act as assistants to exponentially more cybersecurity-challenged IT admins. These generative AI chatbots aim to increase the organisation’s efficiency by arming security analysts with an AI engine that can help identify, analyse, and mitigate threats using conversational prompts and interactive dialogue, taking those machine learning capabilities into a different dimension.
For example, a security engineer, with the help of a chatbot, could more easily summarise information that is pertinent to their setup. On the XDR side, a chatbot could highlight the most important detections and incidents while providing additional context around the techniques used, while a Threat Intelligence-injected assistant could empower the engineer with logically summarised intelligence background to further broaden their knowledge around the specific threats that might target their protected environment.
Even though this all is technically doable by individual admins, imagine the productivity gains by not having to rely on dedicated resources and brain power, potentially transitioning it away to enhanced response capabilities, shortening the time it takes to react to incidents, gaining an important advantage over threat actors, limiting their time to do wrong.
Advisors needed
An AI assistant can transform the way security engineers look at their jobs as novices will be able to learn from data-driven insights, while seniors can focus on more important tasks, all the while lowering the chances of missing important detections/data.
Overworked admins can miss notifications, and in some cases, company resources can be stretched so thin that even with an XDR tool, there might not be enough capacity to deal with all detections.
Some tools can help amend these problems. For example, the ESET AI Advisor enables admins with interactive risk identification, analysis, and response capabilities that are all guaranteed in an easily understandable format. Without missing a beat, an admin or an engineer has additional resources at hand.
Often the problem with comprehensive security solutions is that while they can detect and analyse malware threats, contextualisation is often left to security engineers. Searching for the techniques used on MITRE and exploring an incident’s whole process – while very educative, can be enhanced and made easier by using more automated solutions, streamlining the whole process.
Even Threat Intelligence feeds can gain from this. An admin could simply ask the AI assistant to describe the threats their specific environment can face, and thanks to all the collected data, the assistants can shortly summarise the most relevant threats.
So, whether there are questions about cybersecurity best practices, needed guidance on configuring security settings, or a requirement for immediate assistance with a potential security incident, assistants like the ESET AI Advisor can pave the way for more efficient security. It is a round-the-clock digital advisor, tirelessly providing personalised security insights tailored to one’s specific needs and concerns, automatically adjusting itself to the environment it is supposed to monitor (based on its connection to both in-house and ESET telemetry), while simultaneously working in tandem with ESET cybersecurity solutions. The effect of this is set to revolutionise the way one interacts with their security software.
AI here to stay?
From what we can see in the world these days, AI is here to stay. Threat actors will keep using it to make malware development and campaigning easier, so why not take advantage and use it proactively for defensive purposes?
Cybersecurity has often been described as a cat-and-mouse game – and the better equipped the cat is with various tools at his disposal, the more likely he is to catch that pesky mouse. Defenders have to keep ahead of the attackers to have a chance at stopping them, and using AI-supported solutions to increase the efficiency of their work is one way to achieve exactly that.
To view the ESET Threat Intelligence Portal and assembled integrations that benefit from the ESET AI Advisor, click here.
To view ESET’s EDR/XDR and MDR Solutions, which benefit from their own unique ESET AI Advisor, click here.
For further information on how ESET solutions offer intelligence and protect against insidious threats such as UEFI boot kits, read here.