In an environment of ever-growing cyber threats, especially from ransomware, artificial intelligence (AI) and machine learning (ML) are playing an increasingly important role in cyber security – including in security operations centers (SOC). However, their effectiveness is not fully guaranteed without human expertise. In this blog post, we will show you both the opportunities and limitations as well as the risks that arise from AI and ML.
Although many companies acknowledge the seriousness of the situation and are increasingly investing in cyber security measures, the number of cyber attacks is constantly rising. Ransomware is a particularly insidious and common form of attack. One worrying development is the emergence of business models such as Ransomware-as-a-Service, where cyber criminals rent or sell ransomware infrastructures and tools to third parties to make it easier for them to carry out attacks. Cyber attacks and cybercrime have become a highly lucrative business backed by professional organisations. This is also clear from a look at the security incidents handled by our CSIRT (Computer Security Incident Response Team): whereas a few years ago we dealt with around 40 cyber incidents per year, last year there were 260 – more than six times as many and representing an increase of 65% compared to 2022.
The benefits of artificial intelligence and machine learning in the security operations center
The consequence of increasing ransomware incidents is a growing need for incident response (IR) teams, such as ours at InfoGuard. They act as a kind of “cyber fire brigade” that digitally rushes to the scene whenever there is a fire – which is a far from rare occurrence. It is a fact that cyber attacks are next to impossible to prevent and every company will face such an attack sooner or later. The aim should therefore be to be able to detect and defend against attacks at an early stage. This usually requires round-the-clock monitoring in the form of a security operations center (SOC), which many companies find difficult to implement due to high costs, a lack of specialists or a lack of know-how.
This is where managed security service providers (MSSP), which offer corresponding services from a specialised SOC, provide valuable support. Not only do they take on time-consuming tasks, but they also have extensive experience, knowledge and tools and can thus detect attack patterns more rapidly and act proactively. But what does this have to do with artificial intelligence and machine learning?
Intelligence squared in security operations centers
A major advantage of dedicated security operations centres is that their employees are not occupied with the operational IT tasks of a company, but are only concerned with the detection, defence and analysis of potential cyber attacks – and with continuously improving their procedures and techniques. That is why SOCs like InfoGuard’s Cyber Defence Center concentrate on current technologies such as artificial intelligence and machine learning, test them down to the “bits and bytes” level and use them in their work in a targeted manner. Such tools collect extensive data from various cases, which not only optimises threat detection and assessment, but also provides recommendations for action and background information. Furthermore, reactions to attacks, such as blocking suspicious IP addresses, can be automated.
In view of the increasing cyber attacks and the shortage of skilled workers, AI and ML will be indispensable in the future. However, caution is also called for. For example, it has been shown that ML algorithms can sometimes be bypassed, as is the case with the ChatGPT language model. This is why even intelligent tools cannot fully replace people – but they can complete certain tasks much faster. Human skills such as experience, contextual understanding, intuition, monitoring and maintaining tools, and communicating and collaborating with other teams are indispensable strengths that will continue to be of great importance in the future.
Human and artificial expertise intelligently combined
Developments continue to be a cause for concern, especially in the area of ransomware. Although companies are less likely to pay ransoms thanks to professional help, cyber criminals will continue to operate their business models. For some time, InfoGuard’s CTI team has been observing that criminals are increasingly handling stolen data. This allows them to put more pressure on companies. In addition, attacks on infrastructures via OT networks are on the rise.
Darknet investigation by the threat intelligence team
Current analyses of our CSIRT on stolen access data are worrying. To ensure that your company is spared such an attack, we recommend that you take advantage of a darknet scan to search for any stolen credentials being offered for sale on darknet marketplaces. Interested? You can find more information here::
Cyber attacks pose a serious threat to both companies and society in general. Nevertheless, options to protect yourself exist, such as the support from a managed security service provider as mentioned – and these should be used. A combined approach that brings human expertise together with artificial intelligence and machine learning can help attacks to be detected even more quickly and accurately in the future and enable a swifter response.
If you would like to find out more about the latest trends, innovations and technologies in cyber security, subscribe to our blog updates now.
