MinterEllison leans on AI in cyber security ops – Security


Law firm MinterEllison is moving artificial intelligence onto the frontline in its battle against cyber criminals, as it seeks to increase its capabilities and relieve some of the pressure from its human cyber defenders. 



According to the firm’s chief information security officer, Sunil Saale, the firm has implemented AI for various tasks within its cyber security function, including for malware detection on endpoints, email security gateways, secure web gateways and network monitoring – with positive results. 

“Done properly, AI can rapidly speed up detection and containing and remediating incidents,” Saale said. 

Importantly, he said the use of AI was enabling cyber defenders to shift their focus from looking for signals in the noise in favour of addressing actual threats.

Saale warned organisations that failed to investigate the potential of AI risked finding themselves at a disadvantage. 

“With the diverse nature and vast expanse of the cybersecurity domain, the multitude of technologies cyber team needs to upskill with these days, and given the work/task demands, it is impossible to have resources to operate at the same level as past few years,” Saale said. 

“We expect AI to evolve into something similar to ‘J.A.R.V.I.S’ in the Marvel series – not replacing the human, but augmenting the team and our thinking process, helping with validation, walking through decision trees, rapidly building simulation or threat models, etcetera.” 

Another area where AI was identified as having a positive impact was in support of extended detection and response (XDR).

According to the director of MinterEllison’s national cyber security practice, Jay Hira, machine learning is helping XDR to find the proverbial needles in the cyber alert haystack by detecting deviations from normal activity. 

“AI, particularly machine learning (ML), delivers a pivotal advantage to any XDR implementations by effectively distinguishing genuine threats from insignificant noise,” Hira said.  

“The area of automated containment and response is where it is improving significantly, which promises to be a game changer. 

“As the XDR capability matures, there is potential for AI to automate incident prioritisation and response to a greater degree, complementing the cyber defenders and enhancing the overall incident response process.” 

These findings gave Hira confidence that AI could be further relied on in the fight to keep networks and assets secure. 

“AI and ML technology have proven their mettle in analysing large data sets with a high degree of confidence in identifying potential indicators of attack, but it is the blend of cyber defenders and AI-powered XDR solutions working together that produces efficacy in the outcomes,” Hira said. 

However, Saale said the cyber security industry at large was yet to leverage XDR to its fullest capacity, for fear of interfering with falsely flagged legitimate business processes. 

“There is a lot more trust in AI now than ever,” Saale said.  

“While it’s a great to see, I don’t think AI on XDR is at a stage where we can blindly trust it yet. We still need to run a quick verification, but it is more often than not accurate.

“Having said this, we are seeing some rapid progress in in this area, and it is very exciting. With our experience in other products in our portfolio that uses AI, we are confident that it’s only a matter of time.” 

This finding, combined with the ever-shifting nature of threats, led Hira to suggest the future for cyber defence would be built around a blend of human and AI skillsets. 

“Creativity, curiosity, problem-solving, and a commitment to continuous learning are the skills that we look for in candidates joining this industry,” Hira said.  

“With most of the tools and technologies leveraged today either on defence or offensive security being AI-powered, our workforce will continue to lean on these characteristics to navigate this dynamic puzzle.” 



Source link