In our discussions with cyber threat intelligence teams over the past year, one of the biggest topics has been AI and automation. Government agencies, commercial businesses, and other enterprises are expanding their use of these technologies in an effort to respond to cyber threats more efficiently.
Still, there’s a lot of hype around the subject, so we wanted to understand what’s truly happening. How are different teams using AI and automation in their day-to-day workflows? And how are they integrating it into their more strategic initiatives?
To find out, we partnered with researcher UserEvidence to survey over 520 cybersecurity leaders across industries and countries. Here are a few key themes we uncovered:
#1: Adoption is happening, but what about active use?
The survey revealed that nearly 75% of organizations are moving beyond AI pilots to active implementation of AI and automation in their threat intelligence programs.
The survey also found that smaller organizations (1,000–5,000 employees) are moving the fastest, with 87% of respondents from smaller organizations actively using AI in threat intelligence. By contrast, respondents from larger organizations are relatively evenly split between those whose teams are fully embedding AI and those who have select team members using AI by choice.
Surprisingly, a number of respondents reported that their teams have generative AI tools available but don’t actually use them, or use them in limited ways. This could be due to unclear use cases, tool-related limitations, or inadequate training.
There are significant regional differences in active use as well. While 30% of respondents in Europe, the Middle East, and Africa (EMEA) and 32% of respondents in Asia Pacific and Japan (APJ) said they’ve fully embedded AI across the threat intelligence lifecycle, just 15% of respondents in North America (NA) have reached this advanced stage. Read the report for a full breakdown of survey responses.
#2 The value of AI and automation are evident, but teams aren’t necessarily maximizing ROI.
Respondents overwhelmingly said that AI and automation are demonstrating value for their organizations, with at least 85% of implementations meeting or exceeding expectations in terms of operational efficiency gains. The report dives into the details, comparing operational use cases from analyst efficiency to response times for emerging threats.
In terms of a regional breakdown, APJ organizations were most likely to report that automated threat intelligence workflows have significantly exceeded expectations (34%), while EMEA organizations were most likely to say these automations have somewhat exceeded expectations (33%). NA organizations were most likely to say that they’ve met expectations (49%).
However, respondents were less likely to mention more strategic benefits like proactive threat detection, indicating that AI usage has so far been less effective at making a transformative impact. Download the report for detailed responses.
#3 Implementation barriers still exist.
Despite understanding the benefits of AI and automation, not all security teams are ready to hand critical decisions over to the technology. In fact, many reported that their workflows still require heavy manual effort in key areas.
Given that the tasks mentioned are ideal use cases for automation, it’s likely that many teams have a ways to go in their implementations.
In addition, many teams struggle to find the right AI vendor partner. Most organizations are using a balanced mix of vendor AI and internally developed AI in their threat intelligence programs. Mostly using vendor-provided AI is also relatively common, but few organizations are using only AI built into existing threat intelligence products or relying on mostly custom AI tools.
Some regional differences also stand out. APJ organizations primarily use vendor-provided AI capabilities (50%), while EMEA and NA organizations rely on a balanced mix (41% and 42%, respectively). This may indicate a higher level of trust among APJ respondents or a greater need for customization among EMEA and NA respondents. Find out more about implementation barriers and considerations in the full report.
#4 Security professionals are optimistic about the future impacts of AI and generative AI on their security and workloads.
Despite challenges and growing pains, 86% of respondents expressed high trust in AI-generated outputs.—and mMost say they believe that generative AI could reduce workloads by over 25%.
There’s even bigger value to unlock.
Right now, it’s clear that while organizations are realizing operational efficiencies from AI and automation, the potential benefits are much bigger. Download The State of AI & Automation in Threat Intelligence to find out more about these hidden opportunities, better protect your organization, and drive business forward.
Download The State of AI & Automation in Threat Intelligence to find out more about these hidden opportunities, better protect your organization, and drive business forward.
Learn more about Recorded Future AI, and how organizations and governments across the globe are turning data overload into a strategic advantage.
Source: RecordedFuture
Source Link: https://www.recordedfuture.com/blog/state-of-ai-and-automation-in-threat-intelligence