For years, we’ve debated the advantages of artificial intelligence (AI) for society, nevertheless it wasn’t until now that folks can finally see its day by day impact. But why now? What modified that’s made AI in 2023 substantially more impactful than before?

First, consumer exposure to emerging AI innovations has elevated the topic, increasing acceptance. From songwriting and composing images in ways previously only imagined to writing college-level papers, generative AI has made its way into our on a regular basis lives. Second, we’ve also reached a tipping point within the maturity curve for AI innovations within the enterprise—and within the cybersecurity industry, this advancement can’t come fast enough.

Together, the consumerization of AI and advancement of AI use-cases for security are creating the extent of trust and efficacy needed for AI to begin making a real-world impact in security operation centers (SOCs). Digging further into this evolution, let’s take a better have a look at how AI-driven technologies are making their way into the hands of cybersecurity analysts today.

Driving cybersecurity with speed and precision through AI

After years of trial and refinement with real-world users, coupled with ongoing advancement of the AI models themselves, AI-driven cybersecurity capabilities are not any longer just buzzwords for early adopters, or easy pattern- and rule-based capabilities. Data has exploded, as have signals and meaningful insights. The algorithms have matured and may higher contextualize all the data they’re ingesting—from diverse use cases to unbiased, raw data. The promise that we’ve been waiting for AI to deliver on all these years is manifesting.

For cybersecurity teams, this translates into the flexibility to drive game-changing speed and accuracy of their defenses—and maybe, finally, gain an edge of their face-off with cybercriminals. Cybersecurity is an industry that’s inherently depending on speed and precision to be effective, each intrinsic characteristics of AI. Security teams have to know exactly where to look and what to search for. They rely upon the flexibility to maneuver fast and act swiftly. Nonetheless, speed and precision aren’t guaranteed in cybersecurity, primarily as a consequence of two challenges plaguing the industry: a skills shortage and an explosion of information as a consequence of infrastructure complexity.  

The truth is that a finite number of individuals in cybersecurity today tackle infinite cyber threats. In accordance with an IBM study, defenders are outnumbered—68% of responders to cybersecurity incidents say it’s common to answer multiple incidents at the identical time. There’s also more data flowing through an enterprise than ever before—and that enterprise is increasingly complex. Edge computing, web of things, and distant needs are transforming modern business architectures, creating mazes with significant blind spots for security teams. And if these teams can’t “see,” then they’ll’t be precise of their security actions.

Today’s matured AI capabilities may also help address these obstacles. But to be effective, AI must elicit trust—making it paramount that we surround it with guardrails that ensure reliable security outcomes. For instance, if you drive speed for the sake of speed, the result’s uncontrolled speed, resulting in chaos. But when AI is trusted (i.e., the info we train the models with is freed from bias and the AI models are transparent, freed from drift, and explainable) it might probably drive reliable speed. And when it’s coupled with automation, it might probably improve our defense posture significantly—routinely taking motion across your entire incident detection, investigation, and response lifecycle, without counting on human intervention.

Cybersecurity teams’ ‘right-hand man’

Certainly one of the common and mature use-cases in cybersecurity today is threat detection, with AI bringing in additional context from across large and disparate datasets or detecting anomalies in behavioral patterns of users. Let’s have a look at an example:

Imagine that an worker mistakenly clicks on a phishing email, triggering a malicious download onto their system that permits a threat actor to maneuver laterally across the victim environment and operate in stealth. That threat actor tries to avoid all the safety tools that the environment has in place while they give the impression of being for monetizable weaknesses. For instance, they is perhaps trying to find compromised passwords or open protocols to use and deploy ransomware, allowing them to seize critical systems as leverage against the business.

Now let’s put AI on top of this prevalent scenario: The AI will notice that the behavior of the user who clicked on that email is now out of the extraordinary.  For instance, it is going to detect that the changes in user’s process, its interaction with systems it doesn’t typically interact with. Taking a look at the varied processes, signals and interactions occurring, the AI will analyze and contextualize this behavior, whereas a static security feature couldn’t.

Because threat actors can’t imitate digital behaviors as easily as they’ll mimic static features, corresponding to someone’s credentials, the behavioral edge that AI and automation give defenders makes these security capabilities all of the more powerful.

Now imagine this instance multiplied by 100. Or a thousand. Or tens and a whole lot of 1000’s. Because that’s roughly the variety of potential threats that a given enterprise faces in a single day. Once you compare these numbers to the 3-to-5-person team running SOCs today on average, the chances are naturally in favor of the attacker. But with AI capabilities supporting SOC teams through risk-driven prioritization, these teams can now deal with the true threats amongst the noise. Add to that, AI may also help them speed up their investigation and response—for instance, routinely mining data across systems for other evidence related to the incident or providing automated workflows for response actions.

IBM is bringing AI capabilities corresponding to these natively into its threat detection and response technologies through the QRadar Suite. One factor making this a game changer is that these key AI capabilities at the moment are brought together through a unified analyst experience that cuts across all core SOC technologies, making them easier to make use of across your entire incident lifecycle. As well as, these AI capabilities have been refined to the purpose where they could be trusted and routinely acted upon via orchestrated response, without human intervention. For instance, IBM’s managed security services team used these AI capabilities to automate 70% of alert closures and speed up their threat management timeline by greater than 50% inside the first yr of use.

The mixture of AI and automation unlocks tangible advantages for speed and efficiency, that are desperately needed in today’s SOCs. After years of being put to the test, and with their maturity now at hand, AI innovations can optimize defenders’ use of time—through precision and accelerated motion. The more AI is leveraged across security, the faster it is going to drive security teams’ ability to perform and the cybersecurity industry’s resilience and readiness to adapt to whatever lies ahead.