As security tooling grows more sophisticated and insight into cybercriminal activity becomes more comprehensive, our collective ability to detect threat activity has advanced. Current dwell times for threat actors have hit a new low of 20 days, on average. This is a marked difference from years past, when attackers could lurk undetected for months at a time.
Every day, security teams are working to raise the cost of crime for threat actors — leveraging their technical know-how with advanced security tools to discover breaches sooner and minimize damage wherever possible, if not prevent it altogether.
By combining threat intelligence and data at scale with the cutting-edge power of artificial intelligence (AI), we’re able to amplify the impact of cyber defenders everywhere. Keep reading to learn how.
How to Enable Defense at Speed
The amount of data we create, capture, copy, and consume is growing rapidly. By 2025, global data creation is projected to reach more than 180 zettabytes. Thankfully, the cost of storing and querying data has dropped dramatically in recent years thanks to competition among cloud providers.
In turn, these reduced costs have enabled companies to invest in deploying higher resolution sensors across their digital estates to capture more threat signals. Organizations can also unify these threat signals across endpoints, apps, identities, and cloud platforms because of the rise in advanced security tooling, such as extended detection and response (XDR) and security information and event management (SIEM) solutions.
However, the core challenge remains: How do defenders efficiently and effectively analyze their current volumes of data to unearth relevant insights and respond in real time? That’s where AI comes in.
Targeted, well-indexed data is what enables defenders to detect and understand threats. By feeding threat intelligence into an AI model, security teams are able to use threat intelligence as the labels and training data that teach AI how to predict the next attack. Likewise, when cyber defenders leverage threat intelligence to successfully thwart or quickly resolve a cyberattack, AI models can digitally model their experiences against other security signals. This creates a deeper understanding of adversarial behavior and helps spread the learnings from past cyber breaches to other organizations to inform future defense strategies.
However, AI’s real benefit is that it enables companies to scale defenses at the rate of attack. This is because AI can process threat signals and connect seemingly disparate data much faster than human investigators. This lightens the load on security teams, freeing them up to do more complex work while also helping ensure companies are acting on threat intelligence in a timely manner. This has catapulted us into a new era of AI-enabled security.
Previously, AI was embedded deep inside technology. It excelled at task-specific functions, like detecting phishing attacks or password sprays, but the average customer was unable to interact with AI directly. Today we’re seeing a new world of generative AI that’s built on foundation models intended to upskill defenders everywhere. By combining AI and threat intelligence with data at scale, cyber defenders are empowered to work smarter and faster than ever before.