Amid the ongoing shortage in the cyber workforce, innovative strategies are essential to make the most of existing talent and achieve cybersecurity goals. One particularly promising way of doing so involves combining “intelligent” technologies with cybersecurity experts. By using technologies to support rather than replace humans – Iron Man, not Terminator – tackling the diverse challenges faced by the industry becomes achievable. Let's dive into this cape-less superhero analogy in this article.
Who is our cybersecurity Tony Stark here?
First things first: who wears this high-tech armour in our everyday cyber lives? Who is our Tony Stark in this metaphor? A human whose job it is to defend his or her organisation on a daily basis against ever-increasing and more sophisticated attacks: THE cyber-analyst. The comparison doesn't take into account the questionable character of Tony Stark, who is certainly very bright and intelligent, but a little immature and arrogant :-). Let's leave it at that!
Before getting into the debate of how to increase the capabilities of cyber analysts, a quick reminder of what they do on a daily basis. When you think of cybersecurity, you might picture a few different things. If you’ve seen some action movies, you’re likely thinking of someone sitting in a dark room full of bright screens, wearing a headset, and stopping hackers in their tracks. Even if we like headphones and hoodies, we're far from these clichés. A cybersecurity analyst's role goes far beyond merely sitting at a computer and sending emails to employees to test their responses. It encompasses activities like monitoring, investigating, implementing security measures. These elements are essential for safeguarding data and sensitive information.
A cognitive technologies-driven Jarvis system
In Iron Man, Tony Stark uses his AI Jarvis to plan everything from defeating Asgardian warlords to movie reservations. Jarvis, in the sense of security, is more a combination of organisational and external technological tools that create protection around your organisation.
Let’s not talk only about artificial intelligence - hot topic indeed! - let's take a broader view and talk about cognitive technologies here. Cognitive technologies refers to the “systems that learn at scale, reason with purpose, and interact with humans naturally” (IBM definition). It includes technologies such as artificial intelligence, but not only ... it also includes text and speech processing, automation and robotics, and machine learning.
Giving cyber analysts back their cybersecurity analysis superpowers. Imagine cyber analysts spending their valuable time on tasks that truly require their problem-solving skills, rather than being bogged down by routine activities. Consider the false positives that clutter their days – automated systems could easily manage these alerts, notifying human experts only for necessary investigations. The benefits extend to tasks like compliance reporting, security checklists, and network administration, which could all be streamlined through automation, ultimately saving time and resources.
Gaining a “super” vision of data. One big advantage of cognitive technologies goes beyond just automating simple tasks. It's about looking at huge amounts of data to find patterns that people might miss. The amount of activity and alerts that occur in networks is simply too vast and complex for detailed human examination. But using smart analysis and machine learning helps cyber experts find problems faster or even stop them from happening. This pairing of data insights with skilled analysts is an especially potent combination that can significantly enhance the reach of cyber analysts’ actions.
Making sure your armour isn't too heavy! All these technologies often translate into as many tools for the analyst to master (at least for the moment, as the growing platform approach reduces this effect). Several studies point out that teams add tools faster than they can use them effectively. And, ironically, the burden of maintaining tools compromises threat response and, ultimately, security postures… By using intelligent technologies, cybersecurity experts can enhance their capabilities beyond what they could do on their own. Thanks to these tools, they can be more precise and faster at solving problems. But never forget that the human being remains at the centre. After all, Tony Stark wasn't a superhero until he put on the suit. As Tony would say to Peter Parker, "If you're nothing without that suit, then you shouldn't have it".
We believe in the synergy between machine learning and human intelligence
Our focus is on Machine Learning's role in assisting and expediting human efforts, not replacing them. Our strategy involves learning from analyst decisions to provide context-rich recommendations, enabling quicker comprehension and decision-making. We're creating technology that learns from successes, accelerating the training of newcomers and optimising detection. Our technology also identifies automatable tasks, freeing up individuals to concentrate on their core skills and optimal choices.
Consider these examples. In threat hunting investigations, pinpointing starting points and avoiding blind spots can be challenging. Our copilot advises analysts on data exploration at each investigation stage, streamlining cyber investigations. While the MITRE ATT&CK framework excellently outlines complete attacks, analysts might struggle to match specific techniques or tactics to points of interest. Our Machine Learning-based copilot steps in, suggesting relevant techniques based on investigation progress. This lets analysts focus on spotting anomalies and accelerates standardised classifications.
Our developments in machine learning are ongoing, and our co-pilot learns from platform users on a daily basis, all with the aim of simplifying and speeding up cyber threat investigations! Our co-pilot is the Jarvis of cyber analysts? In any case, we're working on it every day! And in the meantime you can try it out for free and let us know what you think!