AI is increasingly being put to use in the technology stacks of cybersecurity companies, but not at the expense of human experts who guide the rollout and work alongside the smart tools.
Before 2019, one in five cybersecurity software and service providers were employing AI, according to a study last year by Capgemini Research Institute, in a review of recent research published in DarkReading. Adoption was found to be “poised to skyrocket” by the end of 2020, with 63% of the firms planning to deploy AI in their solutions. Planned use in IT operations and the Internet of Things are predicted to see the most uptick.
Increased adoption of AI does not mean that security professionals on IT staffs are ready to hand off their responsibilities. A recent study conducted by White Hat Security at the RSA Conference 2020, held live at the end of February in San Francisco, found that 60% of security professionals are more confident when cyberthreat findings are verified by humans, over those generated by AI. One-third of respondents said intuition is the most important human element fueling analysis, while 21% said creativity is an advantage for humans.
Still, despite some reservations about AI, the White Hat survey found 70% of security professionals agreed that AI makes teams more efficient by taking over maybe 50% of the mundane tasks, freeing them for other work and reducing stress.
Some security professionals see their jobs as too complex to be taken over by machines, according to a recent Threat Intelligence report from the Ponemon Institute. Over half of the more than 1,000 IT professionals surveyed said they would not be able to train the AI to do the tasks their teams perform, and they are more qualified than AI to catch threats in real time. For protection of networks, close to half of respondents said human intervention was a necessity.
Nevertheless, the train has left the station for AI in cybersecurity. Some three-quarters of executives responding to the Cap Gemini survey said AI in cybersecurity speeds breach response, detection and remediation. Over 60% said AI also reduces the cost of detection and response.
Humans Said to Need the Help of AI in Cybersecurity
Humans need the help of AI to counter cybersecurity threats, suggests a recent report from KPMG and Oracle focused on trends in India. AI working with machine learning provides a powerful filter to sift through alerts and flag the most relevant, according to an account citing the report in The Hindu BusinessLine.
“Depending only on humans to counter the threat is no longer enough. It is far easier, efficient to keep track of different threat vectors and monitor an expanding threat surface with an AI-ML led approach,” stated Greg Jensen, Senior Principal Director of Security, Oracle. “Nearly all security providers now cite the use of some form of ML in their products as a means to protect against zero-day threats and malicious behaviors that evade more traditional forms of detection,” he added.
The Oracle KPMG Cloud Threat Report, based on a survey of 750 cybersecurity and IT professionals, found top priorities were the security of company financials and intellectual property. The respondents are using many products to combat threats, with 78% using more than 50 discrete cybersecurity products, and 37% using more than 100 products.
As IT organizations in India move more operations to the cloud, many are looking to define a cloud security strategy, which frequently employs a model of shared responsibility.
A shortage of skilled cybersecurity staff is a challenge for AI adoption in India, as it is globally, with not enough analysts available to triage alerts. AI is seen as being able to assist existing analysts in hunting and analyzing chains of attack.
Over 90% of the KPMG-Oracle survey respondents acknowledged the gap between the current cloud strategies and their ability to provide effective security and privacy controls. Oracle positions to help prescribe more intelligent automation of cybersecurity incorporating AI in response.
Unsupervised Machine Learning Seen as Effective
Machine learning models come in these different forms: Supervised, Reinforcement, Unsupervised and Semi-Supervised (also known as Active Learning). A recent account in Technative gives the nod to Unsupervised machine learning as the preference for cybersecurity.
Supervised Learning relies on a process of labeling in order to “understand” information. The machine learns from labeling lots of data and is able to “recognize” something only after someone, most likely a security professional, has already labeled it. The model cannot do it on its own, according to the author Ana Mezic of MixMode, a company offering a predictive threat modeling security service.
It is not usually the case in cybersecurity that you know exactly what you are looking for. If hackers use a method of attack that the security program has not seen before, the supervised machine learning system would not recognize it.
Unsupervised Learning draws inferences from datasets, searching for patterns out of the norm that could be dangerous. The software creates a baseline for a customer network, showing what a “normal day” looks like. A file transfer that is too large or sent at an odd time would be flagged. The model is optimized for predicting behavior, good enough that the company says it can detect zero-day attacks, those exploiting an unknown vulnerability.
Shiv has over 8 years experience working on Internet of Things and an avid user of Drones