Home > Article > Technology peripherals > Human and machine intelligence: Artificial intelligence in security operations
Most commercial AI success is related to supervised machine learning ML. Examples include smart home assistants’ understanding of spoken language and self-driving cars’ object recognition, all leveraging the vast amounts of labeled data and computation required to train complex deep learning models. However, in the field of network security, although AI can be used to improve the efficiency and scale of security operations teams, it requires a high degree of human participation, otherwise it cannot solve most network security problems, at least for now.
#In addition, the digital noise generated by human behavior in the enterprise environment makes anomalies in the system common, making it impossible to determine whether they represent attacks. . Therefore, the effect of abnormal behavior detection based on artificial intelligence is not ideal. For example, a large enterprise that produces 1 billion remote sensing data per day uses machine learning to detect threats. Even if its accuracy is 99.9%, it means finding the real attack event among 1 million false positives. Overcoming this imbalance in detection data requires a lot of professional knowledge and a multi-pronged approach. detection strategy.
But obviously without AI, things can only get worse. There are still ways to harness the power of machine learning to improve operational efficiency. Here are three principles that security operations teams are advised to consider:
Artificial intelligence is a supplement to human intelligence, not a replacement. In the environment of complex systems, especially when confronting rapidly adapting and intelligent opponents, automation technology with active learning as its core will bring extremely high value. The main job of humans is to regularly check the machine learning system, add new examples, and continuously adjust and iterate.
#You don’t need to be an AI expert to make good decisions, but the premise is to make sure you choose the right tools The right tools.
It’s ironic that many cybersecurity professionals who trust AI to drive their cars, Skeptical about the role of artificial intelligence in cybersecurity countermeasures. However, today, when massive amounts of data and alarms need to be processed, automated operations are one of the most effective ways to improve the efficiency of the security operations team, and it is basically the only solution in the future.
Automation frees creative minds from time-consuming operational tasks, especially useful when detecting advanced threats, correlating analysis, prioritizing, and automating low-risk control measures (such as quarantining suspicious files or requiring users to re-verify), these can significantly improve security operation efficiency and reduce network risks.
To sum up, artificial intelligence or machine learning cannot become the only cybersecurity strategy, at least in the foreseeable future. When looking for clues in the vast sea of data, combining machine intelligence with the human intelligence of security experts is the most practical and effective technical means.
The above is the detailed content of Human and machine intelligence: Artificial intelligence in security operations. For more information, please follow other related articles on the PHP Chinese website!