When it comes to cutting-edge technology today, artificial intelligence tends to keep up with innovations. It would not be different in the cybersecurity sector, in which the flow of data grows exponentially and that of threats, as well; they can come from different directions, reach different applications and devices and have different results. In everything, however, there are two agreements: the old practices are no longer enough and regardless of the blow vector, the damage is always considerable.
- Zero trust, AI and adaptation are security solutions for growing threats
- Security shouldn’t be about fear, it’s about hope, says Microsoft executive
Looking at the numbers, it’s easy to see why. Microsoft figures from August of last year spoke of 43 trillion threat signals being detected every day, a number that was 24 trillion in 2021 and 8 trillion in 2020. Even at the lowest estimate, analyzing all of this and separating the chaff of wheat is a herculean task. This is where the concept of hybrid security comes in, which mixes artificial intelligence and machine learning with human expertise, still indispensable in a scenario of this type.
Machine training is becoming increasingly present in advanced digital protection systems. Simply put, it’s easy to imagine its application as a funnel with different filters, in which threat signals are automatically evaluated in search of indicators of compromise. Throughout the processing, accesses and other processes are blocked or allowed until, in the end, only the legitimate ones and the most thorny ones remain, which go into the hands of human specialists who hit the hammer.
In a sector that has a shortage of professionals, we are also talking about something more than necessary, but even with complete and highly qualified teams, dealing with this very high volume is humanly impossible. Hybrid security, then, emerges as more than a concept, but a real, palpable and urgent need.
Acronyms and signs side by side
Commercially, hybrid security takes on a fancier name, MDR, which stands for “Managed Detection and Response”. The idea is that systems of this type quickly adapt to the needs of each business niche, while understanding not only the global threat landscape, but also the risks directly linked to the business. The result is threat monitoring 24 hours a day, with priority on what matters and the lowest possible number of false positives.
Other acronyms are also part of this scenario, with response systems and endpoint protection (EDR, in English) or focused on extended detection (XDR) also serving to expand the list of available security technologies. It is up to the executive who also goes by a complicated name, the CISO, or chief information security officer, to make decisions related to this.
As the Vice President of Engineering at Check Point for North America, Jeff Schwartz, pointed out, the search is to do better, without varying tools and protocols, something that, in reality, brings more complexity and increases risk. In the executive’s view, what is needed is a higher standard, especially in a scenario in which threats also become more sophisticated every day.
urgent digital shield
Again, the numbers can serve as an example to justify the urgency of the approach. Faced with known flaws, criminals can start attacking networks from 15 minutes after their disclosure; however, again according to Microsoft, the global average cyber incident detection time is 287 days. With a managed solution, this becomes almost instantaneous, provided the correct machine training is in place, of course.
That’s where human labor comes in, which needs to be directed to work alongside artificial intelligence. This is true at the end, when indicators need to pass the final sieve, but also at the beginning of the chain, with supervised systems also serving to increase the effectiveness of threat models and close spaces that could be occupied by cybercriminals.
Even when everything seems to be working fine, experts point out the need for professionals to assess the blocks and permissions issued, in addition to analyzing the patterns being used by the machines. Thus, there is a reduction of biases and false positives, as well as the possible identification of anomalous behaviors that the AI may be missing.
Among the ways to do this are technology stress tests and cyber incident simulations, as well as hiring companies that perform penetration tests to test network security in practice. When talking about safety, normally, indications go far beyond that and become clear needs, with the opposite being disaster.
Hybrid systems are the current trend in the technology world, with consultancy Gartner indicating a 35% increase in searches for security systems of this type in 2022, with the expectation that this niche market alone will reach US$ 2.2 billion , about BRL 11.7 billion by 2025, an annual growth of 20% as more and more corporations include artificial intelligence in their security strategies. It is predicted that half of the world’s companies will adopt such technologies in the next three years.