Security Analysts Are Overworked, Understaffed and Overwhelmed — Here’s How AI Can Help

Times are tough for security analysts. In addition to the growing industrywide talent shortage, the threat landscape is expanding in both volume and sophistication — and security teams lack the resources they need to keep up.

To some extent, static processes — such as vulnerability assessments, firewalls and activity monitoring — can help organizations determine who is accessing enterprise data, identify vulnerabilities and detect risky behavior.

However, these systems can’t think on their own or react to deviations or unexpected circumstances. The threat landscape is simply too dynamic, and cybercriminal tactics evolve too quickly for programmatic processes to keep up.

Is AI the Answer to Common Security Pain Points?

How can security teams gain ground in this never-ending race against malicious actors? One solution is to adopt tools that learn, adapt and proactively detect threats — even in a rapidly changing environment.

Let’s take a look at some common pain points for analysts and explore how artificial intelligence (AI) can help shed light on the many frightening unknowns of cybersecurity.

Too Many Alerts, Too Little Time

Today’s largest enterprise networks can generate billions of events per day from a wide range of data sources, including security devices, network appliances, mobile applications and more. The staggering volume of alerts strains security analysts and diminishes the speed and accuracy with which they can process threat data.

Limited Budgets Lead to Limited Talent

According to a recent survey, 66 percent of information security professionals believe there aren’t enough qualified analysts in the field to handle the increasing volume of security threats. In addition, many organizations have limited budgets, restricting security teams from hiring the talent they need to protect their networks. AI-powered tools can automate security processes and perform complex tasks, freeing overworked analysts to focus on more pressing matters.

The Problem of False Positives

A security analyst typically investigates 20–25 incidents every day. This investigation entails gathering information from local logs, correlating indicators of compromise (IoCs) with threat intelligence feeds and conducting outside research for additional context. This process is extremely time-consuming and leads to false-positive rates as high as 70 percent.

Not Enough Hours in the Day

Time is a critical resource for security analysts, who must determine whether to escalate an alert or write it off as a false positive in under 20 minutes. Due to the around-the-clock nature of incident response, security teams should invest in machine learning tools that can filter out the noise and present reliable analysis with speed and scale.

Keeping Up With Cybercriminal Innovation

Attackers are innovating every day, and evasion techniques are becoming increasingly sophisticated — making it harder and harder for security teams to identify potential threats. AI can detect these threats more reliably and learn from features that most human analysts would miss.

Sampling of security incidents by attack type, time and impact, 2015 through 2017

Untapped, Unstructured Data

Many security teams are letting a big chunk of valuable intelligence go to waste. On average, 80 percent of the unstructured, human-generated knowledge found in security blogs, news articles, research papers and more is invisible to traditional systems. AI-based systems can curate this wealth of information, extract crucial threat data and tie it to IoCs found in the network.

A universe of security knowledge, dark to your defenses

Take the Pressure Off Security Analysts

Today’s threat landscape is as volatile as ever, and the ongoing battle between malicious actors and cyberdefenders will only intensify as attack tactics evolve. While there’s no end in sight, AI and machine learning can help level the playing field.

By investing in tools that automatically ingest and prioritize threat intelligence — including unstructured data — and proactively identifying new cybercrime patterns, security leaders can take some of the pressure off their human analysts and free them to focus on day-to-day incident response and bigger-picture defense strategies.

Moazzam Khan

Watson for Cybersecurity Researcher

Moazzam khan has been a security researcher with Watson for Cyber Security group. His research interests involve big...