AI can address cybersecurity personnel shortage
- By Michael Sabo
- Aug 08, 2016
There’s a severe shortage of cybersecurity personnel across all industries, including within the federal government. According to a recent Peninsula Press analysis of data from the Bureau of Labor Statistics, more than 209,000 cybersecurity jobs are currently open in the United States, and job postings are up 74 percent over the past five years. The skills shortage is expected to grow even more dire over the next several years, stressing security managers across government.
This issue is critically important in the federal government because agencies and the military are increasingly targeted by hackers. According to a White House audit earlier this year, the federal government experienced more than 77,000 “cyber incidents,” such as data thefts and other security breaches, in fiscal year 2015 -- a 10 percent increase over fiscal year 2014. To counter the rising number of serious threats, President Obama asked Congress to include $19 billion for cybersecurity funding across the federal government in his annual budget submission, an increase of $5 billion over the previous year.
History has shown it’s not possible to increase or ‘train up’ the cybersecurity talent pool rapidly enough to address escalating threats across the vast federal security landscape. With no relief in sight, new IT security approaches that leverage automation are a highly desirable solution. ‘Work smarter, not harder,’ is especially true when it comes to combatting cyberthreats.
As a first step, agencies must reduce the number of labor-intensive security practices -- configuring and updating signature files, whitelists and blacklists -- that siphon off scarce staff resources. These technologies that were once the backbone of cybersecurity are ineffective against advanced persistent threats and zero-day attacks and squander staff time with their lengthy manual development and testing processes.
Legacy approaches to cybersecurity also result in an overwhelming number of false positive alarms -- far too many for understaffed IT security departments to manage. Broadly written rules flag both illegitimate and legitimate traffic, resulting in an excessive number of false positive alarms that must be investigated and an additional strain on limited staff resources.
Leveraging artificial intelligence, by contrast, can provide real-time attack identification and significantly reduce security risks without impacting staff. For database security in particular, machine learning and behavioral analysis can immediately identify database attacks as well as compromised credentials without generating false positives or using predefined rules and signature files.
Once a model of proper SQL generation behavior by client applications is created, for example, machine learning tools can a compare each SQL statement attempting to access the database against the behavioral model. Any activity that differs from the established behavior is flagged as a likely security event, indicating that the specific SQL statement could not have legitimately been created by the application. With concrete actionable intelligence, agencies can then rapidly respond to a security situation with a proper and targeted response.
The behavioral model will continue to improve as the system learns, so the more SQL statements the AI system analyzes, the better it can respond to future threats. Also, because the deep learning process is automatic, there’s nothing for the agency’s security personnel to configure or maintain.
This kind of analysis also provides immediate protection against zero-day threats because these attacks have behaviors incongruent with established models and thus can be immediately identified. The application of AI to database security has proved highly accurate in immediately identifying even extremely advanced attacks.
As the number of AI-based IT security deployments grows across government, the skills shortage will correspondingly begin to wane. IT security professionals will no longer be tasked with mundane activities and can focus their attention on critical and meaningful efforts. Eventually, multiple AI-based IT security systems from across the infrastructure will be integrated into a unified architecture. The result will be full-spectrum autonomous cybersecurity, essentially solving the information security skills shortage.
Michael Sabo is vice president of marketing for DB Networks.