In developed organizations, cyber security relies upon big data. Cyber security experts and IT administrators depend on huge measures of cyber security data to identify and characterize cyber security threats.
As a general rule, it is through big data that cyber security attacks are stopped and vulnerabilities eliminated.
A Security Information and Event Management (SIEM) platform running in an enterprise ordinarily gathers millions or even billions of events from all possible systems, endpoint, network and security tool.
Inside this tremendous trove of information are clues about cyber security threats.
Human security analysts must understand this information rapidly to find attack patterns without being overwhelmed by SIEM alerts that end up being false positives.
The relationship between information volumes and cyber security appears to be clear, yet in actuality it’s intricate and now and again dumbfounding.
Here are 7 mind blowing facts about big data and artificial intelligence (AI) as they are utilized as a part of cyber security.
Assaults can lurk on big business networks for months – The normal “dwell time” (the time frame an assault stays undetected) on a system is very around 7 months.
You may think that gathering more event information would prompt quicker assault discovery and shorter dwell times, yet the inverse is the truth.
Dwell times have risen in a state of harmony with the rise in the measure of event information being gathered.
Today, cyber attacks have a great deal of excessive time to investigate systems and networks, find vulnerabilities, introduce malware, and exfiltrate information.
Cyber security teams need to decrease dwell times by an order of magnitude to lessen hazard, and they are really just struggling.
Regardless of having huge measures of SIEM information, cyber security purchasers are feeling desperate – They’re not able to keep up with the pace and variety of cyber security attacks.
Also, cyber security teams are woefully understaffed. As per one estimates, 209,000 cyber security employments went unfilled in the U.S. in 2015.
Expanding work and a lack of qualified staff is driving numerous purchasers to look for automated arrangements.
Complex Artificial Intelligence cyber security products make big promises about analyzing SIEM information yet have failed to deliver as promised – Many cyber security sellers are reacting to this big data overload by offering AI systems that promise to magically parse the information and find cyber security threats.
Shockingly, the majority of these AI systems have failed to satisfy their promises. These AI systems were designed in light of scholastic theories that are yet to prove themselves in real world conditions.
CISOs and cyber security teams ought to be careful about technical name dropping, i.e product descriptions stressing Bayesian models and Markov models and comparable terms.
AI requires preparing information, and by and large that named preparing information isn’t accessible – An AI arrangement is just on a par with the information is was prepared on.
Most associations do not have the required volumes of security information named to show where assaults are truly occurring.
Artificial Intelligence cyber security products have a tendency to create all the more false positives – New cyber security products ought to diminish the quantity of false positive alerts overwhelming Security Operation Centers (SOCs).
Rather, due to an absence of good training information and setting, numerous Artificial Intelligence cyber security products create much more false positives now than ever.
Their analysis relies on detecting irregularities from a baseline, however not all inconsistencies are cyber security threats.
Artificial Intelligence products can’t explain themselves – If an Artificial Intelligence cyber security product makes a move, it can’t clarify why it did as such.
Human SOC team members are considered responsible for their decisions. They must have the capacity to clarify their decisions.
Without knowing why an AI system made a move, it ends up all the more difficult to tune the system and make it more productive and effective.
Effective Artificial Intelligence cyber security products require a human feedback loop – Artificial Intelligence will never be effective working in any area without anyone else’s input.
It will always require training data, context, and input from people. To handle the issue of big data in cyber security, an Artificial Intelligence arrangement should include a feedback system so it can be trained and refined by input from cyber security SOC teams.
The big data issue in cyber security wouldn’t just leave. Artificial Intelligence guarantees an approach to quicken analysis and lessen cyber security attacks’ dwell times, yet SOC teams should keep their eyes open about the genuine abilities of the Artificial Intelligence cyber security solutions offered by sellers.