In the past few years, there’s been a lot of buzz around artificial intelligence (AI) in cybersecurity. Can AI really help businesses improve their security posture? How can we determine which solutions actually use AI versus which ones make hyped-up claims? For solutions that can help, how do they help?
Obtaining clarity around this subject will help us understand the areas in which AI can help and what value it can add, which will, in turn, help us make more informed decisions. Let’s take a look at some industry definitions of AI, different types of AI and some of the challenges AI helps solve for organizations.
What Is Artificial Intelligence?
AI refers to the capability of computers to take on human abilities, such as to read, drive, reason, research, discover, etc. First, let’s take a look at some of the well-known definitions of AI:
Oxford Reference defines AI as “The theory and development of computer systems able to perform tasks normally requiring human intelligence, such as visual perception, speech recognition, decision-making, and translation between languages.”
Gartner states that “Artificial intelligence applies advanced analysis and logic-based techniques, including machine learning, to interpret events, support and automate decisions, and take actions.”
To summarize, AI in cybersecurity refers to a set of capabilities similar to human abilities that allow organizations to detect, predict and respond to cyberthreats in real time using machine and deep learning.
Types of AI
With AI, information is fed to the system over a period of time that allows it to “learn” which variables to focus on and the desired outcome(s). Over time, it will provide the optimal solution tailored to your specific situation. Below are some terms often used in the field of AI.
1. Machine Learning
Machine learning is a sub-field of AI based on the concept that systems can learn from patterns of data with a minimal amount of human intervention.
2. Deep Learning
A subset of machine learning and inspired by the human brain, deep learning is when algorithms that make up artificial neural networks learn from large amounts of data to solve complex problems.
3. Cognitive Computing
Cognitive computing uses computerized models to help solve problems that require vast amounts of structured and unstructured data with a human-like approach in complex situations by leveraging self-learning technologies that use data mining, pattern recognition and natural language processing (NLP). The objective of cognitive computing defined by IBM is “systems that learn at scale, reason with purpose and interact with humans naturally.”
Common Challenges in Cybersecurity
AI can be leveraged to help solve some of the widespread challenges in cybersecurity faced by most organizations today. These challenges present major obstacles to protecting organizations from cyberattacks and include the following:
1. Skills Shortages
Many organizations are facing an increased risk of security incidents as a result of the widespread shortage of skilled security operations and threat intelligence resources in security operations centers (SOCs). They do not have an adequate number of security analysts to effectively investigate all discovered and potentially malicious behaviors in their environments in a thorough, consistent and repeatable manner.
According to Jon Oltsik, senior principal analyst at Enterprise Strategy Group (ESG), the cybersecurity skills shortage is getting worse each year. And, since most organizations are short-staffed, they keep increasing the workload on existing teams, which results in “human error, misalignment of tasks to skills, and employee burnout.”
2. Rising Cost of Security Breaches
According to the 2019 Cost of a Data Breach Report, the average total cost of data breaches was 95 percent higher in organizations without security automation deployed. By security automation, Ponemon is referring to “enabling security technologies that augment or replace human intervention in the identification and containment of cyber exploits or breaches. Such technologies depend upon artificial intelligence, machine learning, analytics and incident response orchestration.” One of the recommended steps in minimizing the financial impact of a data breach is to “invest in technologies that help improve the ability to rapidly detect and contain a data breach.”
3. Alert Fatigue
Security analysts are bombarded with a massive number of alerts daily. One study from Imperva found that 27 percent of professionals surveyed receive more than 1 million alerts each day. Most analysts don’t have the time to look at even half the alerts they receive each day, and only a small fraction that are identified as threats are actually remediated, resulting in a large number of threats going unidentified and unresolved. This is leading to widespread alert fatigue, analyst burnout and high attrition rates.
How AI Can Help Boost Your Security Posture
AI helps alleviate the cybersecurity skills shortage and can take some of the load off existing SOC analysts by supplementing analyst efforts and significantly reducing the time it takes to conduct investigations — often reducing investigation time from days to hours.
Businesses also benefit from lower costs by leveraging AI. AI helps drive deeper and more consistent investigations each and every time by empowering analysts to make data-driven decisions versus relying on gut feelings. AI gives analysts the information they need to reduce mean time to detect (MTTD) and mean time to respond (MTTR) — with a quicker, more decisive escalation process. Quicker threat identification and containment significantly lowers costs associated with those breaches.
By leveraging AI, organizations often eliminate or drastically reduce having to outsource security investigations to managed security service providers (MSSPs) and this removes costs associated with such services that are no longer required.
AI can also significantly reduce alert fatigue by greatly reducing the number of insignificant alerts received each day and also by creating a prioritized list of alerts for analysts to review. This allows analysts to focus on the most important alerts first instead of having to sift through a huge number of alerts that aren’t significant while potential threats go undetected. By streamlining and prioritizing the alert investigation process, AI can make it more manageable and help ease the burden on analysts, resulting in lower attrition and churn rates.
According to Forrester Consulting, the benefits gained by an organization by leveraging AI include increased SOC analyst productivity, reduced outsourcing fees for investigations and improved organizational security, resulting in an ROI of 210 percent.
Meet Your Business Needs Securely With AI
An effective way to alleviate the problems discussed earlier is to empower SOC analysts with AI in their daily tasks, which boosts analyst productivity and effectiveness. AI can be used to supplement the efforts of security analysts and significantly reduce the time it takes to investigate and remediate threats, which in turn reduces dwell time, lowers breach costs and improves overall security posture. It’s important to get a solid grasp of how AI can help meet your specific business needs and where it can make the most impact before moving forward with selecting and implementing a solution.