Enhancing Cybersecurity with Data Analytics
The explosion of data and the emergence of new technologies has created immense opportunities for governments, businesses, and citizens alike. Data, and more importantly its use, has propelled the advancement of the digital economy and enabled the development of data-led capabilities and processes such as data analytics.
In its simplest form, data analytics is the process of examining data sets in order to identify trends and draw conclusions about the information they contain. It is used by organisations to optimise decision making, speed up service delivery and boost business performance. Cybersecurity companies employ it to analyse huge datasets to gather insights on incoming threats and to develop defences against them.
Artificial Intelligence (AI) and Machine Learning (ML) build on the capabilities derived by data analytics to conduct more in-depth analysis of the data in question and deliver better, more targeted insights. In a cybersecurity context, this is extremely useful. AI and ML can consume billions of artifacts of data, and can identify the relationship between different cyber threats (e.g. malicious emails or suspicious IP addresses) at a significantly faster rate than human analysts. AI and ML can also learn from the intelligence they glean from cyber threats to improve detections in the future as they can identify and understand abnormalities in traffic or network behaviour that would otherwise go undetected.
This is an improvement over traditional approaches to cybersecurity, which relied on signature-based detections to identify and block known threats. The challenge with a signature-based approach is that there are so many attacks that neither signatures nor human experts can respond in an effective manner to all of the threats. This is why leading cybersecurity companies use AI/ML to detect these threats and use data analytics to assimilate the massive data to create better AI/ML systems.
There are numerous cyber security capabilities that use AI and automation. One important example is security orchestration, automation, and response (SOAR). SOAR tools help security operations centre (SOC) teams to standardise, manage, and automate processes and these tools are used in security operations, cloud security orchestration, vulnerability management, threat hunting, and more. In this context, automation is ideally seen as human-enhancement through tooling rather than human-replacement. SOAR fosters a comprehensive understanding of incidents by security teams, resulting in faster and improved responses. It uses AI and data analytics to learn from each incident - providing security teams with guidance based on past incidents and classifying incoming events automatically, contextualising recommendations, and thereby providing enhanced protections.
SOAR is just one example of the importance to cybersecurity of data analytics, AI, and ML. What these technological advancements have shown is that security teams alone cannot tackle the growing cybersecurity threat landscape - analysing and mitigating the threats are not a human-scale challenge anymore. Data analytics and AI based capabilities will help to automate mitigations to enable security teams to focus on what’s truly important.
Author:
Carla Baker, Senior Director, Government Affairs UK&I at Palo Alto Networks