Cyber Security and Forensics Will Always Remain An In Separable Pair. 4 Reasons Why So...
Artificial intelligence (AI), and the Internet of Things (IoT) are the buzz of modern days, creating havoc in our life and lifestyle. On the flip side as a package gift, we are increasingly exposed to security and threats.
A common future prediction among many is that in our coming world, computers and IoT devices are going to replace humans. Yet another sect believes that such devices will remain at their places and so will biological intelligence (BI), maintaining a balance between AI and BI.
Digital Forensics and Incident Response (DFIR) is a beautiful example of this, complimenting both AI and Security Automation in the world flooded with Iot devices and Intelligent-software.
Companies like IBM are offering programs in Cyber Security and Forensics. Courses like B.Tech in Cyber Security and Forensics in collaboration with IBM as offered by cyber security colleges in India, are gaining popularity with plenty of future opportunities.
The importance of Cyber Security and Forensics is not going to reduce anytime soon even though thought otherwise by some believers.
Here are the reasons...
1. AI Security Alerts Increase Incident-Response Workload
True, AI is giving a better threat detection option, yet it comes with a bonus of a higher rate of false positives in malware detection, a byproduct of excessively sensitive detection. Also, AI gives only a limited information about the malware it detects leaving the forensics to do the rest. Even data scientists and vendors agree to these.
Before AI, threat detection was done through sandbox or by reverse engineering that gave detailed reports of malware behavior, capabilities and other threat intelligence as well.
AI- based detection only reports a threat from a particular threat model. Detail investigation of incidents will still need the intervention of human intelligence.
2. DFIR Practitioners Are Here To Stay
Modern Security Orchestration Automation and Response (SOAR) products automate incident response and the use of forensic tools through playbooks. Though this may reduce the human intervention need but cannot replace the human skills.
Processes like reverse engineering or carving encryption keys from RAM in a ransom ware incident still need involvement of experienced DFIR experts.
Security experts say that most organizations are not digging deep into the forensic toolbox and many important threat alerts are not being given enough attention.
SOAR's main contribution is its use as a forensics force multiplier but in-depth investigations are still best done by the human experts.
3. Cloud Could Be As Cloudy
Often it is assumed that in near future, Cloud service providers, SaaS and IoT device vendors are going to replace the Security departments. But it isn't so.
Simply because an organization’s biggest security loophole is its internal users who click phishing emails, open dangerous websites and insert risky USB devices bringing from anywhere.
Even employees could be a sketchy tablet, kiosk or chip infected with a malicious code and connecting with the organizations cloud-based CRM or source code repository. Such things are going to remain and so will the need of forensic experts.
4. AI on Both Sides Of The War!
Profusely funded cyber warfare and attempts to hack digital cash/banking system are employing some of the best brains and talents. Similar kind is working with security vendors / security departments as well. Often the same set of people work for both!
Though AI is supplementing threat analysis but the same AI is deployed on both sides of the war! AI-hacking tools can bypass the AI detection system. Digital forensics experts will be needed to reduce the dwell time of hacker and when security fails, DFIR (people and process) skills will prevail.