The sheer volume of cybersecurity alerts state governments face is daunting – potentially millions in a single day. Even more difficult is parsing through them to determine which pose real threats. The real challenge this presents for state governments lies in the limited amount of time humans have in rifling through such large swaths of data. In the face of such limitations, IT teams must turn to more efficient methodologies: enter artificial intelligence (AI) and machine learning.
However, the goal is not to replace current security information and event management (SIEM) employees. AI can effectively augment existing professionals’ ability to sort through large volumes to logged events. Machine learning steps in to better categorize valid threats. With more information and time, these systems only serve to vastly improve the capabilities of SIEM teams in the future.
AI is also still limited in its capabilities to properly sort. In the meantime, human counterparts will have to step in alongside these sophisticated programs to ensure classifications and sorting is done properly – machines learning needs guidance, or goalposts, to serve the interests of users. Machines are susceptible to negative feedback loops as well – something that must be corrected in the process.
Machine learning and AI are effective tools at enhancing efficiency. They must be employed properly, of course, but they show the most promise given the challenges SIEM teams face. The government is responsible for a great deal of data, so the risks are also much higher at the state and federal level. Cybersecurity is still a relatively new industry; AI serves to benefit teams with limited time and human capital constraints.