Artificial intelligence (AI) is seemingly everywhere in today’s tech landscape. The hype cycle is in full flow, especially regarding the use of large language models (LLM) for generative AI like OpenAI ChatGPT, Google Gemini and Anthropic Claude. Indeed, many tech companies are determined to add LLM into products where it sometimes seems tacked on. One use case where machine learning solutions, including LLMs and other AI techniques, are providing invaluable assistance to humans, is in cybersecurity defense.
However, there is no end to the misinformation about the rapid expansion of AI solutions changing the threat and defense landscapes. In this blog, we’ll address some of the misconceptions about the impact of AI solutions on cybersecurity and highlight how Progress Flowmon solutions use AI technologies to deliver improved network detection and response (NDR).
On-Demand Webinar
The information in this blog comes from a recent 30-minute webinar titled The Impact of AI on Cybersecurity presented by Filip Černý, Product Marketing Manager at Progress Software. The webinar covered the following topics:
- Emerging cybersecurity trends in the ever-changing threat landscape.
- Use cases where AI is helping cybersecurity efforts.
- How the AI-powered engine of Progress Flowmon NDR helps address cyber threats.
Common Fears About the Impact of AI on Security
In the first part of his webinar, Filip addresses common fears about the rise of the new LLM and other AI-based solutions:
- Fear of job automation - Filip counters this fear by pointing out that the cybersecurity sector has a significant shortfall in the number of people available to fill open jobs. Plus, AI tools need expert human supervision and training to operate efficiently.
- Worry about AI-powered “undetectable” malware - Filip responds that it’s not true that AI-generated malware is more advanced than human-written versions. It lowers the bar to entry and allows criminals with fewer programming skills to create attacks, but these are not highly sophisticated and existing tools can quickly detect them.
- Concern over AI crafting “perfect” phishing emails - Filip dismisses this notion by pointing out that spelling and grammar errors haven’t been a reliable phishing detection indicator for a long time.
The Cybersecurity Threat Landscape
Over the last few years, cyber threats like ransomware, malware and phishing have become more complex and frequent. As Filip notes in the webinar, the number and severity of cyberattacks against organizations have significantly increased.
Cybersecurity Trends
Cybercriminals’ use of AI is influencing the trends in the cybersecurity threat landscape. We’ve seen AI-powered deepfakes emerge as a new threat, with cybercriminals using deepfake video technologies in phishing scams. Ransomware attacks have persisted and multi-pronged extortion tactics are becoming more common. Supply chain attacks also have skyrocketed by over 600% compared to the previous year.
Human error is a major factor in successful cyberattacks, with some surveys reporting that it is at the root of 95% of all data breaches. The use of AI solutions to make more convincing deepfake audio and video, phishing emails and realistic dummy websites for credential harvesting and drive-by malware deployment has increased the risks we all face and reduced the effort needed by bad actors when mounting attacks.
Filip recently wrote a blog post on the 2024 cybersecurity threat landscape, in which he examines the threats that will be significant this year in greater detail.
Cyber Defense Challenges
The increased attack activity over the last few years (which shows no signs of decreasing) has burdened cybersecurity teams. Security analysts face a rising number of security alerts, with over 55% having more than 10,000 daily alerts. This situation leads to alert fatigue, which increases the likelihood of missing crucial incidents.
The problems faced by cybersecurity teams have changed over the last decade. As Figure 1 shows, in 2015, the issue faced was the lack of visibility on the network and security-related events. Today, with the advent and deployment of increasingly sophisticated detection tools, the problem is that there are too many alerts, which makes it difficult, if not impossible, for IT professionals to identify dangerous activity.
Figure 1: The evolution of cyber defense challenges
This difficulty has real knock-on impacts on cybersecurity, as shown in Figure 2.
Figure 2: The results of alert overload
The volume of alerts often leads to teams filtering what they see, which increases the risk of an attack method slipping under the radar and allowing cybercriminals to access systems and data.
Flowmon NDR Uses AI to Boost Cybersecurity
The use of AI tools isn’t only open to attackers. The good guys can also use the rapidly evolving AI-based solutions to boost defenses. Flowmon NDR uses AI to detect anomalies and prioritize security alerting. It combines machine learning, heuristics, behavioral analysis, adaptive baselining and threat intelligence to empower security teams by providing them with filtered, relevant and actionable information derived from the raw alert data.
Filip explains during the webinar that Flowmon NDR has the knowledge and AI engine to inform analysts: “What does this mean? What can we do about it? How can we remediate it?” By providing a knowledge-based machine-learning component in our NDR solution, we supplement the expertise available in your current cybersecurity team. This increases the capacity of the defensive response and the ability to detect and respond to threats quickly.
Figure 3 shows four top-level benefits that Flowmon NDR provides: a powerful detection engine, an extensive experience knowledgebase, smart prioritization of alerts to surface critical events and automation of analytics to streamline cybersecurity.
Figure 3: Flowmon AI-based NDR benefits
The headline benefits of using Flowmon AI-based NDR include the following:
- Reduces the time to detect a breach
- Helps to prioritize security alerts
- Reduces the workload for security analysts
- Improves the efficiency of security investigations
Customers achieve these benefits across on-premises, cloud and hybrid settings in the current infrastructure deployment environment.
An AI-Focused Customer Success Story
Filip shares a compelling customer success story on the webinar (without naming the customer for privacy reasons). This customer, who had Flowmon NDR deployed, was able to detect an infected device acting as an illicit gateway to the Internet. When other devices used it to access resources outside the local network, it recorded details such as authentication credentials. The incident was dealt with in an hour and, more importantly, no harm was done as the customer used the AI-driven, anomaly detection capabilities of Flowmon.
You can read many more Flowmon NDR and related solutions success stories on our case studies page.
Try Flowmon for Yourself
Visit the Flowmon platform page for details of the Flowmon solution and the Flowmon Security Operations page for more information on Flowmon NDR. If you’d like to speak with an expert about how Flowmon can help improve the security of your networks, don’t hesitate to contact us.
