Can AI replace the security team?
With the shift towards the use of artificial intelligence in just about every IT field, it’s easy to imagine a world where AI performs the work of most humans. But can it be done?
I think the short answer is “no”? It’s true, most security tools incorporate the use of AI somewhere along the lines. For instance, machine learning to analyze very large amounts of data, traffic patterns, user habits, and others. We see it used quite a bit in cloud computing to identify risk, network or application loads, and scaling.
In threat hunting for example, once the AI has learned baselines across the network it can quickly determine the risk and alert the analyst or act itself. It can improve the quality of the data and help keep threat hunters from going down a false positive rabbit hole. By using AI tools, teams can collaborate quickly on the same data when needed.
Using AI in vulnerability management can help find “rogue” or “lost” systems infrastructure, helping to identify risk that may have gone undetected. Maybe it would suggest mitigations or other ways to reduce found risk. Take for instance vulnerability scanning, automated scans using the latest information and triaging findings.
And of course, SOC AI. This is a big one. Every SOC analyst has experienced fatigue. Whether it’s from a tremendous number of alerts, long hours, or a combination of both. An AI assisted SOC can automate security routines and alerting. An alert triggers, the AI can generate a report, validate the finding, or escalate to another team to verify.
But all of this relies on the AI being integrated correctly into the environment. We need humans to manage that integration. Unfortunately, the continued and expanded use of AI may result in the loss of jobs, but I don’t believe it will ever replace human interaction.
Obviously, I can’t cover every branch of cyber security in this post, that list is extremely extensive. This is more to give you something to think about for the future. Remember, SkyNet is watching…