Even as the cybersecurity community embraces artificial intelligence (AI), machine learning and Security Orchestration, Automation and Response (SOAR) systems, industry watchers are reassuring forensic analysts that they need not fear losing their role in the future of the profession. If anything, the human element will be more important than ever in a landscape of shifting and increasingly sophisticated cybersecurity threats.
New technologies can be challenging to master, learning new tools can fortify your role and increase your value and advancement opportunities. A higher education degree, like a Master of Business Administration (MBA) with a Concentration in Cybersecurity, can equip you with the technical skills needed to enter into the modern age of cybersecurity.
More System-Triggered Alerts Will Require More Human Intervention
While AI is improving and providing more threat detection, “excessively sensitive” systems produce false positives in malware detection because of the many preventative filters they have in place. The frequency of these false detections can be as high as 20%, analyst Paul Shomo states in his CSO article. Humans are needed to verify these false positives, and “AI also passes limited information about the malware it detects, leaving forensics to fill in the rest,” said Shomo.
Human-Powered DFIR Will Complement AI-Enabled Monitoring Tools
SOAR systems — which employ AI, machine learning and automation capabilities to detect, identify, pinpoint, analyze and mitigate threats automatically — are showing promise. But so far, these Omni-tools will “open the door to finally employ the proper variety and depth of forensics via automation,” allowing analysts to focus on analyzing important alerts using the digital forensics and incident response (DFIR) process.
DFIR is a specialty in the field of computer forensics where civilian and law enforcement IT professionals examine computing devices, particularly hard drives, to discover and document evidence that may help determine whether the device has been used for criminal purposes or has been the target of a cyberattack. DFIR goes beyond computer forensics. It investigates networks, digital memory, software and more, which could uncover evidence of cyberattack, malware infection or hacking activity such as data breaches and data leaks.
If an “incident” is discovered through digital forensics, the investigation turns to the “incident response” phase, which begins with communication from the incident response manager to relevant parties throughout the organization acknowledging the incident and identifying steps to resolve the issue.
Humans Are the Problem and the Solution
“Cybersecurity is a human arms race,” said Shomo.
While AI is the security analyst’s ally, it is a double-agent weaponized by the other side. “AI-powered hacking tools that learn to bypass AI detection were released at last year’s hacker conference, DefCon,” Shomo wrote. “The parity between each side is why, despite security breakthroughs, new attacks will always appear and succeed.”
Some of those attacks will be self-induced. “Your biggest security hole is your user who clicks phishing emails, browses scary websites and inserts sketchy USB devices they pick up in the parking lot,” Shomo said. “This is human nature, and it’s not going away. Neither is the job of investigating the people and devices connecting to your valuable assets,” which is the responsibility of security analysts.
Will AI and Automation Replace Security Analysts?
Despite the predictions of job security and an ongoing need for forensic professionals, a survey of analysts by Exabeam released in mid-October 2020 uncovered concern among respondents about analysts’ futures in the era of AI and automation.
While 88% of respondents indicated they believe automation will make their jobs easier, some analysts expressed concern that new technology will replace their roles. Some 47% of respondents younger than 45 and 22% of respondents 45 and older indicated concerns about being replaced by these technologies.
“The concern for automation among younger professionals in cybersecurity was surprising to us. In trying to understand this sentiment, we could partially attribute it to lack of on-the-job training using automation technology,” said Samantha Humphries, security strategist at Exabeam, a provider of security information and event management (SIEM) solutions.
Learn more about the Murray State University online MBA with a Concentration in Cybersecurity program.
Sources:
AI Village: AI Village @ Def-Con 27
BMC Software Incorporated: Digital Forensics Incident Response (DFIR): Incident Response
CSOonline: 4 Reasons Forensics Will Remain a Pillar of Cybersecurity
Help Net Security: Most Cybersecurity Pros Believe Automation Will Make Their Jobs Easier
