Leveraging AI and automation for enhanced security operations

In this Help Net Security interview, Michelle Weston, VP of Security & Resiliency at Kyndryl, discusses the key challenges in security operations and how to address them.

The top issues are increasing cyber resilience risks, changing regulatory conditions, and implementing emerging technologies. To tackle these, organizations should focus on a robust cyber resilience strategy and partner with reliable MSPs.

What are the most significant challenges security operations face today, and how can they be addressed?

The three most significant challenges for security operations today are (1) growing cyber resilience risks; (2) changing regulatory conditions; and (3) implementation of emerging technologies (potential benefits and risks). To address these issues, customers should focus on developing a robust cyber-resilient strategy alongside strategic and reliable managed services partners.

Specifically, managed services providers who deliver:

1. Consultative-led services to assess a customer’s cyber resilience posture and provide prescriptive guidance on ways to proactively address preparedness for both cyber incidents as well as the implementation of new cyber regulation;

2. Both incident response and cyber incident recovery services in the event of a breach.

Utilizing this deep expertise is vital for bridging skills gaps and enabling organizations to develop a holistic resilience approach that keeps them at the forefront of regulatory changes and industry trends and ahead of risks.

How can AI and automation enhance the efficiency and accuracy of security operations?

As we improve automation and pair this with AI capabilities, it improves the ability to detect and respond to risks or issues. Used correctly, AI can help enhance security operation capabilities, such as vulnerability scanning, anomaly detection, risk quantification and data enrichment. This results in decreased human error, improved cost efficiency, and better decision-making. These capabilities should be used cautiously, as their full potential and evolution are not yet known.

Outsourcing is a strategy that can significantly impact modern security operations. What role does it play, and what potential benefits and risks should we be aware of?

Environmental, regulatory or rapid technology changes are on the rise. However, it will be difficult for organizations to meet these without the support of business partners to find new cyber solutions or co-innovate to create new standard services. In some cases, this may be an outsourcing model. However, what I’ve seen work well are managed service models in tandem with experienced partners. By working with these partners, internal teams can focus on core business functions and drive business growth. Additionally, these partnerships address challenges and drive co-innovation opportunities, which can spur changes across the industry.

How does tool sprawl affect security operations, and what are the best ways to manage or consolidate security tools?

Customers that have diverse IT estates across multi-site, multi-cloud, multi-vendor and hybrid environments have a few core challenges. First, these complex environments have large attack surfaces that make it difficult to identify risks. Businesses should focus on procuring security services and capabilities that are flexible based on their specific needs, enabling them to consolidate security vendors, limit attack surfaces and centralize technologies.

Second, customers are looking for greater returns on their security investments that bolster cyber resilience, including tapping into their existing security toolset and teams to unlock greater threat insights across their IT estates.

How can the cybersecurity skills gap impact security operations, and how can organizations mitigate this issue?

Cybersecurity resource constraints or skill gaps can be a challenge for many businesses. Retaining an in-house team for cyber resilience, including cyber incident recovery, can be challenging and cost prohibitive.

Organizations with these challenges have two options, based on their unique objectives: 1) to move to managed services; and 2) to augment their current capabilities with the support of a strategic partner.

What emerging technologies or trends do you foresee having the most significant impact on security operations?

The largest and most pressing trend is changing regulations, with DORA, SEC, NIS2 and others that are coming to fruition over the next year. Globally, organizations are looking to get ahead of these regulations, as well as identify strategies and tactics to attain and maintain compliance. Managed services partners are also important when it comes to providing assessments and consulting for organizations, helping to ensure preparedness for new compliance.

For technology, we are seeing AI and machine learning being increasingly applied to drive security operations. These are being included in more security services and are developing at pace to meet evolving customer expectations. Coupled with this is the need to rapidly assess the potential of these emerging technologies and proactively address security standards.