(Greek: κρυπτεία / krupteía, from κρυπτός / kruptós, “hidden, secret things”)

Hypothesize on how threat intelligence analysis jobs will suffer with A.I. being deployed into SIEM and EDR systems

leave a comment »

This article is part of an ongoing experiment with the use of ChatGPT for developing primers on cyber security topics.

One of the ruminations I have had since ChatGPT and AI became a reality for us all, has been humans place in the world once this technology has been eagerly applied to business by corporations. There has been of course, a lot of talking head cut lines out there in the blog and media sphere, but, I wanted to discuss this topic specific to an area I am familiar with. Primarily, the field of information security and in particular, the area of CTI (Cyber Threat Intelligence)

I was having a conversation with my mentee about the job search, and a dearth of positions for a younger person with only a few years of experience in the field as well as my travails in trying to land another position and got on the subject of A.I. I began to hypothesize on the near future, where the A.I. (generative and other) would no doubt, be implemented in the tools of the trade for hacking as well as blue team efforts including that of Threat Intelligence. What I eventually worked out was the notion, like many others out there making prognostications, was that once the technology is integrated more completely with ML, the role of a “Threat Analyst” may become not so much a single role, but, just a portion of a larger role for someone within a security group. As such, the potential for future CTI jobs may be less and less a position one can get.

If the combination of SIEM and EDR systems, both have an A.I. component, then, all of the large data (structured and now, even unstructured) could be sifted through and analysis carried out by an A.I. which then would only have to be told or automatically programmed to create threat analysis reports for all of the various consumers that the organization has dedicated to them, and emailed without human intervention once the maturity model is met.

The natural conclusion of the hypothesis for me, was that what we already see within the security world of contraction and the drive to get more with less (e.g. layoffs and seeing positions for single person catch all duties roles on req’s today) will be exacerbated when A.I. gets wider implementation in the CTI space. Corporations will always seek to spend less, and within the security space, which is always a cost center for corporations, if the A.I. is the panacea, and offered as a service by EDR and SIEM vendors, you can bet that positions will be eliminated just like in other spaces where robotics and A.I. become the go to for cost savings.

Just how long we have is a guess, but, I am going to make a stab at saying that in five years, this is likely to come to pass. So, just one more job that A.I. will likely subsume. Sure, there will have to be human hands involved for a while, but, eventually, the role of a CTI analyst will likely become less and less of a role companies will really need as a single function one that requires a dedicated employee. As the A.I. itself points out below, it will likely be, that we analysts will have to evolve to keep up with the A.I. and service it’s needs to create more components it can use, or create augmentations that, at present, would take human intervention.

…and that is some cost savings given the salaries out there.

Coincidently, this article was on Mastodon this morning as well… The Future of Network Security: Predictive Analytics and ML-Driven Solutions

ChatGPT: “Hypothesize on how threat intelligence analysis jobs will suffer with A.I. being deployed into SIEM and EDR systems”

With the deployment of AI into SIEM (Security Information and Event Management) and EDR (Endpoint Detection and Response) systems, it is likely that some aspects of threat intelligence analysis jobs will be affected. Here are a few potential hypotheses:

  1. Increased Automation: The use of AI in SIEM and EDR systems could automate many routine tasks that are currently performed by threat intelligence analysts. For example, AI could be used to automatically categorize and prioritize alerts, reducing the amount of time analysts spend on these tasks. This could lead to a reduction in the number of entry-level threat intelligence analysis jobs.
  2. Higher Accuracy: AI has the potential to improve the accuracy of threat detection and response, which could reduce the need for human intervention in some cases. However, it is important to note that AI is not infallible and will require ongoing human oversight and tuning to ensure it is effective.
  3. Shift in Focus: As AI takes on more routine tasks, it is likely that threat intelligence analysts will need to shift their focus to more complex and strategic tasks. This could include analyzing trends and patterns in attack data, developing new detection strategies, and investigating new threats.
  4. Need for Specialization: As AI becomes more prevalent in threat detection and response, there may be a growing need for analysts with specialized knowledge in areas such as AI algorithms, data analytics, and machine learning. This could lead to a shift away from generalist threat intelligence analysis roles towards more specialized positions.

With the increasing adoption of AI in SIEM and EDR systems, it is likely that some aspects of threat intelligence analysis jobs will be impacted. As AI becomes more sophisticated, it has the potential to automate routine tasks and improve the accuracy of threat detection and response, reducing the need for human intervention.

While this may lead to improved efficiency and cost savings for organizations, it could also result in the elimination of some threat intelligence analysis positions. This is particularly true in industries where security is viewed primarily as a cost center, and organizations may be more willing to replace human analysts with AI to reduce costs.

However, it is important to note that the deployment of AI in SIEM and EDR systems may also lead to new opportunities for threat intelligence analysts. As AI takes on more routine tasks, analysts may need to develop new skills and specialize in areas such as AI algorithms, data analytics, and machine learning. This could lead to the creation of new, more specialized roles that require a higher level of expertise.

Overall, the impact of AI on threat intelligence analysis jobs will depend on various factors, including the industry, the organization’s view on security, and the level of sophistication of the AI system. While some positions may be eliminated, the deployment of AI in SIEM and EDR systems may also create new opportunities for analysts with specialized skills. It will be important for organizations to balance the benefits of AI with the potential impact on their workforce and develop strategies for reskilling and upskilling their employees accordingly.

Krypt3ia generated this text with ChatGPT, OpenAI’s large-scale language-generation model. This author reviewed, edited, and revised the language to my own liking and takes ultimate responsibility for the content of this publication

Written by Krypt3ia

2023/02/28 at 13:41

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: