How AI is changing India's threat detection landscape

Organisations are increasingly facing complex cyber threats that render traditional protective measures insufficient. As attackers employ more sophisticated techniques to evade detection, a comprehensive approach is essential for identifying and addressing threats early. This is where AI-driven threat hunting becomes crucial.

A February 2024 report from ISC2, a training and certification organisation for security professionals, found that 82% of surveyed members believe AI will enhance their job efficiency in cybersecurity. Detecting and blocking threats ranks among the top five areas where AI, including machine learning (ML) and generative AI (GenAI), supports their work.

AI-based threat hunting is a modern approach to threat intelligence, integrating AI, ML, and big data analytics to improve threat detection and monitoring. Ram Vaidyanathan, an IT security advocate at cyber security firm ManageEngine, noted that AI enables quicker and more accurate threat identification by learning, adapting, and reacting in real time.

Vaidyanathan believes, by analysing large datasets, AI can identify patterns, anomalies, and threats that may escape human analysts. Its advanced algorithms process vast amounts of data in near real-time, enabling the rapid identification of potential threats at a scale unmatched by human efforts.

“This helps security leaders anticipate and pinpoint vulnerabilities before they are exploited, automate detection processes, minimise false positives, and decipher complex patterns,” he said.

AI is further transforming threat detection in cloud environments, enhancing the ability to identify and respond to security threats efficiently. Phani Kishore Lanka, Senior Specialist Infrastructure at Publicis Sapient, believes Generative AI will revolutionise cloud security by analysing extensive datasets in real-time to detect complex patterns often overlooked by traditional methods. This capability allows for faster and more precise identification of threats, including zero-day attacks and advanced persistent threats. Additionally, AI can automate routine security tasks and predict future threats, enabling organisations to proactively strengthen their security posture.

While the use of AI in threat detection is well-established and expected to mature, security leaders also caution against viewing AI as a panacea for enterprise security. Yihao Lim, Lead Threat Intelligence Advisor for JAPAC at Google Threat Intelligence, warned that AI can improve the speed and accuracy of threat detection, provided it is trained with the right datasets and implemented correctly. He explains that AI represents a shift from traditional threat-hunting techniques, which rely heavily on human intervention to monitor suspicious activities.

However, some organisations struggle to tailor AI capabilities to their specific IT environments, limiting the effectiveness of their AI tools. Many also lack the necessary skills and knowledge to fully leverage these technologies.

The integration of AI-driven threat hunting in the cloud also faces significant challenges. Lanka emphasised that the quality and quantity of data are crucial for training effective AI models, which require specialised knowledge for development and maintenance. Additionally, the seamless integration of AI solutions with existing security tools and the management of ethical concerns, such as bias and potential misuse, are critical considerations.

Despite these challenges, the benefits of AI in enhancing cloud security are substantial, offering a promising avenue for improving organisational security. Vinod Jayaprakash, Consulting Cybersecurity Leader at EY Global Delivery Services, stressed that organisations must invest in talent, technology, and processes to fully realise AI's advantages while addressing its limitations. Continuous monitoring, regular updates to AI models, and a balanced strategy that combines AI with human expertise are vital for effective AI-powered threat hunting in the cloud.

According to Gopalan Govindrajen, Advisory Systems Engineer, Dell Technologies, to assess the success of AI-powered threat hunting, key performance indicators (KPIs) such as detection rate, mean time to detect (MTTD), and mean time to respond (MTTR) can be utilised. A high detection rate indicates that the AI system effectively identifies and flags malicious activities, helping to prevent damage. The AI system should also be capable of recognising various attack vectors and threat types, including DDoS attacks, phishing attempts, and insider threats, ensuring a robust security posture.

Moreover, threat actors are also leveraging AI to enhance their attack capabilities, raising concerns within the security community. An April 2024 Splunk report revealed that opinions are also split on whether AI will benefit defenders or adversaries, with 45% predicting an advantage for adversaries and 43% favouring defenders.

Some, like Lanka, however remain optimistic, believing that as tools and skills become more sophisticated, AI will ultimately benefit defenders more than threat actors in the future.