Here at Elemendar we spend a lot of time talking to the global Cyber Threat Intelligence (CTI) analyst community. While we are well versed in all aspects of CTI, the main topic of conversation is typically Artificial Intelligence (AI) and the role of Machine Learning (ML) within structuring unstructured data.
Some of the commonalities that we have noticed in the course of these conversations is two things in particular
- Lack of awareness around the role of AI within intelligence work
- A concern that the goal of AI is to replace the human analyst
The purpose of this blog is to address these questions and concerns with the objective of developing understanding within the CTI community.
“So, what does AI do for CTI?”
This question is a typical entry to the first point related to the lack of awareness that we often see within the community. The answer is possibly less open ended than the question as to whether AI is just a software tool like any other, that can be applied to a wide range of problems and tasks associated with CTI. Let’s take the classic four step intelligence cycle and see how AI can be applied to each of these steps.
Figure 1: How AI can be applied across the intelligence cycle
Figure 1 demonstrates that AI can be applied in multiple separate ways across the breadth of the intelligence cycle within areas that are easily understandable by all analysts. Elemendar’s READ. tool fits within the Collection phase of the intelligence cycle with the mission of structuring unstructured data being highlighted as our mission.
“So, you structure unstructured data – so what for CTI?”
This is typically the second order question following the initial point. The answer to this is a more strategic response and focuses on the amount of data that a human analyst can consume. In an unstructured format, there is a natural limit to how much a human analyst can consume and how much insight can be drawn from a certain size set of documents. In contrast, within a structured format, a human analyst can consume a far greater range and number of sources. This is shown in the graphic below.
Figure 2: Data to intelligence
Structuring data deducts valuable time from a human at the lower level of the pyramid shown in Figure 2. However AI tools such as Elemendar’s READ. creates speed and efficiency in this process, increasing the overall volume of data a human analyst can consume. In short, freeing the human analyst from mundane data entry and structured tasks. This allows the analyst to now focus on more substantive analysis of threat tactics, techniques and procedures.
“So is Artificial Intelligence going to take my job?”
This is the natural follow up question and the answer is no. AI tools appear to fill the role of humans; and they do, but only on a superficial level. AI is just like any other software tool in that it fulfils a unique role that facilitates the wider goal of the human analyst as opposed to supplanting it.
Like many technological advancements that work within the confines of a human team, the aim is to aid, not to replace, thus increasing efficiency and effectiveness. Accuracy is heavily dependent on both these factors and so using AI within CTI is a pragmatic approach that is proving to be very valuable.
To conclude, this blog has considered some of the more philosophical elements of AI within CTI that we have seen commonly raised during conversation with the wider CTI community.