Anomali, the leading AI-powered security operations platform, today announced the results of its Cybersecurity Priorities 2024 Report, which revealed that security industry leaders believe that AI and automation technologies are critical to addressing the complexities of modern security operation: Anomali Survey Reveals AI, Automation, and Auditing the Tech Stack as Top Security Industry Priorities | Business Wire.
Security analysts maintained that up to 57% of their daily tasks could be automated – while 76% of respondents think that AI technology will deliver faster threat detection and personal productivity gains. The report surveyed 150 senior industry professionals – including CISOs and their management teams.
Nearly half (47%) of respondents reported that their current security operations centers (SOC) do not provide adequate infrastructure visibility, which is critical for detecting and responding to malicious activities.
Additional key survey findings include:
- Security investments in 2024 will prioritize cloud security and AI technology. 88% of respondents will focus their security investments on cloud security, with 55% focused on AI technology.
- CISOs plan to consolidate tools rather than add more complexity. 68% of CISOs surveyed are planning to consolidate the number of vendors/tools they use wherever possible. Meanwhile, only 26% of CISOs plan to add new technology to address security gaps and emerging threats.
- Most security pros would prefer to use a single platform for SOC management: 87% of respondents would like to see multiple technologies consolidated into a single SOC platform.
To gain further insights, we spoke with Scott Dowsett, Field CTO at Anomali, about the report’s findings and their impact on the cybersecurity industry.
Can you provide the motivation behind and an overview of the key findings from the Cybersecurity Priorities 2024 Report?
The motivation for the report was to get a first-hand perspective on what is driving decision-making within the cybersecurity domain. This is a complex and dynamic area, and the people we spoke with are all experts with deep domain knowledge. You can find a summary of the key findings here.
The report highlights that security analysts believe up to 57% of their daily tasks could be automated. How do you see AI and automation technologies shaping the future of security operations?
The signal-to-noise ratio in most SecOps organizations is very low, in part because adversaries are also using AI at high speed, so the threats are faster, more subtle, and more dangerous. An AI threat is best managed by an AI defense. The volume of threats at this point is well past what even an experienced analyst can manage, so the application of AI cyber defense is the best way to stay ahead of antagonists who are not constrained by rules of engagement.
According to the report, 76% of respondents believe AI technology will deliver faster threat detection and personal productivity gains. Could you elaborate on how AI is enhancing threat detection capabilities?
A simple example: the Anomali Security Analytics Platform can search back for threats through multiple petabytes of data in under two minutes using AI. Doing a search like this pre-AI would have taken weeks, at a minimum. AI can apply this level of speed to nearly anything, so as long as you have a way to minimize hallucinations, this is a very powerful enabling technology.
Infrastructure visibility seems to be a significant challenge, with 47% of respondents reporting that their current security operations centers (SOC) do not provide adequate visibility. What steps can organizations take to improve infrastructure visibility?
They lack visibility because they are working with siloed or legacy solutions that were not originally designed to work together. Working in the cybersecurity domain requires adaptability and speed, and the most adaptable approach is one anchored in a cloud-native AI-enabled solution. This provides consistency of perspective, lightning-fast speed, and ease of use. Everyone wins—except the bad guys.
The report indicates that security investments in 2024 will prioritize cloud security and AI technology. Could you discuss why these areas are becoming increasingly important?
The short version: nearly everything is moving to the cloud for a variety of reasons (scalability, cost, etc.). This is the same as Willie Sutton’s response to why he robbed banks: “Because that’s where the money is.” Cybercriminals will focus on the cloud because that’s where the data is. And AI? Everyone has access. This is of particular concern when people with no restraints get their hands on advanced technology. The only feasible way to respond to an AI threat is with an AI defense.
CISOs are planning to consolidate tools rather than add more complexity. How can organizations effectively consolidate their security tools without sacrificing effectiveness?
Look for a cloud-native solution, and for the thoughtful application of AI capabilities to specific problems (not a one-size-fits-all ChatGPT scenario). Interfaces should be graphical and configurable to specific users’ needs. Look for a solution that embraces an open API architecture while requiring robust authentication.
The majority of security professionals would prefer to use a single platform for SOC management. What are the benefits of using a single platform, and what challenges might organizations face in achieving this?
Ease of use and consistency of execution are the primary advantages. If all relevant applications are working in unison, then everyone is working from the same sheet. The challenge is around what people are used to working with; no one likes a steep learning curve, and moving to a unified platform can take people out of their comfort zone. On the other hand, if you work in cybersecurity, you should never be in a comfort zone.
What are the biggest cybersecurity challenges organizations are likely to face in the coming years, and how can they prepare for them?
We published a blog about exactly this, which you can read here.
With the ever-changing regulatory landscape, how do you see recent regulations impacting cybersecurity strategies, and how are organizations adapting to ensure compliance and security?
Compliance mandates have two elements, both of which have a significant impact. The surface reason for compliance is the protection of data and privacy in the context of preventing threats. Unfortunately, most organizations are not particularly good at self-regulation, and compliance mandates are an effective way to ensure they pay better attention. The subsurface reason is that compliance violations are a potentially juicy revenue source, particularly at the state level. California has CCPA/CPRA, and now other states (New York, Texas, etc.) are looking at what California has done and are eagerly following their lead. This is the organizational equivalent of a speeding ticket—a self-imposed tax. The laws are also dense, opaque, nit-picky, subject to retroactive enforcement, and most regulators seem very willing to test the statutory limits on fines. There is a significant downside to this; states (potentially all of them, plus GDPR, industry-specific ones like HIPAA, etc.) will see this as an opportunity, so you can expect this whole area to get increasingly tighter and even more complex over the coming years.
What to do about it: If you don’t have someone focused on compliance at the executive level, it’s probably a good idea to pull that in sooner rather than later. They should also work hand-in-hand with your in-house counsel. And your in-house counsel needs to be backed up by a law firm that specializes in compliance. And, you’ll need more than one since regional or domain requirements tend to be specialized (CPRA vs. GDPR vs. HIPAA, etc.). This sounds expensive (and it is), but it’s way cheaper than paying the fine.
What would be your main takeaway message for organizations looking to enhance their cybersecurity strategies based on the findings of the Cybersecurity Priorities 2024 Report?
SIEMs are helpful but are also ripe for upgrading or replacement (particularly if costs can be contained), and consolidating and accelerating detection to remediation is a top priority – most of this will be in the cloud (according to 88% of respondents). AI is seen as a critical enabler for all this, but like any disruptive technology entering a complex cybersecurity stack, working through the details will be immensely complex, and the downside to errors is non-trivial.