Secureworks Applies Multiple Forms of AI to Assess Threat Risks
Secureworks has added a threat score capability that leverages artificial intelligence (AI) to its Taegis extended detection and response (XDR) platform.
Kyle Falkenhagen, chief product officer for Secureworks, said this threat-scoring capability makes use of neural networks to assess the severity of threats using a rating of zero to 10 that is based on the unique attributes of the attack surface that needs to be defended.
In addition, Securworks is providing access to the generative AI platform that Microsoft makes available to make it simpler for security analysts to use prompts to further investigate threats, said Falkenhagen.
He added that, collectively, these AI capabilities promise to significantly reduce the alert noise that currently overwhelms cybersecurity teams.
Taegis is a software-as-a-service (SaaS) platform through which Secureworks collects enough telemetry data to train AI models. The company is employing a mix of types of AI models to augment cybersecurity analysts at a time when there is still a chronic shortage of cybersecurity expertise.
Over time, AI should also lower the bar in terms of the level of expertise required to become a cybersecurity professional, noted Falkenhagen. In effect, AI will democratize cybersecurity in a way that should significantly reduce the current skills gap, he added.
Regardless of the level of expertise any cybersecurity professional has, it’s unlikely they will want to work for organizations that don’t invest in AI. The best cybersecurity talent naturally gravitates toward the organizations that provide the best tools. Hopefully, the rise of AI will reduce the current level of toil most cybersecurity analysts currently experience and reduce burnout. One of the reasons there are so many open cybersecurity positions is the level of fatigue cybersecurity professionals experience over time is simply too high. One of the major benefits of AI is that the effort previously required to initially triage threats is fully automated, said Falkenhagen.
It’s not clear how quickly organizations are embracing AI to improve cybersecurity. Many organizations are trying to simultaneously improve cybersecurity while reducing the total cost of maintaining it. The challenge is that typically, AI will require an organization to either upgrade an existing platform or switch to a new one.
Of course, cybercriminals are also evolving their tactics and techniques to embrace AI. The expectation is AI will enable them to increase both the volume and sophistication of the cyberattacks they launch. In fact, dwell time for cyberattacks continues to decline, noted Falkenhagen. The amount of time between when malware is implanted and activated requires cybersecurity teams to now be able to identify and respond to threats in near-real-time, he added. In effect, organizations are now involved in an AI arms race with cybercriminals.
No one knows for sure which side will benefit more from AI, but the one thing that is all but certain is that organizations that don’t make use of it will be victimized with greater frequency than those that do. The only thing that remains to be seen now is the extent.
