To keep pace with the volume of data flooding security operations centers, analysts must rely on AI and automation, says the DoD/IC chief technology officer.
Artificial intelligence is definitely changing how agencies approach cybersecurity — defensively and offensively.
“Artificial intelligence isn’t new. We’ve been using artificial intelligence in cybersecurity for some time,” said Jim Smid, Defense Department and Intelligence Community field chief technology officer at Palo Alto Networks. “We have to be a lot more nimble — to not only put our defensive capabilities together but to understand how our adversaries are potentially harnessing the power of artificial intelligence against us.”
AI and machine learning tools have the potential to let cyber analysts detect and address network vulnerabilities faster than ever and provide around-the-clock threat detection, Smid said during Federal News Network’s AI and Data Exchange.
That’s why AI is rewriting the cybersecurity playbook, fundamentally reshaping the field over the past few years.
“This whole idea of being able to very quickly and easily be able to identify not only known attacks, but to understand how they behave — using machine learning and data — this has evolved,” Smid said.
Cyber adversaries are taking advantage of emerging AI tools too. Smid said attackers now harness AI to crawl for data readily available online, then use that information to craft more sophisticated social engineering attacks.
“Think of phishing attacks. It wasn’t that long ago that you could really easily spot a phishing attack using grammar that was not good. It potentially had spelling errors. It didn’t use language in a way that seemed like a real person,” he said. “But now these have become so sophisticated that not only has the grammar and the vocabulary and everything really improved, but they may know very specific things about you: what you like, who you’ve seen, where you’ve been. And by adding that kind of information into these attacks, they become very difficult to spot.”
By tapping into AI cybersecurity tools, Smid said agencies can stay on top of an evolving threat landscape.
“Artificial intelligence is really inherent to everything we do at Palo Alto Networks. Palo Alto Networks has an umbrella of platform utilizing AI to address network, cloud and operations,” he said. “Think about things like Internet of Things devices. This is a threat vector that is really important for a lot of our customers. That’s where a lot of these breaches are coming from. So it’s the ability to very easily identify everything you have on your network and understand where those potential threats might be coming from.”
AI tools are becoming increasingly essential to every agency’s security operations center given the amount of data that SOCs and their analysts must sift through, Smid said.
“It’s unmanageable without having artificial intelligence and having automation and orchestration tools so that you can sort through the noise and find what’s really important in your environment,” he said. “You have to be able to share data between the tools. You have to have automation. You have to have these playbooks and the capability to make those actionable.”
The integration of AI and machine learning technologies enable SOC scalability and operational efficiencies, allowing agencies to rapidly respond to emerging threats.
“There are new attacks coming in every day. Every day, you need to get better,” Smid said. It’s critical to partner with cyber companies like Palo Alto Networks to take advantage of crowdsourced telemetry information to take advantage to the intelligence on threats and attacks.
“At the end of the day, the only thing that really matters is the mean time to detect and the mean time to remediate something that has happened in your network,” he said. “And if you don’t use tools like those, you can’t measure those in a way that’s effective.”
The addition of AI and automation tools lets organizations gain a comprehensive understanding of their attack surfaces, Smid said. It also gives them the ability to take proactive measures to continuously monitor and mitigate emerging risks across the attack surface, enhancing overall cybersecurity resilience.
“It’s being able to get the data, to normalize the data, to sort through the data very quickly and then to have actionable intelligence and to start automating things. A lot of our tools are built to really make the operators themselves more efficient,” Smid said.
“Your attack surface itself — how do you automate looking at what the attack surface looks like? How do you find things that are misconfigured? How do you find things that you know are vulnerabilities — whether that’s configuration, or whether it’s patching, things like that — and automate the ability so that you really work at those things at machine speed.”
Discover more articles and videos now on our AI & Data Exchange event page.
Copyright © 2024 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.
Jory Heckman is a reporter at Federal News Network covering U.S. Postal Service, IRS, big data and technology issues.
Follow @jheckmanWFED