Artificial Intelligence and Cybersecurity – Volume 2
I am considering using AI in my information security controls. How can it help?
Last month, we discussed some of the basics around how to protect and make available information generated from AI in Information Security. This month, we would like to dive deeper into how it can be used. We’ll lay out a few examples, but as this technology evolves, the options will be limitless. Also, there may be options to leverage outside data to assist in the creation of intelligence.
- Audit Log Reviews. We’ve primarily relied on applications and, in some cases, manual processes to actually dig into audit logs to identify inappropriate access or potential security events. AI affords us the opportunity to leverage prior knowledge or conceived scenarios to scan and review audit logs at a much higher frequency and has the ability to handle much higher volume. Consider the ability to identify an inappropriate access incident or event as it occurs. The harmful effects and potential risk could be significantly mitigated.
- Access Reviews. Again, this is another area where much of the effort has been manual. AI provides the ability to not only drive the automation of the access reviews but can also make suggestions based on organizational trends and only inquire to asset owners where it appears to align with the identified trends and desired behaviors. This is very powerful and can save a fair amount of effort.
- Incident Identification and Response. AI can be a powerful tool used to recognize potentially adverse security events as they are happening. Today, much of our work in this area is reactionary. Imagine situations where behaviors and traffic can be fed through AI tools real time and anomalies that indicate a potential security incident or breach can be identified as they are happening. This could potentially save companies millions of dollars.
- Login Monitoring. AI can be a powerful tool in the identification and proactive response to inappropriate login attempts. By using knowledge and AI, much of the human error in this very vulnerable space can be prevented.