Over the last year, Secureworks® launched into production several AI, ML and Automation based improvements and optimizations. With our investments we:
- Improved our median time to notify customers of incidents by over 80%
- Built a prioritization engine which processes more than 1 million alerts per month across our customers. This system removed “noise alerts” that were making up over 50% of our team's workload over the last 12 months.
- Productized a customer-facing reporting system which automatically creates, enriches and escalates investigation reports in less than half the time it took us to do this work manually.
- Saved our analysts thousands of hours and helped surface critical threats.
As defenders, we’ve made significant gains with AI and we need to move even faster.
Hackers are not slow in their adoption of AI approaches. We have observed adversaries pushing boundaries and executing with increasing speed. The reality is that defenders need to keep pace and leverage AI for defense. It is time for us as security professionals to run hard and embrace AI as a powerful tool for defenders.
Closing the Talent Gap and Improving Response
There simply aren't enough skilled professionals to keep up with the increasing threat volume and customer demand. We know that with Human + AI-powered systems, even lesser-skilled cybersecurity professionals can uncover advanced threats and become more proficient faster. We use AI to close the talent gap and bolster our defenses. We believe every security company should be taking this Human + AI approach as fast as possible.
Building the AI-Powered Application Security Ecosystem
To effectively embrace AI for defense, we must build an AI-powered application security ecosystem. This ecosystem should encompass the best practices and tools that exist in the field of cybersecurity. Just as we have community consortiums like OWASP (Open Web Application Security Project) in the application security domain, we need similar initiatives in AI security. This collaborative approach will ensure that knowledge and expertise are shared among security professionals, enabling us to collectively stay ahead of attackers.
Training AI Systems With Learned Wisdom, Not Just Data
AI systems are often equipped with vast amounts of training data. We claim this is distinct from wisdom – the ability to apply knowledge judiciously, making decisions that consider the context of the decision. As an example, a detector considering only endpoint data may come to the incorrect conclusion unless critical context (endpoint is running inside of an industrial machine shop) about the environment is considered. Even more critical, the resulting action (isolate the host) may be more destructive (take down the manufacturing line) than doing nothing. By building systems that have full end-to-end context of indicators, investigations and resultant remediation actions – can we achieve the level of performance we need to address the adversary.
Democratizing Access to Advanced Security
Advanced security measures have often been out of reach for smaller organizations due to cost and complexity. AI can democratize access to advanced security technologies by providing scalable solutions that do not require large teams of experts to manage. By embracing AI more swiftly, the security community can provide robust defense tools to a broader audience, raising the overall security posture across different sectors.
Accelerating Threat Intelligence Sharing
At Secureworks, we have more than 40B nodes and edges in our threat graph. No human alone can effectively use this amount of data without machine assistance. We use AI every day to curate this graph and to gather and process intelligence. AI systems can synthesize information rapidly, uncovering insights that might take human analysts much longer to identify. This speed is crucial in a landscape where hours, or even minutes, can make the difference between a contained incident and a full-blown breach. Security communities must adopt AI at a quicker pace to benefit from real-time threat intelligence sharing.
Conclusion
In conclusion, accelerating the integration of AI into cybersecurity is not a luxury but a pressing necessity. Over the last year at Secureworks, we saw significant gains from AI assisted automation, decision making and threat detection. This technology is crucial to bridging the widening talent gap, bolstering our collective defense mechanisms, and democratizing advanced security capabilities. Moreover, the rapidity and precision that AI brings to threat intelligence sharing are indispensable in an era where cyber threats evolve faster than traditional human-led responses can handle. AI is the force multiplier we need to remain ahead in order to secure our progress.