Human Insight and AI

Chris Swagler | January 4th, 2024

 

In an era when cyber threat operators can sidestep millions of dollars worth of cybersecurity systems with a simple phone call, it has become evident that the traditional approach to cybersecurity is no longer sufficient and combining human insight and AI can help with the problem. Recent attacks on high-profile targets like Clorox and MGM have demonstrated that accelerating threat actors require a more balanced and agile defense strategy that combines human intelligence with AI-based data analysis and risk prediction. One conference this year shed light on the critical importance of integrating human insight and artificial intelligence at scale to combat increasingly sophisticated breach attempts. The speed at which threat actors operate has reached unparalleled levels, with threat operators leveraging social engineering techniques and deep knowledge of network infrastructure. One president and CEO of a cybersecurity company highlighted during the conference that threat operators often understand the target network better than the system administrators themselves.

The success story of how the integration of human insight and AI thwarted a cyber breach in a southwestern U.S. municipality serves as a compelling example. Threat operators had acquired administrative-level privileged access credentials and attempted to breach the city’s infrastructure. The city’s CIO, who had recently implemented the cybersecurity company’s XDR platform received an alert from threat hunters working on the company’s cybersecurity teams. Within four hours, the breach attempt was investigated and resolved, thanks to the real-time monitoring and insights provided by AI and the experience of the cybersecurity company’s team. However, the deployment of generative AI in cybersecurity is not without its challenges. Training large language models (LLMs) for AI takes time and resources, making it imperative to strike the right balance between human and machine data integration. Combining human insight with AI and machine learning models enables the detection of attack patterns and anomalies in behavior that elude purely numerical analysis. This approach reduces noise, improves accuracy, and speeds up responses to cyber breaches.

Leading cybersecurity providers are at the forefront of developing gen AI-based applications and tools that enhance threat detection and response capabilities. These technologies empower organizations to predict and address threats before they occur, providing a level of security and speed that was unimaginable just a few years ago. The Charlotte AI Investigator, a powerful gen AI tool continually learning and assimilating new knowledge, demonstrated its capabilities during the conference. One cybersecurity company’s extensive library of human-written reports, combined with telemetry and experimental data, fuels the growth of LLMs, helping customers gain valuable insights and knowledge rapidly. The demand for external threat intelligence service providers (ETISPs) is also on the rise, with enterprises averaging seven commercial threat feeds. Leading ETISPs like CybelAngel, Flashpoint, Fortinet, Google, IBM, Microsoft, Rapid7, Recorded Future, ReliaQuest, Trelix, and ZeroFox are developing AI and ML algorithms to aggregate, analyze, and customize threat intelligence.

Managed Detection and Response (MDR) services are seeing strong adoption across various industries, driven by the need to reduce security costs, improve threat detection, and enhance response capabilities. Integrating AI, ML, and human intelligence as a service is one of the fastest-growing segments in enterprise cybersecurity. MDR spending reached $3.24 billion in 2022 and is expected to achieve a compound annual growth rate (CAGR) of 25% through 2026. By 2025, 50% of organizations are projected to use MDR services that rely on AI and ML-based platforms for threat monitoring and response. These services will also offer pre-breach cybersecurity validation assessments and security posture advisory, demonstrating the pivotal role of AI in evaluating MDR providers. Over 60 MDR providers compete in the market today, differentiating themselves based on incident response capabilities, industry-specific expertise, and their ability to harness gen AI tools and ML models for threat detection and response.

The evolving landscape of cyber threats necessitates a paradigm shift in cybersecurity strategies. While data telemetry remains crucial, combining human insight with generative AI is paramount to staying ahead of relentless cyber threat operators. By integrating the strengths of both human and machine intelligence, organizations can bolster their defenses and thwart increasingly sophisticated attacks in real time. In this cyber warfare, where a single phone call can bring down a casino for days, the fusion of human insight and AI is the key to success. At SpearTip, our assessments leave no stone unturned in examining how companies leverage their current technology. We review application and operating system access controls and analyze physical access to their systems. We conclude with detailed reports and recommendations to keep companies compliant and safe, according to industry standards. 43% of data breaches involve attacks against web applications. Companies can protect their business from breaches that originate through web applications with our array of assessments. Our ShadowSpear Threat Hunting is a critical pre-breach step in evaluating the effectiveness of current security measures, including email systems, to determine the overall health of an environment and stop breaches.

If your company is experiencing a breach, call our Security Operations Center at 833.997.7327 to speak directly with an engineer.

Categories

Connect With Us

Featured Articles

DNS Tunneling
DNS Tunneling: New Tactic To Scan Networks and Track Victims
10 June 2024
Mastermind Behind LockBit Ransomware
Mastermind Behind LockBit Ransomware Unveiled and Charged
07 June 2024
Unchecked User Privileges
Unchecked User Privileges: How to Counter
03 June 2024
Cloud Migration
Cloud Migration Impact on Network Security
28 May 2024

See ShadowSpear in Action

Identify, neutralize, and counter cyberattacks - provide confidence in your security posture

Stay Connected With SpearTip

Inside the SOC Newsletter

View our articles that cover trending topics in cybersecurity with insights from our 24/7/365 Security Operations Center.

ShadowSpear Platform

Cybersecurity actors are working around the clock, shouldn’t your security team be too? Technology solutions and security controls fail for a number of reasons, poor deployment, improper implementation, or just no one monitoring the alerts.

ShadowSpear Demo

Experience ShadowSpear for yourself. Our lightweight, integrated solution will help you sleep easier at night and provide immediate confidence in your security posture.