How Will Forensics Shape the Future of Cybersecurity?

 

Even as the cybersecurity community embraces artificial intelligence (AI), machine learning and Security Orchestration, Automation and Response (SOAR) systems, industry watchers are reassuring forensic analysts that they need not fear losing their role in the future of the profession. If anything, the human element will be more important than ever in a landscape of shifting and increasingly sophisticated cybersecurity threats.

New technologies can be challenging to master, learning new tools can fortify your role and increase your value and advancement opportunities. A higher education degree, like a Master of Business Administration (MBA) with a Concentration in Cybersecurity, can equip you with the technical skills needed to enter into the modern age of cybersecurity.

 

More System-Triggered Alerts Will Require More Human Intervention

While AI is improving and providing more threat detection, “excessively sensitive” systems produce false positives in malware detection because of the many preventative filters they have in place. The frequency of these false detections can be as high as 20%, analyst Paul Shomo states in his CSO article. Humans are needed to verify these false positives, and “AI also passes limited information about the malware it detects, leaving forensics to fill in the rest,” said Shomo.

 

Human-Powered DFIR Will Complement AI-Enabled Monitoring Tools

SOAR systems — which employ AI, machine learning and automation capabilities to detect, identify, pinpoint, analyze and mitigate threats automatically — are showing promise. But so far, these Omni-tools will “open the door to finally employ the proper variety and depth of forensics via automation,” allowing analysts to focus on analyzing important alerts using the digital forensics and incident response (DFIR) process.

DFIR is a specialty in the field of computer forensics where civilian and law enforcement IT professionals examine computing devices, particularly hard drives, to discover and document evidence that may help determine whether the device has been used for criminal purposes or has been the target of a cyberattack. DFIR goes beyond computer forensics. It investigates networks, digital memory, software and more, which could uncover evidence of cyberattack, malware infection or hacking activity such as data breaches and data leaks.

If an “incident” is discovered through digital forensics, the investigation turns to the “incident response” phase, which begins with communication from the incident response manager to relevant parties throughout the organization acknowledging the incident and identifying steps to resolve the issue.

 

Humans Are the Problem and the Solution

“Cybersecurity is a human arms race,” said Shomo.

While AI is the security analyst’s ally, it is a double-agent weaponized by the other side. “AI-powered hacking tools that learn to bypass AI detection were released at last year’s hacker conference, DefCon,” Shomo wrote. “The parity between each side is why, despite security breakthroughs, new attacks will always appear and succeed.”

Some of those attacks will be self-induced. “Your biggest security hole is your user who clicks phishing emails, browses scary websites and inserts sketchy USB devices they pick up in the parking lot,” Shomo said. “This is human nature, and it’s not going away. Neither is the job of investigating the people and devices connecting to your valuable assets,” which is the responsibility of security analysts.

 

Will AI and Automation Replace Security Analysts?

Despite the predictions of job security and an ongoing need for forensic professionals, a survey of analysts by Exabeam released in mid-October 2020 uncovered concern among respondents about analysts’ futures in the era of AI and automation.

While 88% of respondents indicated they believe automation will make their jobs easier, some analysts expressed concern that new technology will replace their roles. Some 47% of respondents younger than 45 and 22% of respondents 45 and older indicated concerns about being replaced by these technologies.

“The concern for automation among younger professionals in cybersecurity was surprising to us. In trying to understand this sentiment, we could partially attribute it to lack of on-the-job training using automation technology,” said Samantha Humphries, security strategist at Exabeam, a provider of security information and event management (SIEM) solutions.

 

Learn more about the Murray State University online MBA with a Concentration in Cybersecurity program.


Sources:

 

AI Village: AI Village @ Def-Con 27

 

BMC Software Incorporated: Digital Forensics Incident Response (DFIR): Incident Response

 

CSOonline: 4 Reasons Forensics Will Remain a Pillar of Cybersecurity

 

Exabeam: Exabeam 2020 Cybersecurity Survey Reveals Job Satisfaction Despite Stress and Opportunities for Change

 

Help Net Security: Most Cybersecurity Pros Believe Automation Will Make Their Jobs Easier

Have a question or concern about this article? Please contact us.

Our Commitment to Content Publishing Accuracy

Articles that appear on this website are for information purposes only. The nature of the information in all of the articles is intended to provide accurate and authoritative information in regard to the subject matter covered.

The information contained within this site has been sourced and presented with reasonable care. If there are errors, please contact us by completing the form below.

Timeliness: Note that most articles published on this website remain on the website indefinitely. Only those articles that have been published within the most recent months may be considered timely. We do not remove articles regardless of the date of publication, as many, but not all, of our earlier articles may still have important relevance to some of our visitors. Use appropriate caution in acting on the information of any article.

Report inaccurate article content: