Organisations must bridge the cyber security gap, warns BDO
Security teams should be across artificial intelligence and machine learning tools to bolster cyber threat efficiency, says BDO.
The professional services firm has advised security teams to be up to date with modern technology to keep up with the next generation of cyber threats.
BDO said if appropriate knowledge, training and specific tools are not leveraged, it will be “nearly impossible” to keep up with emerging attacks powered by AI and optimised tools.
“To stay ahead, your organisation must transform its defences with near real-time alerts and incident response capabilities,” BDO said.
“Every part of your information security strategy should assess how to incorporate AI into your roadmap to ensure your team can adopt these essential technologies.”
The firm noted the leverage of AI and machine learning (ML) tools provided insight into threat hunting, incident response, threat intelligence, alert management and security orchestration, automation and response (SOAR) systems.
In threat hunting, AI and ML excel at detecting anomalies and connecting the dots, according to BDO.
“These technologies assist in understanding the prevalence, rarity, or anomalous behaviour, which is crucial for successful hunts.”
“AI can enhance manual or asynchronous detection processes by providing insights into indicators of compromise or attack, which is a valuable capability as it allows security teams to identify and respond to threats more effectively.”
In terms of incident response, the firm said AI assisted in understanding the severity of a compromise with statistical analysis and identification of similar assets and vulnerabilities, which improved efficiency.
However, though AI assisted in decision making, critical actions such as blocking and isolation would still be better performed by humans.
BDO said AI would assist in the deduplication, suppression, and aggregation of alerts that reduced security operations centre alert fatigue and improved incident management.
“AI can create additional attributes and relationships that are not part of the original event, allowing for more effective aggregation and deduplication,” the firm said.
“This capability is particularly valuable as it allows security teams to focus on the most critical alerts and respond more effectively.”
The ability to reduce false positives was also noted as a key benefit of AI for security teams.
This was correlated to the ability of AI to increase incident confidence through correlation, which resulted in the reduction of false positives and the improvement of incident fidelity.
BDO said AI also assisted in forensic analysis and was integral to the next generation of SOAR systems as AI would be relied on for the creation of playbooks based on analysts’ behaviours and operational procedures.
“This capability is particularly valuable as it allows security teams to automate routine tasks and focus on more strategic activities.”
BDO said by focusing on these key insights and areas to investigate, a company would significantly enhance its security operations approach using AI and ML technologies.
“The potential benefits of AI in cyber security are immense, and by leveraging these technologies, your company can stay ahead of emerging threats and respond more effectively to incidents.”
About the author
