When Protection Fails, Forensics can still win the game
November 3rd, 2019

The business is being disrupted by artificial intelligence (AI), security orchestration, and the Internet of Things. Many analysts also foresee an environment where computers and IoT devices replace robots for employees. Nevertheless, most futurists believe that technology will only grow to a virtual assistant’s level. Tasks will be split between artificial intelligence and human intelligence, they believe. Forensics, the Cybersecurity backbone, is a perfect example of this.
Here are some explanations why Digital Forensics and Incident Response (DFIR) in this universe of intelligent devices and software will gain traction.
The False Positive alerts the AI generates:
Artificial intelligence is improving the detection of threats. Yet AI has its downsides that keep responders busy. Many AI approaches are closer to human intelligence because they think statistically. The risk here is the biases that are present in the training data that model the AI. According to data scientists working with major vendors, the misfiring rates are still close to 20%. Filtering, signature detection and alarm suppressing are often mixed to relieve the user’s burden. That’s why the next Anti Viruses are still included with investigative capabilities allowing humans to vet their conclusion.
Forensic Skills and deep knowledge of practitioners.
Due to lack of profound knowledge in today’s practitioners, they work on mostly Tier 1 issues like light triaging, log file examination, monitoring etc. They hardly hack into forensic artifacts or do reverse engineering during an issue.
Most would accept that companies are hardly reaching into the forensic toolbox and that there are still not enough attention given to critical alerts. But the new Security Orchestration Automation and Response (SOAR) products automate incident response and the usage of forensic tools through playbooks. This could reduce the size of incident response teams but multiply the forensic force.
The biggest security hole is your user
The traditional computing is transitioned into Cloud, Mobile or IoT making it harder for the hackers to access the servers behind the SaaS and the vendor protected Mobiles or IoT. Your biggest security hole is your user who clicks phishing emails, browses unhealthy websites. This could drag them to the dark corners of the internet and infect them with a malicious code which then affects the application hosted in the cloud. A human intelligence is very much needed to investigate this human behavior.
Intelligence on both sides of the war
Government-funded cyber warfare and digital banking plundering opportunities pull bright minds to the dark side. The same level of talent working in security vendors and divisions of InfoSec is now focused on the development of bugs and malware. It’s the same people who do both at times!
Cybersecurity is a human arms race. Sure, AI supplements security analysts, but on both sides of the war, AI is now being deployed by humans. AI-powered hacking tools were released at last year’s hacker conference, DefCon, which learned to bypass AI detection. The balance between each side is why new attacks will always emerge and succeed, given security breakthroughs.
After our defenses are pierced by the onslaught of AI-based attacks, DFIR will have to be used to reduce hacker dwelling time as it always has.
It is still impossible to replace human intelligence. When protection fails, forensics can still win the game.
Follow Us
Other Articles
- A guide to onboard Security Information and Event Manag ...
- Digitalization without Cyber Security
- The story of university data attacks
- What is Soar?
- When Protection Fails, Forensics can still win the game
- Drones are capable to capture your communications!
- 2019 The Year of Cyber Crime
- Email Security Gateways
- Introduction to SIEM
- Insider Threat
- A beginner’s guide to Blockchain
- NoSQL – High-performance, non relational database ...
- Leveraging Cloud for Disaster Recovery
- Application Performance Monitoring
- Cognitive Security AI Driven Cyber Security
- Introduction to Container Services
- Insider Threat Detection
- Build Secure and Governed Microservices with Kafka Streams
- Add and Manage photos in Outlook messages and contacts ...
- Security on a Budget
- About CodeTwo Email Signatures for Office 365
- Googles presence in China
- Check Point Software acquires Dome9 to beef up multi-cl ...
- Exploring the benefits and challenges of hyper converge ...
- Next Generation cloud backup and data protection for Of ...
- Backup for Office 365 with Code Two
- Cyberattack
- Email Security
- Cisco Issues Security Patch
- British Airways Hacked
- AutoML Vision
- Day 2 Keynote: Bringing the Cloud to You
- CI/CD in a Serverless World
- Keynote Google
- Google Cloud Next 2018 in Under 12 Minutes
- UAE Crowned as the most Digital Friendly Country
- Ransomware continues to prey on the UAE
- Chrome for all
- Machine Learning for a Future-Facing ZTS Revolution
- The Dawn of the Cloud
- GDPR
- Will Cryptocurrency Replace Conventional Currency
- Internet of Thing Under Attack
- Cloud Native Computing Transforming IT Infrastructure
- Cyber Security with Artificial Intelligence
- Understanding Cybersecurity at the Corporate level
- Cryptojacking on the rise
- Google discontinues Google Search Appliance (GSA)
- Secure cloud entry points with Google Chrome Enterprise
- Cloud Infrastructure to drive UAE Cloud Computing Market
- AI to contribute $320 billion USD to Middle East GDP by 2030
- Well begun for well being
- A Spin around the Space
- Oracle opens first innovation hub with a focus on AI
- AI to bring a world of opportunities to Dubai
- The BitCoin Revolution
- Annihilating to a Green Thought
- The Intelligent Move
- Looking Right at the Face of Facebook and Google