AI in Cyber Security: From Hype to Reality

Written by Jose Varghese, EVP & HEAD – MDR Services at PaladionArtificial Intelligence in cybersecurity has recently made several headlines:
The Future of Cybersecurity: Artificial Intelligence
How AI is the Future of Cybersecurity

AI in Cyber Security Market to Grow at an Exorbitant Pace (P&S Market Research)
These headlines make seasoned cybersecurity professionals wary. We’ve seen other emerging technologies receive similar attention, and we’ve seen many of them fail to live up to their expectations.

In this article, we will build a real-world perspective on AI in cybersecurity. We will explore where skepticism regarding AI in cybersecurity is justified, how the technology can provide tangible value, and what to look for in an AI-driven cybersecurity provider.

Why We Really Do Need to Bring AI to Cyber Security
Much of the skepticism regarding AI’s application to cybersecurity comes out of a faulty understanding of why we are bringing this technology to our field in the first place. For skeptics, our industry is only discussing AI in cybersecurity because Artificial Intelligence is a hot tech topic in general, and some vendors are bringing it to cybersecurity to simply cash in on the trend.

It’s undeniable that there are some unscrupulous vendors looking to do just that. But we’ve needed to bring a technology like AI to cybersecurity for a long time now due to fundamental changes in the threat landscape.

Over the last 5-10 years, nearly every organization has undergone a digital transformation by adopting Cloud, Mobile, and IoT. These technologies have opened up amazing new organizational capabilities, but they have also created new complexities, interconnections and vulnerability point out that cybercriminals have quickly learned to exploit. Their new wave of creative, complex, multi-channel attacks flood organizations with thousands of alerts and hundreds of thousands of potentially malicious files to analyze every day.

Traditional perimeter and rules-based approaches to cybersecurity no longer apply to the new digital organization, and human-only cybersecurity teams cannot process the flood of threat data they now contend with every day. Artificial Intelligence’s speed, accuracy, and computational power offer our only chance to protect a perimeter-less organization and to continuously process the overwhelming volume of threat data every organization now faces daily.

What Value AI Does and Does Not Offer to Cyber Security
Now, even though AI is necessary to protect the new digital organization against next-generation threats, that does not mean AI is a “magic bullet” solution to modern cybersecurity problems. AI offers a necessary—but limited—element of modern cybersecurity.

These limitations of AI’s application to cybersecurity are not discussed often enough, contributing to the sense that AI is simply hype. Many discussions of AI technology describe it as a kind of generalized human intelligence that can handle every single aspect of cybersecurity on its own, rendering human cybersecurity expertise obsolete.

This is not true. In the real world, AI primarily focuses on deploying Machine Learning (i.e. the automation of data science activities) to process massive quantities of threat data. AI’s ability to perform these activities at a near-unlimited scale, with near real-time speeds, makes it an invaluable ally within a modern, effective cybersecurity program.

And these activities can be performed at every stage of cybersecurity, allowing AI to offer value before, during, and after an organization suffers an attack. But they do not replicate human insight. They do not obviate the need for human cybersecurity experts. And they limit the areas where AI offers the most real-world value to cyber defense.

Where AI Offers the Most Real-World Value to Cyber Defense
At the moment, AI’s data-processing capabilities offer the most value to the following areas of cyber defense:

Threat Anticipation: AI can process over 100 TB of global threat data daily, from hundreds of threat intelligence feeds, to determine which emerging threats are most likely to attack your organization, allowing you to then proactively adapt your defenses against them—before they strike.

Threat Hunting: AI can constantly monitor and comb through all of your organization’s data—not just your security data—to detect patterns, anomalies, and outliers that indicate a likely compromise (even if that compromise does not conform to known attack patterns).

Alert Triaging: AI can deploy Machine Learning methods—such as historical patterning, clustering, association rules, and data visualization—to quickly filter out false positives, reducing the burden on your security team.

Incident Analysis and Investigation: AI can provide data-based answers to threats, in order to quickly determine the identity of the attacker’s identity, map the attack chain, and define the attack’s spread and impact.

Incident Response: AI can centralize and quickly orchestrate a comprehensive response that automates playbooks and includes containment, recovery, mitigation, and defensive improvements, to get you back to business ASAP.

While these activities are impressive—and now essential—it’s important to note they can only be brought to your organization through the correct AI deployment… which is harder to get right than you might think.