Barracuda Networks Report Details Benefits of Cybersecurity AI
Barracuda Networks today published a report detailing how the artificial intelligence (AI) it has embedded within its managed extended detection and response (XDR) service is being used to thwart increasingly sophisticated cyberattacks.
The report is based on 950 billion events that Barracuda Networks has collected from networks, cloud services, email, endpoints and server security tools from January through July, which include everything from logins to application and device processes to changes made to configurations and registries.
A total of 0.1% of these events (985,000) were classed as alarms that warranted further investigation. Out of alerts, 1 in 10 (9.7%) was flagged to the customer for checking, while a further 2.7% were classed as high risk and passed to a security analyst for deeper analysis.
In all, 6,000 alerts required immediate defensive action to contain and neutralize the threat to neutralize, example, impossible travel login detections from two geographically different locations in rapid succession, anomalies created by unusual activity such as rare or one-off login times, unusual file access patterns, or excessive account creation, and communication with known malicious artifacts.
Merium Khalid, director of SOC offensive security for Barracuda Networks, said that that level of activity suggests cybercriminals are using multiple tools, including generative artificial intelligence (AI), to launch increasingly sophisticated attacks that are too difficult to detect without using AI.
In fact, it appears in some cases cybercriminals are using automated intelligent scanning to uncover vulnerabilities they might potentially exploit, she added.
As cybersecurity devolves into a battle between AI platforms, most cybersecurity teams are not going to have the resources required to build and maintain their own AI models, noted Khalid. As a result, more organizations are going to need to rely more on managed services provided by vendors that have the resources needed to build and maintain AI models, added Khalid.
It’s not clear how much organizations already rely on managed services, but as AI becomes more widely employed by adversaries, the amount of time cybersecurity teams have to detect and respond to an attack is dwindling. As a result, responses to cyberattacks need to be increasingly automated, noted Khalid.
It may take a while before most cybersecurity professionals come to terms with security operations (SecOps) delivered as-a-service, but ultimately, it should enable cybersecurity teams to focus more of their time on crafting policies. However, time will be of the essence when the difference between a minor and major breach will be measured in seconds.
In the meantime, SecOps teams would be well advised to start evaluating what tasks will be automated by AI to enable them to focus their efforts on mitigating the blast radius of any successful cyberattack. After all, there is no such thing as perfect security—but thanks to AI, there is plenty of opportunity to level the cybersecurity playing field.
