Cybersecurity tools used in data centers are getting smarter as vendors roll out more machine learning capabilities. It can help with everything from identifying new types of malware to flagging malicious behavior.
Training machine learning models does require large amounts of data to make accurate predictions, but this isn't a problem in cybersecurity, where security teams are burdened by the problem of too much data – too many security alerts, too many anomalies, too many potential problems – rather than too little.
"The real problem is how to correctly use, interpret, and make the right conclusions from it,” Nick Bilogorskiy, cybersecurity strategist at Juniper Networks, said. “As it stands today, this is something we still very much need a human subject matter expert to do.”
The new tools do put a lot more power into the hands of individual security professionals. According to Jerry Gamblin, principal security engineer at Kenna Security, the number of assets any security team is responsible for has increased exponentially. Last year, for example, an average of 40 new vulnerabilities were discovered every day, he said.
"While less than 2 percent of these vulnerabilities see attacks in the wild, each one can take hours to identify, analyze, and then patch using traditional methods and tools," Gamblin said. "Combined with increasing admin-to-server ratios – that can range from hundreds to thousands of servers per admin – there are simply too many threats for any team to handle manually."
With the new tools, security teams can analyze millions of threats in real time, he said, and rank them based on hundreds of factors to understand their true risk level. "This enables security teams to make quicker decisions and focus on the threats that pose a real danger to their organization," he said.
Automating Routine Tasks
Data centers also have an increasing amount of automation available in the cybersecurity tools that they use, also frequently powered by AI and machine learning.
According to a survey conducted last fall by the Enterprise Security Group, automation of security analytics and operations is a priority for two thirds of organizations, and 39 percent have already deployed machine learning technologies to help address their cybersecurity needs.
For example, if a critical breach is detected, automated playbooks can immediately spin down compromised assets and block malicious traffic, before the attackers are able to spread farther into the data center.
"But this isn't a game changer by itself," Dave Klein, senior director for engineering and architecture at GuardiCore, said. "I'd be wary of solutions that say they have AI that needs no human interaction."
Instead, automation helps with triage, dealing with the most frequent and routine types of threats. Then, based on severity and impact, some threats would be escalated to security team members if needed, said Liviu Arsene, senior e-threat analyst at Bitdefender.
"The constantly evolving threat landscape means it’s paramount that IT and security teams focus only on sophisticated, advanced threats," he said.
More Training Is Needed
Security teams will have to get smarter. Not only will they be handling the more difficult jobs, while automation takes case of the routine tasks, but they will also need to be able to manage the AI-powered technologies coming into their sphere.
That's a challenge, given the talent shortage in the cybersecurity industry. Fortunately, AI has a role to play here as well.
Various AI-related technologies, including natural language processing, automated agents, and machine learning, are starting to come together to make security tools easier to use. New employees can get suggestions for what to do next based on the previous experience of other security professionals on the team, for example.
And chatbots – today most commonly used in e-commerce settings – are slowly making their way to other areas, providing a more natural way to interact with systems, get answers to questions, and get just-in-time learning.
Over time, as these tools keep getting smarter, the role of security professionals will evolve dramatically. Today, they have to understand the technology they use and be able to analyze the details of a security incident. Tomorrow, as the tools get more powerful, security pros will need to have a better understanding of context – the motivations of the attackers, the behaviors of their users, and the business requirements of their companies.