3 Requirements to Pave the Way for AI-enabled Threat Intelligence
By The CISO Collective Editorial Team
A new survey of government leaders and senior IT decision-makers across Europe finds that the vast majority (90%) believe that artificial intelligence (AI) will have a high impact on their organizations over the coming years—especially in the areas of fraud/risk management and customer service. But despite support for AI, government respondents report experiencing systemic challenges to delivering successful projects:
More than two-thirds (71%) cite difficulties in procuring the right AI building blocks—notably data integrity and processing capabilities; nearly six in seven (84%) list challenges in adapting AI logic and reasoning to their industry context; and more than three-fourths (81%) say they experienced challenges integrating AI technologies into their back-office operations.
Virtually every element of the next generation of security requires generation, deep analysis, and correlation of threat intelligence. But today’s feed-based systems are still rather primitive. Machine learning (ML) systems, if provided with proper amounts of training and data, will be able to detect threat patterns and develop offensive and defensive playbooks. When combined with AI, security systems will not only be able to anticipate the next moves of an intruder in order to proactively and automatically shut them down, but also predict which threats are likely to target a system, and which threat vectors are likely to be used so an attack can be stopped before it even begins.
This requires three things. First, for responses to occur at the speed of today’s attacks, data needs to not only be collected and analyzed locally, but autonomous decisions also need to be made locally. And second, that information needs to be shared back to the central system so it can be further assessed and initial responses refined and updated, and so alerts and responses can be orchestrated across the entire network. Finally, information sharing must happen at all levels—from individual organizations to cross-vendor organizations. As threat intelligence becomes more refined, it can not only protect an organization’s network, but the networks of others as well.
As networks and businesses change due to ongoing digital innovation initiatives, reliable and actionable threat intelligence from a variety of sources will eventually need to be woven directly into the network itself. This security-driven network approach will allow security to automatically adapt and dynamically respond to the minute-by-minute changes happening in even the most fluid and highly distributed network environments. Preparing for this new, third generation of security starts today by building an interconnected and deeply integrated security architecture designed to work as a single, seamless whole rather than a loose collection of individual physical and virtual devices.