卡巴斯基专家称：人工智能（AI）可以补充亚太地区的IT安全团队

But with caveats organisations and enterprises should take note of

但各个组织和企业应当注意以下几点

24 August 2023

With the Asia Pacific (APAC) lacking a total of 2.1 million cybersecurity professionals as of 2022, Kaspersky expert deep dives into how cybersecurity teams can utilised Artificial Intelligence (AI) to boost the current defenses against the fast-evolving threats in the region.

截至2022年,亚太地区(APAC)网络安全专业人员缺口总共达到210万,卡巴斯基专家深入探讨了网络安全团队如何利用人工智能(AI)来增强当前对该地区快速发展的威胁的防御能力。

Saurabh Sharma, Senior Security Researcher for Global Research and Analysis Team (GReAT) Asia Pacific at Kaspersky, reveals that as cybercriminals can exploit the power of AI, cybersecurity teams can also make use of this technology for the good.

卡巴斯基全球研究与分析团队(GReAT)亚太区高级安全研究员Saurabh Sharma揭示,网络罪犯可以利用人工智能的力量,而网络安全团队也可以从好的方向利用这项技术。

“As of 2022, APAC needs to meet a 52.4% cybersecurity talent gap as the region drives its digital economy. This urgent need can drive IT security teams to look into using smart machines in augmenting their organisations’ cyber defenses and AI can do help in key areas like threat intelligence, incident response, and threat analysis,” says Sharma.

“截至2022年,亚太地区对网络安全人才的需求缺口为52.4%,以推动该地区的数字经济发展。这种迫切的需求可以推动IT安全团队考虑使用智能机器来增强其组织的网络防御,而人工智能可以在威胁情报、事件响应和威胁分析等关键领域提供帮助,”Sharma表示。

Threat Intelligence is a cybersecurity aspect which involves gathering relevant information about a threat actor. Sharma says AI algorithms can be used to quickly access and analyse previously published research and previously seen tactics, techniques, and procedures (TTP's), leading to the development of a threat hunting hypothesis.

威胁情报是网络安全的一个方面,涉及收集有关威胁参与者的相关信息。Sharma表示,人工智能(AI)算法可用于快速访问和分析以前发表的研究成果以及以前见过的战术、技术和流程(TTP),从而提出威胁追踪假设。

Kaspersky’s expert also reveals that for cyber incident response, AI can suggest anomalies in a provided set of logs, understand a security event log, generate how a particular security event log may look like, and suggest steps to look for initial implant like web shell.

卡巴斯基专家还透露,对于网络事件响应,人工智能可以在提供的一组日志中发现异常,了解安全事件日志,生成特定安全事件的日志特征,并提供用于查找初始植入物(如web shell)的步骤。

In terms of threat of analysis or the stage where cyber defenders try to understand the working of tools used in an attack, Sharma notes that technologies like ChatGPT can assist even in identifying critical components in a malware code, deobfuscating malicious script, and creating dummy web servers with particular encryption schemes.

Sharma指出,在威胁分析或网络防御者试图了解攻击中使用的工具的原理阶段,象ChatGPT这样的技术甚至可以帮助识别恶意软件代码中的关键组件,对恶意脚本进行反混淆,并创建具有特定加密方案的假冒Web服务器。

Sharma, however, highlighted the limitations of AI in building and maintaining cyber defenses. He reminds enterprises and organisations in APAC:

但是,Sharma也强调了人工智能在建立和维护网络防御方面的局限性。他提醒亚太地区的企业和组织注意:

To focus on the augmentation of existing teams and workflows

重点加强现有团队和工作流程

Transparency must be part of Generative AI exploration and application, especially when it provides incorrect information

透明度必须是内容生成型人工智能探索和应用的一部分,特别是当它提供不正确的信息时

All interactions with Generative AI should be logged, made available for review, and maintained for the life of the products deployed in enterprises

与内容生成型人工智能的所有交互都应记录下来,以供审查,并在企业中部署的产品的生命周期内进行维护

“AI has clear benefits for cybersecurity teams, especially in automating data collection, improving Mean Time to Resolution (MTTR), and limiting the impact of any incidents. If utilised effectively, this technology can also reduce skill requirements for security analysts but organisations should remember that smart machines can augment and supplement human talent, but not replace it,” he adds.

“很显然,人工智能对网络安全团队有益处,特别是在自动化数据收集、缩短平均解决时间 (MTTR) 和限制事件的影响方面。如果得到有效利用,这项技术还可以降低对安全分析师的技能要求,但组织应该记住,智能机器可以增强和补充人类的才能,但不能取代它。

Kaspersky will continue the discussion about the future of cybersecurity at the Kaspersky Security Analyst Summit (SAS) 2023 happening in Phuket, Thailand, from 25th to 28th October.

卡巴斯基将于10月25日至28日在泰国普吉岛举行的2023年卡巴斯基安全分析师峰会(SAS)上继续讨论网络安全的未来。

This event welcomes high-caliber anti-malware researchers, global law enforcement agencies, Computer Emergency Response Teams, and senior executives from financial services, technology, healthcare, academia, and government agencies from around the globe.

这次活动欢迎来自全球各地的高水平反恶意软件研究人员、全球执法机构、计算机应急响应小组以及金融服务、技术、医疗保健、学术界和政府机构的高级管理人员参加。

Interested participants can know more here: https://thesascon.com/#participation-opportunities

有兴趣的参与人员可通过以下链接了解更多详情:https://thesascon.com/#participation-opportunities

About Kaspersky

关于卡巴斯基

Kaspersky is a global cybersecurity and digital privacy company founded in 1997. Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection, specialized security products and services, as well as Cyber Immune solutions to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky technologies and we help over 220,000 corporate clients protect what matters most to them. Learn more at www.kaspersky.com.

卡巴斯基是一家成立于1997年的全球网络安全和数字隐私公司。卡巴斯基不断将深度威胁情报和安全技术转化成最新的安全解决方案和服务,为全球的企业、关键基础设施、政府和消费者提供安全保护。公司提供全面的安全产品组合,包括领先的端点保护解决方案以及多种针对性的安全解决方案和服务,全面抵御复杂的和不断演化的数字威胁。全球有超过4亿用户使用卡巴斯基技术保护自己,我们还帮助全球220,000家企业客户保护最重要的东西。要了解更多详情,请访问www.kaspersky.com.