COMMENTARY: It's still early days for the use of commercial-grade artificial intelligence (AI) in enterprises. But AI has already helped companies become more resilient against cyberattacks — making it easier and faster to surface the true intelligence an organization’s vast data assets contain.
When cyber incidents occur, internal teams must consolidate information across potentially dozens of different IT systems to remedy the problem. But unless that forensics process gets highly automated, the enterprise and its customers might wait days, weeks, or even months for important systems to fully come back online. Such delays can cost the company millions of dollars and cause irreparable harm to its reputation.
[SC Media Perspectives columns are written by a trusted community of SC Media cybersecurity subject matter experts. Read more Perspectives here.]
To ensure a prompter return to normal operations, companies are putting a greater emphasis on backup and recovery. Despite this heightened attention to resilience, the teams responsible for recovery too often lack the expertise or tools to identify which of an ever-growing barrage of daily alerts might signal an actual incident that requires immediate attention, and which ones are false alarms.
AI can help focus rapid-response troubleshooting in two ways. First, AI systems are transparent and understandable, offering clear explanations for AI-generated decisions. This transparency helps overworked IT specialists identify the biggest and most immediate threats. Second, industrywide, AI unlocks the power of collective intelligence, allowing those with the deepest cyber-recovery experience to share that knowledge in a manner that’s useful to IT professionals — especially ones who are navigating their first cyberattack.
Ultimately, this new era of AI-enabled resiliency, with an emphasis on privacy and security embedded by design principles throughout the AI lifecycle, can help organizations restore operations and ensure that their most vital data assets are safely recovered. As bad actors are intent on targeting their victims’ back-up data repositories, it becomes even more difficult to fully recover from an attack.
Turn information into intelligence
For enterprise resilience, AI represents the next stage beyond a related technology that’s been in use for years: machine learning (ML).
ML, as it’s known, can learn a company’s typical operational behavior, then flag any anomalies or deviations from the norm that might require further investigation. These notifications often help security teams tasked with overseeing complex IT environments discover potential issues much faster.
But every enterprise will have a different definition of “normal.” That makes it challenging for software vendors to train an out-of-the-box ML system to work perfectly across a broad spectrum of organizations. As a result, ML can too often surface so-called “static noise,” or events that could resemble an attack but are actually just false alarms. For example, a team could be working on a new project involving sensitive information. Seeing a spike in users accessing high-priority data in a short period, the ML system assumes it’s a threat and alerts the security team.
AI systems add a new layer of intelligence to help reduce false signals by considering a much broader set of inputs than ML. AI can cross-analyze individual events to identify potential linkages, distinguishing false alarms from more serious issues. This collaborative approach enhances human capabilities rather than replacing them, aligning AI products with the needs and values of users.
This also helps recovery teams become more productive by focusing their attention on only the most critical vulnerabilities, ultimately improving overall security.
Tap the power of collective intelligence
With AI, it’s also now much easier to disseminate intelligence, and deliver these insights in a natural language so that even non-technical users can understand highly complex topics.
Collaboration becomes paramount as partnerships with high ethical standards beget responsible AI practices, where software vendors infuse decades of experience into an underlying platform. Customers can use an AI engine to mine this accrued database of real-world experience to troubleshoot problems faster. Think of it as crowd-sourcing data recovery through a global community of legitimate businesses, ensuring that data gets anonymized, and the team can protect proprietary information.
And unlike past applications, if managed correctly, AI becomes more intelligent the more it’s used. The technology begins to understand a company’s unique environment, offering more tailored outputs. With knowledge of past events and issues, AI systems, through rigorous testing and quality assurance protocols, can begin to fix similar problems autonomously, only looping in a human employee for approval before execution.
AI won’t solve all our problems. But as the technology evolves, it’s prudent for CISOs, CTOs, and other IT leaders to take a measured approach to adopting the products that software vendors offer. Many promising AI features are increasingly available that teams can integrate with existing IT tools to make an organization more cyber resilient. Plus, these features offer businesses a way to experiment with AI, while laying the groundwork for more advanced use cases down the road.
Brian Brockway, chief technology officer, Commvault
SC Media Perspectives columns are written by a trusted community of SC Media cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.
