AI has been introduced into many cybersecurity tools. How has this improved the efficacy of these tools? Are there any drawbacks?
Efficiency has definitely improved, tool sets that I’m familiar with are becoming more accurate with alerts and identifying the unusual. This was never the case a few years ago, where signature and full packet inspection was the only real method of reactive detection.
AI has definitely pushed user behaviour to a new level which was nearly impossible to accurately baseline previously. Of course with any developed technology lots of modelling and testing has to be completed but let’s not forget AI has been talked around a long while but until recently it’s not really been that useful.
As for drawbacks it I haven't noticed many, any false positive is I suppose a drawback but generally I only see this as a logical step in an ever changing environment.
Having said all that no one ever relies on a single technology and the key is to test, test and yes more tests. I for one always have a red team type exercise, the scale dependant on the company, this gives a great indication on your defences and how we can improve. This is then supported with table tops with technical teams to ensure repeatable actions are followed. Users will always be the key and having a well educated and robust user awareness programme is also paramount.
Modern Security Operations teams have access to vast amounts of data, but this has not translated into greater effectiveness. The goal of NTA is to not only eliminate blind spots with unprecedented visibility, but to also cut through the noise of alerts with high-fidelity behavioral analytics.
In addition, it should dramatically reduces the time required to take action, from days to seconds, through automated investigations. To achieve these goals, NTA takes advantage of new machine learning and network traffic analytics technology. At its core, NTA which should be powered by an open, programmable, and extensible real-time streaming analytics platform and cloud-based behavioral analytics for full layer-7 visibility.
I'm a Senior Manager at a large Tech Services Company. I want to do Analysis of my Network. Any suggestions of NTA tools to look at?
Let the community know what you think. Share your opinions now!