As MSSPs and MSPs race to embrace artificial intelligence (AI) as an essential tool for cyber threat detection, response and remediation, the impact on staffing concerns is no less a force multiplier.
In the revelatory words of Jeff Stutzman, founder of CEO Trusted Internet, an Amherst, New Hampshire-based MSSP, “There’s an AI tsunami coming.” But that’s not to say AI automation will ever fully replace the human element inside an MSSP or MSP.
Three Types of AI for Cybersecurity
Aimei Wei, chief technology officer and founder of Open XDR specialist Stellar Cyber, explained that in the realm of security operations, there are three types of AI that are being applied. She describes them in the following manner:
- Machine Learning — “the adept navigator of patterns within data streams”
- GenAI — “the omniscient language model mastering linguistic nuances, now being challenged to bring proactive capabilities that yield real operational efficiencies”
- Automated responses from 'playbooks' — “the agile executors of predefined actions”
“Each, a catalyst for productivity and efficiency, fortifies the arsenal of defense, empowering teams to cut through noisy alerts and discern the meaningful signals of an impending attack,” Wei said.
AI in the Mind of the CISO
Trellix, an AI-powered extended detection and response (XDR) provider, recently surveyed 500 security executives in North America on how increasing AI use is currently evolving the threat landscape — and the CISO role to reshape the future of cybersecurity in the workplace.
Not surprisingly, 90% of CISOs find themselves under increased pressure over keeping pace with AI, according to the Trellix study, Mind of the CISO: Decoding the GenAI Impact. As a result, the cybersecurity skills gaps and the need to recruit new employees with AI experience and knowledge has increased stress levels — in addition to the requirement to train current employees on AI.
Further to helping solve the cyber talent gap, 89% of CISOs believe that adopting and integrating GenAI tools (for its ability to create software code) will help address security operations staffing issues within their organization. CISOs also all agreed any redundancies as a result of GenAI could be repurposed within an organization focused on managing and overseeing GenAI tools.
Based on current workload demands, 91% of CISOs expressed excitement over the prospects and opportunities GenAI and AI will bring to their organization. On average, CISOs believe GenAI has or could improve the productivity of their organization’s workforce by 38%.
Companies like Trellix say XDR technology can automate security operation centers (SOCs). XDR extends beyond the traditional endpoints and network data sources, integrating multiple security layers, including email, network, server, cloud, and endpoint data, providing a more comprehensive view of an organization's security posture.
Trellix promoted AI as part of their customer win of MSSP One Source, announced in January. Such partnerships, says Trellix, help “address the four-million-person cyber talent gap by providing increased security capabilities without excessive infrastructure and talent investment.”
As for Stutzman’s coming “AI tsunami,” he says the attackers are currently in the lead, but it’ll level out as defenders create tools based on the same tech used to attack.
“While not perfect, I’m a huge advocate of ‘don’t let perfect get in the way of good’ as we built out what we each believe will give us the advantage,” he said. “XDR gives us the best jump on this lead.”
But if you think AI can fully replace the human element, Stutzman offers a cautionary statement.
“Your analysts need to be smart enough to understand what is happening in the data before the AI and automation take over and the new machine implants mistakes,” he says. “This is not an entry-level tool. It’s an expert-level tool.”
Offering a wartime analogy, Stutzman explained that “during World War II, the U.S. lost a lot of ships to submarines. So, sailors (like SOC analysts) stood watch with looking for subs surfacing before they could shoot.
"As time went on, they got better. They could stay under longer and shoot from underwater. We had to find new data points. We flew over the ocean listening for propeller noise. We watched from airplanes for magnetic anomalies. We had more data points.”
The Need for a Human in the Loop
Tim Hastings, CISO at MSSP Legato Security believes that AI holds immense potential in transforming security operations practices, empowering organizations to detect and respond to advanced threats with greater speed and accuracy — but not at the expense of human interaction.
“With AI-driven systems, companies can automate defense mechanisms, analyze behavioral patterns and even predict future cyber risks, Hastings said. “However, it's crucial to recognize that AI is not a cure-all solution and brings its own set of challenges, including adversarial attacks and ethical considerations. Organizations should continue to explore combining AI technologies with human expertise and robust governance frameworks to effectively combat evolving cyber threats."
BlackBerry Cybersecurity, in a recent MSSP Alert guest blog, said the AI community will have to address concerns over accuracy with generative AI before it can be trusted to operate without human oversight. Citing a McKinsey survey, The State of AI in 2023: Generative AI’s Breakout Year, one-third of all 1,684 respondents to an online survey of businesses conducted in April 2023 say their organizations are already regularly using GenAI for at least one function. MSSPs should closely evaluate how they might use GenAI to help them be more efficient and productive and to give more value to their customers while maintaining human oversight of the systems.
AI Efficiency at the Core of Threat Management
Intezer, a New York City-based MSSP that recently brought to market an Autonomous SOC Platform, reports that only about 4% of the alerts it receives and investigates with AI are escalated as “critical” and therefore need immediate attention from its human analysts. By applying AI to triage alerts from integrated security tools, it correctly applies human resources.
Intezer for MSSP uses AI to fully automate all Tier 1 SOC tasks and decision-making for MSSPs. Intezer said the capability allows onboarding of new clients without having to hire additional analysts.
“Speed and consistency are two things that technology can always do better than us humans,” Intezer CEO and co-founder Itai Tevet told MSSP Alert. “We get burned out or forget things because we are tired at the end of a shift.”