In the article, 5 priorities for digital leaders in 2024, Kimy Bettinger who leads the Leading emerging tech & tech policy initiatives at the World Economic Forum (WEF), writes that in 2024 businesses are focused on cutting costs and streamlining operations.
“They're shifting from testing the waters with artificial intelligence (AI) to widespread implementation to help them achieve these goals, potentially bringing big changes in how companies are structured and how they interact with customers,” she continued.
But even as technology, risk and security leaders, see the inevitable embedding of AI into processes and workflows, they also recognise the risks that come with the technology across many areas not the least of which is security.
“Security operations” mean different things to different people. For some it is about security monitoring, for others, it goes beyond detection of threats to remediation and vulnerability management. The WEF Global Cybersecurity Outlook 2024 reveals that few organisations are sufficiently robust enough to call themselves cyber-resilient confidently.
In recent years, the accelerated digitalisation of businesses and operations has raised the importance of security. At the same time, there is greater scrutiny being placed on where investments are going, and accountability for the dollars spent.
One of the outcomes is a renewed interest in efficiency.
Challenges around SecOps efficiency
LogRhythm’s head of solutions engineering for APJ, Leonardo Hutabarat, points out the security landscape is increasing in complexity. “Organisations are adding interconnected applications and services to their technology stacks, resulting in an expanded threat surface area, making threat monitoring and prevention more challenging than ever,” he continued.
For Adnovum managing director, David Chan, the roadblocks impacting the smooth operation of SecOps include retention challenges of top talent, the volume of meaningless alerts that analysts struggle to sift through, fragmented data across disparate tools creating blind spots in our security visibility and repetitive manual tasks that drain valuable resources and leave room for human error.
Improving SecOps efficiency with AI
“One major challenge to SecOps efficiency is the ability to effectively deal with the load of incoming issues taking into account the combination of scarce security talent together with the increase in volume of threats (due to automation among others) and sophistication of attacks (also due to AI),” said Gilad Elyashar, chief product officer for Aqua Security.
He posits that AI can help address the above top-level issues. “I believe in some cases AI would help manual or simple part (writing fix, understanding context, creating relevant policies) thus empowering the security professional to do much more and help scale with the increasing number of threats,” he continued.
Chan believes that machine learning (ML) offers a transformative opportunity to revolutionise SecOps. Aside from being able to identify subtle anomalies and patterns that might be missed by humans, ML can prioritise threats based on severity and context, enabling analysts to optimise their response efforts and minimise damage.
Important considerations
Elyashar suggested that organisations should ensure they leverage the new platform’s strengths while acknowledging its current limitations. They should also experiment and extend usage where effective.
For Hutabarat, businesses need to consider the purpose of the AI, the type of data modelling to use, and the type of data injected into the AI tools. “Taking these factors into consideration can help businesses make informed decisions that align with their security objectives, and leverage AI fully to safeguard their data and systems,” he opined.
Chan recommends organisations meticulously consider three crucial aspects starting with ensuring that AI is aligned with the overarching security strategy, and ensuring chosen solutions complement and enhance our existing security posture.
“They need to invest in data quality and accessibility. This ensures their training data is well-structured, complete, and unbiased for optimal AI performance and reliable decision-making,” he added. “Finally, they should only integrate AI tools from reputable vendors with a proven track record of robust security practices and ongoing maintenance.”
Safely integrating AI into SecOps
“It starts with setting clear objectives, identifying where and when AI can be integrated into SecOps to achieve those objectives,” suggested Hutabarat. “Organisations should also ensure that there are strict security and privacy standards in place when deploying and using AI systems in SecOps including the use of large language models.”
Chan suggests piloting AI for targeted tasks before wider implementation, allowing organisations to learn and adapt, minimising risk and ensuring successful integration.
“Organisations should prioritise transparent AI models that provide clear explanations for their decisions,” he continued. “This ensures human oversight and control remain central to the process. Finally, we believe in continuous learning and improvement.”
In conclusion
Elyashar says the world of AI attack vectors and AI security is still pretty nascent, but we are seeing security vendors from the AppSec and Cloud security segments trying to address that threat vector as well as publications of OWASP top 10 attack vectors for LLM-AI apps.
“We believe that securing an AI app, like any app, requires protecting the AI-related aspects of the app across the application lifecycle from code, posture and runtime,” he concluded.
While predicting that AI will be a game-changer for SecOps, the key to improving SecOps efficiency and effectiveness, Hutabarat cautions that to capture the full value of AI for SecOps, security teams will need to be trained to use these AI solutions effectively.
“They will also need a strong understanding of the different AI models, their capabilities and limitations, as well as the ability to critically validate outputs from AI, and identify potential errors or biases,” he added.
Chan warns that AI comes with its complexities. It also represents a significant shift for SecOps. “By leveraging AI's capabilities for automation, intelligent threat detection, and data-driven decision-making, alongside SOC insights for holistic visibility, we can elevate SecOps efficiency and effectiveness to unprecedented levels,” he continued.
“This empowers security teams to focus on strategic initiatives and proactively safeguard the organisation from the ever-evolving threat landscape. By combining AI and SOC insights, we are not just addressing current SecOps hurdles – we are transforming SecOps for a more secure and efficient future,” concluded Chan.