Security Analyst: The New Data Scientist

The impact of AI on businesses and consumers continues to grow day by day. If a company isn’t already using AI to improve the way work is done, to improve customer service, or to reduce costs, they’re trying to figure out how to use it.

Much of this explosive growth is due to data scientists. These are the individuals who analyze massive volumes of complex digital data needed for AI and machine learning.

Not so long ago, data scientists were in an exclusive club, found only in the depths of Silicon Valley’s startup hubs. They had new, in-demand skills and were earning extremely high salaries.

Today’s environment is quite different. Data science skills have become more common. Universities offer a wide selection of courses on the subject, and the role of a data scientist is well-woven into the fabric of most industries.

The emergence of the next generation of IT security analysts is beginning to follow a path similar to that of the data scientist. This emergence, however, is fueled by slightly different needs – the explosive growth of cybercrime and the unmanageable number of cybersecurity threat false positives that are currently drowning CISOs and their teams.

More than 230,000 new malware samples are released every day. The average small and medium business experiences 44 cyberattacks every day. The cost of direct damage from cybercrime is adding up and is expected to reach $6 trillion by 2021.

Right now, the market is confident that AI, machine learning, and behavioral analytics will help solve these problems. However, an unintended consequence of these emerging technologies could make life much harder for CISOs and their teams.

Today, anything that AI identifies as an anomaly is considered a potential threat. The problem with this approach is that many of these threats are false positives. According to a recent survey, 37% of large companies receive more than 10,000 alerts each month. Additionally, 52% of these alerts are false positives and 64% are redundant alerts. Using current systems, companies then have to manually review thousands of AI-generated false positives each month.

Current systems lack contextual data to give security analysts the tools to assess threats thoughtfully.

Consider this example: an employee accesses an internal network server and data sources he has never accessed before; these activities are flagged as potentially malicious. The same employee is also viewing web content that no one in the organization has ever accessed before. Malicious activity? May be. Without the proper context, we cannot be sure.

The employee could have been reassigned to a new team and is working on a brand new project that required huge amounts of external research. Either way, IT has to manually deal with these false positives and is ill-equipped to paint a clear picture of the situation. This consumes valuable time and resources.

The growing number of threats, the unmanageable number of false positives, and the lack of context are several of the factors creating a shortage of two million cybersecurity professionals worldwide.

In addition to the massive shortage, ISACA has found that less than one in four applicants who apply for cybersecurity jobs are qualified. As with data science, you can’t pretend to be a security analyst. There is no on-the-job training.

Therein lies the need for a new generation of IT security analysts. Armed with the right tools, this emerging role will enhance existing security policies. Security analysts will leverage the work of AI, machine learning, and behavioral analytics by making data more consumable and understanding risk thresholds based on context. With tools that help assemble and interpret the signals needed to hunt and assess threats, security analysts won’t need extensive experience in data modeling or database querying.

Location, time of day, preferred device, new device, employee status, bandwidth, creation of abnormal files, access to abnormal content, and even embedding of external data on weather, traffic, social feeds, and other location-specific data can paint a complete picture of malicious threats. threat detection. Any individual dot could potentially be flagged by systems as a threat, but when enriched with the right contextual data, a different story could emerge.

This new generation of security analysts will first tackle the problem of reducing false positives in real time. At the same time, security analysts armed with the right tools will move from a defensive posture of responding to threats after they have occurred (sometimes several months after), to playing the offensive and helping identify potential attacks in progress. before they have a catastrophic impact on the organization.

The increase in attacks combined with the increase in false positives will plague businesses and governments. This has decreased employee productivity and negatively impacts customers and brands.

As was the case for data scientists, the market will make it easier to get the right skills for more to be successful in security analyst roles over time. More education. More resources. Better tools. Until then, when you find a good security analyst, don’t let them go. There aren’t enough people, with the right tools, to do the job that needs to be done today.

We’ll know the skills market improves when security analysts evolve from really smart threat detectives to aggressive and precise threat hunters.

Sean N. Ayres