The Standard | Human Intelligence Matters in the Era of AI-powered Cybersecurity

Human Intelligence Matters in the Era of AI-powered Cybersecurity

Protecting businesses from cyberattacks is a strenuous job. It has become even more challenging with the rise of AI. Automation and analytics have enabled threat actors to launch attacks fast and furious. This is why cybersecurity professionals are also turning to AI for defense.  

AI is truly remarkable at enabling cybersecurity. With the ability to process vast amounts of data and identify patterns, it can detect anomalies that may go unnoticed by humans. Machines don't need to sleep, so they can monitor around the clock, providing uninterrupted protection. When attacked, the automation capabilities can also speed up responses, helping businesses recover faster.

However, our experience in this field has demonstrated that AI will never replace human intelligence in the people and process-oriented cybersecurity business.

Humanizing Cybersecurity Framework

At CITIC Telecom CPC, we inject human intelligence across four stages of the cybersecurity framework—Identify & Predict, Protect, Detect, Respond & Recover—to redefine enterprise protection with TrustCSI™ 3.0.

Through this practical experience of implementing these technologies, we realized the unique value of integrating human intelligence with AI. From complex decision-making to strategy planning and legal interpretation, experienced security experts possess unique qualities that make them irreplaceable.

The "Identify & Predict" pillar is the cornerstone of our cybersecurity framework. On top of leveraging different applications and network assessment tools to scan and identify vulnerabilities, our security experts also integrate their insights with customers' business processes to offer actionable recommendations in our Information Assessment Service (IAS). Through understanding the market landscape and business priorities, these experts can also help allocate security resources that align with business goals.

Another key service in this pillar is the Penetration Test with AI. This lightweight, self-testing technology allows businesses to conduct routine AI-driven tests for specific threats, like weak password testing, SQL injecting, or XSS testing. Adding to this AI tool is our security expertise, helping businesses configure the perimeter of these tests and develop customized penetration tests.

Bring "HI" to AI 

In the "Protect" pillar, cybersecurity solutions  like next-generation firewalls (NGFW), web application firewalls (WAF), and secure access service edge (SASE) are crucial in safeguarding against cyberattacks. These solutions covering different domains—network, application, and end users—across the customer's environment are often configured separately, resulting in inconsistency in security measures.

To bridge this gap and bring “HI” to AI, our team of security consultants leverages their real-world experiences in implementing these solutions, they design a standardized security policy, identify the appropriate technologies, and configure them to enable consistency with a comprehensive cyber protection solution.  Customers can rely on our expertise to safeguard their network infrastructure and enable secure operations.

In addition to security consulting, Managed Security Services (MSS) is another service that relies on human intelligence. This service continuously protects and monitors customers' security posture by combining our world-class security operation centers (SOCs) with certified security experts.

The threat landscape and compliance requirements across different regions of the world are constantly changing. Identifying only the known attacks is no longer enough to protect businesses from zero-day attacks and regulatory misconduct. This is when the "Detect" pillar, a watchful guardian, becomes essential.

Technologies like the Dual SIEM, endpoint detection and response (EDR), and AI-enabled user and entity behavior analytics (UEBA) are vital in identifying patterns and potential unknown threats. However, these tools do not understand the business context and recognize the threat severity level. Security experts—bringing global technical expertise with local legal know-how—can provide the context from these abnormal patterns and prioritize their risk levels.

Battling with speed and insights

Cyberattacks are growing in frequency and sophistication. Businesses are bound to fight against cyberattacks sooner or later. When that happens, speed is everything.

To help businesses drive automation and act fast during attacks, our "Respond & Recover" pillar takes advantage of innovative security orchestration, automation, and response (SOAR) tools.

But taking immediate action is not sufficient; taking appropriate action is equally crucial. With real-world experience battling different attacks and international certifications like CISA, CISSP, and CompTIA Security+, our security experts ensure every action counts.

They drive global best practices that align with customers' unique business environments to design customized playbooks. It details workflow and mitigation measures based on customer requirements, allowing businesses to act swiftly with trackable and auditable records at critical times.

Cross-border protection with industry best practices

Combining human intelligence capabilities across the four-pillar cybersecurity framework with our three top-tier SOCs is the foundation of our latest SOC-as-a-Service (SOCaaS).

With recognized certifications like ISO 9001, our self-managed SOCs are strategically located in Hong Kong, Guangzhou, and Shanghai, providing cross-border protection for businesses. Apart from managing these SOCs, our MSS experts also analyze logs collected from our Dual SIEM platforms and correlate them with an industry knowledge base—allowing us to help businesses develop a better defense strategy and stronger protection.

This offering aims to deliver future-proofing digital security with a "global-local" approach. It brings world-class security solutions with local regulatory know-how to safeguard businesses with a strong compliance focus, providing our customers peace of mind.

This combination of human intelligence with AI-powered cybersecurity practice is not only a theory; it has also been tested and proven.

Our cybersecurity experts have recently designed and conducted a Cyber Attack and Defense exercise for a China-based enterprise using multiple AI-powered cybersecurity tools. Integrating our human intelligence with AI has allowed us to protect a large-scale operation with 750 devices in China and 400 in Hong Kong and train more than 2,000 employees across different locations.

Within the two-week exercise, our managed device system detected more than 540 attacks, blocked off more than 8,000 IP addresses and 25,000 specious emails, and prevented over 200 attacks from the web application firewall.

This exercise is a perfect example of how AI and human intelligence can collaborate seamlessly to drive exceptional results. While AI has proven to be a valuable tool, it can never replace the importance of human expertise. The ability to bring human insights and AI working together is crucial to creating a secure and future-proofing digital business.

For more information regarding cybersecurity solutions, please visit here or contact CITIC Telecom CPC at info@citictel-cpc.com.