Artificial Intelligence and Cybersecurity – Volume 2

Published by Joe D on

I am considering using AI in my information security controls.  How can it help?

 

Last month, we discussed some of the basics around how to protect and make available information generated from AI in Information Security.  This month, we would like to dive deeper into how it can be used.  We’ll lay out a few examples, but as this technology evolves, the options will be limitless.  Also, there may be options to leverage outside data to assist in the creation of intelligence.

 

  1. Audit Log Reviews. We’ve primarily relied on applications and, in some cases, manual processes to actually dig into audit logs to identify inappropriate access or potential security events.  AI affords us the opportunity to leverage prior knowledge or conceived scenarios to scan and review audit logs at a much higher frequency and has the ability to handle much higher volume.  Consider the ability to identify an inappropriate access incident or event as it occurs.  The harmful effects and potential risk could be significantly mitigated.
  2. Access Reviews. Again, this is another area where much of the effort has been manual.  AI provides the ability to not only drive the automation of the access reviews but can also make suggestions based on organizational trends and only inquire to asset owners where it appears to align with the identified trends and desired behaviors.  This is very powerful and can save a fair amount of effort.
  3. Incident Identification and Response. AI can be a powerful tool used to recognize potentially adverse security events as they are happening.  Today, much of our work in this area is reactionary.  Imagine situations where behaviors and traffic can be fed through AI tools real time and anomalies that indicate a potential security incident or breach can be identified as they are happening.  This could potentially save companies millions of dollars.
  4. Login Monitoring. AI can be a powerful tool in the identification and proactive response to inappropriate login attempts.  By using knowledge and AI, much of the human error in this very vulnerable space can be prevented.
Categories: Uncategorized

Related Posts

Uncategorized

Classification of Information Assets

If we would like to establish effective security controls to protect our information assets, we should first start by classifying those assets.  Like the controls in place to protect the information, the respective classification follows Read more…

Uncategorized

Vulnerability Scanning

What is vulnerability scanning? Vulnerability scanning is the process of examining external and internal attack surfaces to identify weaknesses that will be exploited by malicious actors who attempt to infiltrate an organization’s systems, data, network, Read more…

Uncategorized

Human Resources and Information Security

The HR team may not be the first group that comes to mind when the Information Security topic surfaces.  However, Human Resources plays a significant role in the protection of sensitive information in all stages Read more…