Augmented Intelligence for Cyber Security Operations

The latest evolution of Security Automation solutions espouses “Artificial Intelligence” (AI) capabilities directly intended to address these challenges by improving the Efficiency of Security Operations, reducing the burden on Analysts through automation.

These solutions promise more Monitoring data can be continuously collected, categorized, normalized, and analyzed by AI algorithms looking for either known or anomalous patterns that may be indicative of attacks or compromises. [Essentially, Intrusion Detection.] Assuming no false positives, this automated Detection can then (Prioritize? and) Dispatch validated incidents on to automated Selection of appropriate, pre-tested, validated Response countermeasures from a corporate “Playbook”; based on the assumption that the automatically selected Response itself will not disrupt any critical business function. [Essentially, Intrusion Prevention.] Ideally, reducing the manual burden on your Analysts, freeing them to focus on the more complex, sophisticated attacks from Advanced Persistent Threat (APT) actors. The concept is clear - automatically reduce the noise, improve efficiencies. 

Once you’ve got your Security Operations running more efficiently, your next evolution should be to look for “Augmented Intelligence (the other "AI" in Cybersecurity). Specifically to improve the Effectiveness of your Analysts as they wrestle with the continuously mutating, novelty attacks from sophisticated APT.

Augmented Intelligence solutions gather, integrate, fuse, and correlate various streams of Intelligence (rather than raw data); presenting your Analysts with the critical Context they need to inform their decisions. Context that automatically connects Assets, Vulnerabilities, Threats, Phenomena (events and anomalies), Consequences (e.g., business impact), and Options/Countermeasures, in both Cyberspace and Time. 

In the ever-evolving chess-game of cyber conflict…

Context is Everything.