Skip to main content

The global arms race has gone digital. Yes, I know! That comment is fifteen years too late. But with cyberattacks becoming ever more frequent and intricate as actors hone their craft, modern cyber defence methods need a bit of review. 

You’d have to be naïve to think the hacker community, if they haven’t already, aren’t trying to figure out how to use AI in their attacks. Naturally enough, any number of vendors are attempting to integrate AI into their cyber defence software to counter those attacks. Bit of a no-brainer, right? 

Put aside for a moment the vast amounts of planet-warming, electricity-sucking processing power AI consumes and look at the role it can play. Where previously, you relied on the nous and experience of your expensive Security Operations Centre (SOC) team, AI’s ability to process copious amounts of data and identify patterns makes it inherently suitable as a cyber security defence mechanism. If you can log it, AI can crunch it. The more, the better. Imagine replacing half your SOC with an alert-fatigue free AI constantly analysing data.

We’ve had anomaly detection software for what, about 30 years? The first intrusion detection systems started appearing around the mid to early 90s. They required extensive training to baseline and then still operated within a narrow window of pre-defined rules, mostly defined by a human. AI, on the other hand, whilst still needing to learn a baseline, can continue to learn and even adapt, over time, to its environment and inputs to produce a better outcome faster. Not only that, but AI’s ability to learn and adapt also means that it may eventually be capable of possibly identifying subtle patterns outside of previously configured norms that might otherwise escape human attention.

Even better, AI’s ability to adapt means it might be capable of learning to analyse past patterns to predict future attempts. Imagine your AI analysing malware signatures and predicting variants by analysing common malware behaviour. Does this mean the anti-virus companies are in trouble?

Hackers constantly evolve their tactics. They adapt their use of social engineering, spear phishing, etc., to motivate their human targets. They deploy zero-day exploits to bypass automated defences. AI might pick these up, it might not.  More than likely, it’ll struggle with these nuanced attacks that either rely on human manipulation or exploit unknown vulnerabilities in code. A human analyst, however, with experience in these tactics can identify the social cues and red flags that AI might miss. 

AI excels at churning through data and identifying patterns. But security isn’t just about identifying patterns; it’s about understanding context and intent and prioritising the response. Anomalies can also be triggered by legitimate activities, and discerning the difference probably needs a judgment call. A skilled analyst can investigate the context and determine if the anomaly is genuinely malicious or a harmless blip.

Solid cyber security is like a complex symphony of tools—firewalls, intrusion detection systems, endpoint protection, and anti-virus—all playing from the same sheet music to create a comprehensive defence-in-depth. What might happen if we entrusted the entire operation and control of this orchestra solely to AI and it got it wrong? 

An over-reliance on digital technology for coordination and/or planning leaves the reliant exposed to ‘adjacent’ attacks. Militaries are experts at threat recognition and mitigation. War games aren’t just for fun. For example, the US, UK, and Australian navies now ensure that if their GPS systems go down, get taken out, or get it wrong, their sailors are not only trained on all their digital navigation systems but also in the use of sextants. Good old 260-year-old mechanical technology that requires knowledge to operate.

The human condition basically means we’re hard-wired to progress. But human beings are inherently lazy. So, with each new technological advance, we abdicate a little more control over our environment. And on a scale of HAL 9000 to your new robo vac, Johnny 5 is definitely alive. But AI still has a way to go when it comes to truly advanced threat mitigation. By leveraging AI, companies can absolutely enhance their defensive strategies, detect anomalies in real time, and identify potential threats with speed and precision.

However, at the end of the attack chain, human knowledge and understanding are still the only substitutes. 

Related blogs

Is XDR really better than SIEM?
Cyber: Where pawns and firewalls collide
How recon reduced cyber insurance premiums with good attack surface management