AI solutions cut down response times but new challenges arise around data volume, processing power, using specific algorithms for the problem set, says Hesham Elsherif, Principal System Engineer, A10 Networks.
The same way organisations strive to enhance their defenses, attackers are constantly improving their tools, tactics, and procedures in order to break through defenses. The problem is that the cybersecurity industry and technology are largely reactive, and the cyber attacker is always one step ahead.
In order to keep up with modern attackers, security technologies need to evolve alongside them — without relying on human intervention. Artificial intelligence and machine-learning innovations are critical in defending the most vulnerable security gap.
Visibility is one of the major pain points for CISOs, as data encryption will affect the ability of security devices located within the security zone; hence malicious activities and cyber-attacks can leverage this. Another area of difficulty for CISOs is the correlation between different security devices logs, alarms and mitigations. Some attacks might be detected by one technology, which should be blocked by another technology.
Similarly, some attacks may be detected and classified as a minor threat while other technologies may see it as a major threat. Lastly, a major concern is automation detection and protection. There are many cases where an attack takes place, the installed security system raises an alarm, but no action is taken. Therefore, it is important to minimise the need for human intervention and increase visibility and correlation between different security elements.
We believe predictive analytics, which discovers a data breach before it happens, are the future. Artificial intelligence and machine learning are paving the way for a new generation of threat intelligence and security solutions. This innovation, however, comes with cautions, and some reality checks.
While AI-based solutions can cut down response times and help us learn from attack data, new challenges arise around data volume, raw processing power and threat actor parties, as well as the challenge of actually using the correct algorithm for the specific problem set.
The integration and correlation between collected data and an automated response will be critical for CISOs.
Future skill sets
A key skill for a security CIO is project management for setting set procedures to audit security rules from a very early stage, building web service and data structure and authentication, authorisation hierarchy.
It is important for these sets of procedures to be updated before and after publishing the service.
A skilled security engineer also needs to master different useful tools to run deep analysis, and build automation and correlation among security devices.
Scripting skills are also useful to be able to build a customised tool using APIs not only to correlate between collected data but also to fetch data.
A10 Networks Thunder Convergent Firewall CFW, a security solution that incorporates multiple security functions for enterprise and service provider deployments
Thunder SSLi, SSL Insight is a comprehensive SSL, TLS decryption solution that enables your security devices to efficiently analyse all enterprise traffic
Thunder Threat Protection System TPS, detects attacks across the network and mitigates DDoS attacks at the network edge
Thunder Application Delivery Controller ADC, Combined with A10 Harmony Controller enables customer applications to be highly available, accelerated and secure with centralised management and analytics.