False positives overwhelming Cyber Security Ops analysts

Author: Rob Williams – Robocore Senior Recruitment Specialist in Cyber Security

According to the World Economic Forum report, ‘Cybersecurity, emerging technology and systemic risk’ “Unless action is taken now, by 2025 next generation technology, on which the world will increasingly rely, has the potential to overwhelm the defences of the global security community.” This warning should firmly place attention on cyber security, and on using every available tool to support it, as an essential element of any business’s digital network. Artificial Intelligence (AI) has the potential to perform a strong support function, according to Rob Williams, a Robocore Senior Recruiter Specialist in Cyber Security based in Southeast Asia, who offers his perspective on AI in the cybersecurity industry.

The role of AI in Cybersecurity

Security Operations Centre (SOC) analysts are being overwhelmed by the amount of data that they have to analyze in order to determine if an event is a threat or just a false positive. The main downside of false positives is that the creation of so many of these alerts can easily drown out legitimate intrusion detection alerts. This is one of the reasons that SOC analysts are embracing AI to update their technology, as they try to keep pace with constantly evolving threats from malware, ransomware, DDoS attacks, and more.

AI as a defensive tool

Cyber security companies are developing AI systems to detect viruses and malware by using complex algorithms that enable the AI to run a pattern recognition process. The result is that these AI systems can identify the behaviour of ransomware and malware attacks before they enter the system and, most importantly, isolate them.

One example of this is Enterprise Immune System (EIS) from DarkTrace. Powered by machine learning ML and AI algorithms, EIS technology iteratively learns a unique ‘pattern of life’ (‘self’) for every device and user on a network, and correlates these insights in order to spot emerging threats that would otherwise go unnoticed. EIS is already relied upon by thousands of organizations to protect against threats in the cloud, email, network, and industrial environments.

Deep Instinct is another global cybersecurity platform that uses predictive analysis to detect variations in known malware code. Using deep learning software and technology to detect and prevent never seen before and unknown threats, such as zero-day vulnerabilities (zero-days) and Advanced Persistent Threats (APTs). Deep Instinct’s solution is based on a two-phase approach, which is similar to the way the brain learns and then acts in an instinctive mode.

AI as an offensive tool

Deep Locker is next-gen AI-powered malware that is capable of infecting millions while remaining undetected dues to its being packed with detection evading features. It was actually created by security researchers at IBM to showcase the difficulty level of the threat, as cybercriminals and security defenders play a game of cat and mouse.

The malware is designed to conceal its presence until it reaches the victim. Furthermore, its AI component is leveraged to identify the target via facial and voice recognition, as well as geolocation. One IBM security expert said, “You can think of this capability as similar to a sniper attack, in contrast to the ‘spray and pray’ approach of traditional malware. DeepLocker is designed to be stealthy. It flies under the radar, avoiding detection until the precise moment it recognizes a specific target.”

Deep fakes are created using AI software and are a recent addition to the disconcerting problem of online disinformation. They are expensive and time-consuming to produce, and typically target celebrities and politicians. They are created by merging, replacing, or superimposing content onto a video in a way that makes them appear to be real. In 2020 we saw a drastic improvement in their quality and realism and there are now commercial products that leverage deepfake technology for everything from artificial intelligence-based voiceovers to enabling actors, political figures and others to appear in new videos and movies. In tandem with this development, the tools for detecting deep fakes are becoming more sophisticated as well, Scientific American reports. Indeed, scientists at the University of Buffalo have developed a way to detect deep fakes by analyzing light reflections in the eyes and this has proved to be 94% effective in detecting deep fakes in portrait-style photos.

The cybersecurity skills gap and AI

According to InfoSecurity magazine, the global IT security skills shortage has now passed four million. AI may not the panacea, but integrating AI and cybersecurity is the way forward, as AI can help the current cybersecurity technology automate threat detection and track down potential cyber-attacks within a limited time frame.

Cyber ranges help reduce the skills gap

A cyber range is a key tool and platform for reducing the cyber skills gap. Organizations can prepare SOC analysts and Incident Responders (IR) to defend against cyber threats in an interactive way by using platforms, networks, systems, tools, and applications that provide an environment where new ideas can be tested and teams can work to solve complex cyber problems.

Cyberbit was one of the first provides of cyber ranges and was founded to solve a particularly critical problem: cybersecurity teams are not prepared for attacks. The SANS Institute has its own platform called DFIR Netwars. It provides a suite of interactive learning scenarios, which they call a tournament, where IT professionals at all levels can test their skills in a series of cutting-edge challenges. Such is the benefit of cyber ranges that they are now included in cyber security degree courses at universities in the USA, Europe, India, Australia and Singapore.

AI in recruitment

Modern enterprises are made up of both simple processes and those rich in complex decision-making, which means we need complementary technologies to handle these workflows. Robotic Process Automation (RPA), which thrives in systems that have a clear, step-by-step flow, and AI, which can augment and improve human decision making in complex processes, are two of the technologies in question.

Robocore as a leading recruiter with offices in 12 countries is well aware of the skills shortage in cybersecurity and was an early adopter of utilizing RPA in the recruitment process.

Warren A. Drabble – Co-Founder of Robocore commented: “Recruitment has both the informative and human interaction elements, the Robotics position recruiters with a clearer view of their information which heightens their attention to detail and overall performance, for hiring managers, it simply means Recruiters will know more.”

From Rob’s perspective, the two surest ways to tackle the constant and growing cybersecurity skills gap are:

First, get better at hiring seasoned people.
Cultivate and retain home grown talent from a wider range of backgrounds.
Recruitment in Cyber Security is becoming more and more competitive, the key to winning will be in your overall efficiencies in career marketing, hiring strategy, budget, team environment, team incentives, and technical frameworks,
Top talent are sensitive to income and the overall benefits of working for your firm, understanding the market value for salaries and the way packages are assembled is essential to maintain both competitive and sustainable budgets for Cyber Security SOCs
If your budget’s stretched, you can compete with a positive overall work experience, goal setting, and team reward programs to make work fun and interesting which will help maximise retention.
Candidates aspire to move forward, progress with their careers. Invest in learning, education and upskilling, company led certifications give your team a reason to work toward.
The best place to start is in speaking with your team, HR, and recruitment partners.

Rob Williams is a Managing recruitment Partner at Robocore. He has over 30 years of professional experience in the ICT industry. He was program manager for CISCO Advanced Services in APAC, as well as holding senior positions in Huawei Global Technical Services, and has delivered large-scale cybersecurity solutions to Enterprise and Service provider customers.

Contact: robert.williams@robocore.co

For more information about what Robocore UK Ltd can offer to corporate clients, job candidates, and those who would like to set up as a recruitment entrepreneur, visit https://www.robocore.co/ .

Tags:

#cybersecurity #cybersecurityoperationscentre #cyverrisks #futureofwork

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

False positives overwhelming Cyber Security Operations Centre (SOC) analysts.