Overcoming the adoption fear: have you put your trust in the machine?

Date:
Fri, 23 May 2025 14:15:23 +0000

Description:
Rob OConnor, EMEA CISO at Insight explores the need for businesses to
overcome their fear of adopting new technologies to protect themselves from developing cyber threats.

FULL STORY ======================================================================

The relationship between cybersecurity and machine learning (ML) began with
an ambitious, yet simple, idea. Harness everything algorithms have to offer and use it to identify patterns in vast datasets.

Prior to this, traditional threat detection relied heavily on signature-based techniques effectively digital fingerprints of known threats. These methods, while helpful against familiar malware, struggled to meet the demand of the increasingly sophisticated tactics of cybercriminals and zero-day attacks.

In the end, this created a gap, which led to a wave of interest in using ML
to identify anomalies, recognize patterns indicative of malicious behavior, and essentially predict attacks before they could fully wreak havoc. Some of the earliest successful applications of ML in the space included
anomaly-based intrusion detection systems (IDS) and spam detection.

These early iterations relied heavily on observed learning, where historical data both malicious and benign was fed to algorithms to help them differentiate between the two. Over time, ML-powered applications grew to incorporate unsupervised learning and even reinforcement learning to adapt to the changing nature of the present threats. Falling short of expectations

Recently, conversation has shifted to the introduction of large language models (LLM) like GPT-4. These models excel at summarizing reports, synthesizing large volumes of information, and generating natural language content. In the cybersecurity industy, theyve been used to generate executive summaries and parse through threat intelligence feeds. Both of which require handling vast amounts of data and presenting it in an easy-to-understand
form.

In line with this, weve seen the concept of a copilot for security surface a tool intended to assist security analysts like a coding copilot helps a developer. The AI-powered copilot would act as a virtual Security Operations Center (SOC) analyst. Ideally, it would not just handle vast amounts of data and present it in a comprehendible way but also sift through alerts, contextualize incidents, and even propose follow up actions.

However, the ambition has fallen short. Whilst they show promise in specific workflows, LLMs have yet to deliver an indispensable and transformative use case for SOC teams.

Undoubtedly, cybersecurity is intrinsically contextual and complex. Analysts piece together fragmented information, understand the broader implications of a threat, and make decisions that require a nuanced understanding of their organization. All under immense pressure. These copilots can neither replace the expertise of a seasoned analyst nor effectively address the glaring pain points that they face. This is because they lack the situational awareness
and deep understanding needed to make critical decisions.

This means that rather than serving as a dependable virtual analyst, these tools have often become a "solution looking for a problem. Adding yet another layer of technology that analysts need to understand and manage, without delivering equal value. A problem and solution: AI meet AI

As it stands, current implementations of AI are struggling to get into their groove. But, if businesses are going to properly support their SOC analysts, how do we bridge this gap?

The answer could lie in the development of agentic AI systems capable of taking proactive independent actions, helping to combine automation and autonomy. Its introduction will help transform AI from a passive handy assistant to a crucial member of the SOC team.

By potentially allowing AI-driven entities to actively defend systems, engage in threat hunting, and adjust to novel threats without the constant need for human direction agentic AI offers a promising step forward for defensive cybersecurity. For example, instead of waiting for an analyst to issue commands, agentic AI could act on its own: isolating a compromised endpoint, rerouting network traffic, or even engaging in deception techniques to
mislead attackers. Have you put your trust in the machine?

Despite this potential, organizations have often been slow in adopting new autonomous security technology that can act on its own. And this uncertainty may be well founded. Nobody wants to stop a senior executive from using their laptop based on a false alert or cause an outage in production. However, with the relationship between ML and cybersecurity set to continue developing, businesses mustnt be deterred. Attackers dont have this barrier to overcome. Without a second thought, they will use AI to disrupt, steal and extort their selected targets. This year, it appears organizations will likely face the bleakest threat landscape to date, driven by a malicious use of AI.

Consequently, the only way for businesses to combat this will be to be to
join the AI arms race - using agentic AI to backup overwhelmed SOC teams.
This can be accomplished through autonomous proactive actions, which can enable organizations to actively defend systems, engage in threat hunting and adapt to unique threats without requiring human intervention.

We've featured the best malware removal.

This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro



======================================================================
Link to news story: https://www.techradar.com/pro/overcoming-the-adoption-fear-have-you-put-your-t rust-in-the-machine


--- Mystic BBS v1.12 A47 (Linux/64)
* Origin: tqwNet Technology News (1337:1/100)