From helping us write some quick notes to answering commonly asked questions and organizing data, artificial intelligence (AI) has proven to be a major convenience in everyday life! But despite its promise, there has been a lot of hesitance around implementing AI tools for more complex tasks: over-permission and the proliferation of “Super Admins” serving as two key examples of the perils of giving AI tools too much leeway on a network.
These concerns around AI have ramped up so much in the last year that even the government has stepped in and implemented Executive Order 14110, the “Safe, Secure and Trustworthy Development and Use of Artificial Intelligence (AI), to begin formal attempts to secure this ever-growing technology before it’s too late.
Despite these risks however, we shouldn’t abandon AI, as there have been many benefits to securing AI and implementing these tools for cybersecurity teams across the industry! Here are just a few of the ways we’ve seen this technology soar in the security space:
Quickly Locate, Assess and Respond to Security Risks
Perhaps the most prevalent boon of AI tools in the cybersecurity space is their unique ability to quickly root through networks to locate and assess security threats.
In a traditional SOC framework, analysts have to go through a variety of reports, tools, alerts and notifications to find the biggest threats on any given network — often manually sorting through over 80 tools on average to ensure nothing is missed. This is a laborious process that can take days (and sometimes even weeks) to find the source of a threat — and that’s before they can even begin triage and remediation steps.
However, AI has the unique ability to solve this problem for SOCs, enabling their teams to focus more on strategy. By analyzing threats and signals at machine speed, security teams can more quickly identify threats, outpace attackers with much faster response times and more easily solve problems using natural language instead of technical, jargon-heavy language.
That all being said, AI is no replacement for humanity’s inventiveness — rather, it should be seen as a compliment to the capabilities of your SOC teams. Here are just a few ways your security experts should be using AI tools to get more results:
Security Analysts
- Analyzing malware and malicious scripts with AI-enabled tools.
- Getting suggestions and guidance on remediation.
- Creating incident reports that can be understood by all levels of the organization.
IT Admins
- Determining device compliance.
- Getting recommendations on device configuration and platform management.
- Deciphering and understanding multi-factor authentication (MFA) alerts.
Upskill and Retain Security Talent
With over 92% of organizations reporting that they have a skills gap in their organization, AI has become an easy-to-implement solution to help security teams bridge this distance. Once teams upload their own organizations’ security-specific insights and can keep the AI tool up to date with real-time threat reports, it becomes much easier to train new team members while ensuring even your most experienced security professionals have all the resources they need at their fingertips.
What’s more, AI tools have shown even greater promise when put in the hands of junior SOC analysts. Early studies of Microsoft’s new Copilot for Security tool show this sector of SOC teams can see massive results in productivity and accuracy:
- 83% of junior security analysts said Copilot reduced the effort needed to complete a task.
- 86% of junior security analysts said Copilot helped improve their overall quality of work.
- 90% of junior security analysts said they wanted to use tools like Copilot for Security again the next time they perform the same task.
Reduce Burnout
Okay, ballpark figure — how many alerts do you think the average security operations center (SOC) team gets in a day? A couple of dozen? Maybe 100 a day? Going as high as 500 may even feel a little crazy, right?
But all these numbers are (shockingly) too low!
A 2022 cloud security study confirmed that the average SOC team receives over 1,000 security alerts in a single day. What’s even scarier, though, is how these alerts translate into workforce burnout: the study further shows that 62% of survey respondents believe this “alert fatigue” — which is when workers become desensitized to notifications and alerts, and as a result, ignore the ones that may be important — is negatively contributing to their team’s overall turnover rates.
But AI security tools present a compelling alternative to subjecting our SOC teams to thousands of alerts — and that can be seen in how they streamline tasks for security specialists.
Microsoft Copilot for Security has also shown impressive results in making a SOC team’s job easier when it comes to hunting down and remediating threats:
- 90% reduction in time to publish a threat report.
- 44% accuracy increase in spotting attacker scripts.
- 26% increase in security task performance.
In the end, I believe AI’s inherent risks in the security space are minimal compared to the potential it has for improving security frameworks — and there will be more positive innovations on the horizon to ensure this!
Microsoft Copilot for Security is a great example of how innovative an AI tool catered to security teams could be. To explore the Microsoft Copilot for Security offering and a few of the other ways this AI-enabled tool is changing how security teams do their important work, check out our new Copilot for Security resource page and get ready to discover a more secure future for AI!
Guest blog courtesy of TD SYNNEX.
