September 19, 2019

A roadmap to reduce security analyst fatigue in security operations centres

By Geert van der Linden

Cyberattacks can wreak havoc on businesses. A successful cyberattack not only leads to financial loss but can ruin a company’s reputation and damage customer loyalty. For these reasons, organisations today are under increasing pressure to ramp up and improve their cybersecurity. But this is no easy task. The number of end-user devices, networks, and user interfaces are growing as a result of advances in cloud, Internet of Things (IoT), 5G and conversational interfaces.

With the number of potential attack surfaces ever-increasing, cyber analysts are finding it more and more difficult to effectively monitor current levels of data volume, velocity and variety. In fact, recent Capgemini research found that over half (56%) of senior executives think their cybersecurity analysts are overwhelmed by the unparalleled volume of data points they need to monitor to detect and prevent cyberattacks.

To help reduce security analyst fatigue, organisations are turning to artificial intelligence (AI). While many businesses have already deployed some form of AI for a multitude of applications to increase productivity, improve sales and enhance experiences, utilising AI for cybersecurity is an often-overlooked application of the technology. 

This is somewhat ironic given hackers are using AI very effectively. For example, AI algorithms are more successful at sending ‘spear phishing’ tweets (personalised tweets sent to targeted users to trick them into sharing sensitive information). AI can send the tweets six times faster than a human and with twice the success.

With the enlargement of attack surfaces and the heightened sophistication of attacks, AI in cybersecurity is well-placed to be a valuable weapon to thwart cyberattacks. Below, is a three-step plan to help organisations implement AI into their cybersecurity program:

Identify data sources and create data platforms to operationalise AI

For AI implementation to be successful, CIOs must create and continuously enhance integrated data platforms with first use-case environments for AI. To do this, they need to connect data sources to platforms to provide inputs for AI algorithms. AI needs huge quantities of data to learn, and thus requires high quality and dynamic data inputs.

Yet, this step is proving difficult for organisations that lack the necessary AI-supportive infrastructure and data systems. Existing security software and database prevention cannot spot potential threats in real-time and do not meet the needs of the complex and diverse cyber-threat landscape. Therefore, it is imperative for businesses to master this step first and foremost.

Collaborate externally to enhance threat intelligence

Organisations should then collaborate with external security professionals that are aware of the latest malware affecting the cybersecurity landscape. These qualified AI engineers and data scientists will provide information on how to improve and update their AI algorithms to detect and solve the latest threats.

Not doing so provides companies with an even greater risk: an AI model incapable of retraining itself to capture additional data sources and insights, which will consequently fail to extend present human capabilities.

SOAR to improve security management

Next, organisations must deploy security orchestration, automation and response (SOAR ) processes to allow incident analysis to be performed to test the AI solution. SOAR is a prerequisite to ensure optimal output from AI in cybersecurity, but our research reveals that only 36% of organizations have deployed it to date. Failing to deploy SOAR poses a disadvantage to businesses, as they skip security management – a vital final step.

To successfully follow the above steps, organizations must also tackle current cybersecurity skills and talent gaps. There is a shortage of three million experts and data scientists globally. Our survey data showed that 69% of respondents struggle to source qualified experts who can build, optimize and train AI algorithms to detect threats efficiently. Therefore, for implementation to be successful, organizations need to invest in upskilling employees to be AI competent. 

Ultimately, when used in conjunction with traditional methods, AI can significantly bolster an organization’s cybersecurity and reduce the likelihood of a successful cyberattack. Security departments should identify where deploying AI in cybersecurity can bring the most value, prioritize and then establish appropriate goals ideally in the form of a roadmap that addresses infrastructure, data systems, applications landscapes, skill gaps, best practices, governance, and use case selection and implementation. Taking these actions will enable organizations to avoid unnecessary losses and ensure they get the most out of their investment in AI.


Read more: Watch: How IBM’s hyper-realistic Cyber Tactical Operations Center is simulating cyberattacks


Verdict deals analysis methodology

This analysis considers only announced and completed deals from the GlobalData financial deals database and excludes all terminated and rumoured deals. Country and industry are defined according to the headquarters and dominant industry of the target firm. The term ‘acquisition’ refers to both completed deals and those in the bidding stage.

GlobalData tracks real-time data concerning all merger and acquisition, private equity/venture capital and asset transaction activity around the world from thousands of company websites and other reliable sources.

More in-depth reports and analysis on all reported deals are available for subscribers to GlobalData’s deals database.

Topics in this article: