The modern cybersecurity landscape is a constantly shifting battlefields. Threat actors employ increasingly sophisticated techniques and the attack surface has expanded with the proliferation of devices and services connected to the internet.

Traditional security practices, which largely rely on manual interventions and rule-based approaches, struggle to keep pace. In this scenario, security operations are overwhelmed with data, alerts and the sheer complexity of managing a wide array of security tools and platforms. Analysts are often left drowning in alerts, sifting through false positives and struggling to identify and respond to genuine threats in a timely manner.

To discuss the challenges experienced by security operations in today’s cybersecurity landscape, as well as the pivotal role artificial intelligence (AI), specifically machine learning, is playing in transforming these operations, TechCentral recently hosted a round-table conversation sponsored by Palo Alto Networks with some of the country’s leading executives.

All attendees agreed that in today’s dynamic and evolving threat landscape, where attackers are becoming increasingly sophisticated and attacks are growing in complexity, an integrated and automated approach to security operations is essential.

This empowers organisations to respond more effectively to threats, reduce the risk of security incidents and improve the overall resilience of their digital assets and data. At the same time, while implementing AI in security operations offers significant benefits, there was consensus that it also presents several challenges that organisations need to address for successful integration.

Modern cybersecurity challenges

Attendees said, in their experience, the cybersecurity threat landscape has witnessed a rapid and relentless evolution in recent years, marked by increasingly sophisticated and diverse threats. Threat actors have expanded their arsenal to include advanced malware, ransomware, zero-day vulnerabilities and nation-state-sponsored attacks.

Additionally, social engineering tactics, such as phishing and spear-phishing, have grown in complexity. The increasing complexity of modern IT infrastructure adds to the challenge. Businesses often operate in hybrid environments, combining on-premises systems, cloud services and third-party vendors.

Each component introduces its own security risks and new attack surfaces, and managing this complexity demands comprehensive oversight. At the same time, the demand for skilled cybersecurity professionals has outstripped the available talent pool.

Lack of skills

Organisations often struggle to hire, train, and retain qualified security personnel, which can leave them vulnerable to threats. These evolving threats pose several key challenges to security operations, including the need for more rapid and precise threat detection, a surge in alert volumes leading to alert fatigue, the requirement for advanced threat intelligence and analytics and the necessity of maintaining compliance and privacy standards in the face of growing risks.

Delegates also discussed the presence of silos in their current security operations centre (SOC) technology stack and the impacts they have on threat response. The biggest silos in the SOC technology stack include tool silos, data silos, human resource silos, vendor lock-in silos and the separation between on-premises and cloud security tools.

These silos hinder the seamless flow of information, leading to disjointed data and alerts, making it challenging to correlate and contextualise information and resulting in missed threats. They also create obstacles in terms of communication and collaboration among SOC teams, which can lead to slower incident response times and difficulties in coordinating efforts during a security incident.

There was consensus amongst attendees that, to stay one step ahead of these evolving challenges, security operations must adapt and companies must invest in innovative technologies to effectively counter these multifaceted threats, while ensuring resilience. It’s a situation that calls for a more intelligent and automated approach to security.

A catalyst for transformation

In response to these evolving challenges, entities are increasingly turning to AI-driven automation. AI helps by significantly enhancing threat detection, response and mitigation. With the ability to process vast amounts of data in real-time, AI systems can swiftly identify anomalies, patterns and potential threats that may evade traditional methods.

Automation streamlines routine security tasks, reducing human intervention and enabling faster incident response. Moreover, AI helps in reducing false positives, allowing security analysts to focus on genuine threats.

While the promise of AI-driven security automation is significant, attendees also agreed that there are challenges and considerations to be aware of. Companies must carefully manage sensitive data, ensuring it is used in compliance with data privacy regulations. Quality and quantity of data are key to AI’s effectiveness, and finding skilled professionals with expertise in both AI and security can be a challenge.

The synergy between humans and AI creates a potent defence against increasingly sophisticated cyberthreats

Many organisations also have complex and diverse security tools and platforms. Integrating AI-driven solutions seamlessly into existing security infrastructure can be a complex and time-consuming process.

Human-machine collaboration

In the ever-escalating arms race between cybercriminals and security professionals, AI represents a powerful ally. However, attendees stressed that it is crucial that AI-driven security solutions are implemented and managed with the human element in mind, where security analysts work alongside AI systems to enhance threat detection and response.

This collaboration leverages the strengths of both humans and AI: human analysts bring contextual understanding, intuition, and domain expertise, while AI systems contribute their ability to process vast amounts of data in real-time, identify patterns, and swiftly detect anomalies. Security analysts can rely on AI to automate routine tasks such as initial triage and validation of alerts, thereby reducing the burden of mundane, repetitive work. This enables analysts to focus their valuable time and expertise on more complex tasks like incident investigation, threat hunting and strategic decision-making.

The synergy between humans and AI creates a potent defence against increasingly sophisticated cyberthreats and empowers security teams to respond more effectively to emerging risks in the dynamic cybersecurity landscape.

With these principles in place, attendees agreed that AI-driven automation promises to be a cornerstone of the future of cybersecurity.

TechCentral and Palo Alto thank all of those who participated in the round-table discussion.