I had the pleasure of attending several conferences and security-related events over the past year, and once you got beyond the conversations about data privacy and GDPR (because that was clearly the number-one issue on everyone’s mind in 2018), there was a lot of chatter about the use of artificial intelligence (AI) and machine learning (ML) in the cybersecurity space. The feelings about AI and ML are mixed, and that kind of surprised me. There are those who believe the technologies will revolutionize cybersecurity. Then there are those who are convinced that it is overhyped.
From my vantage point, in 2018, AI and ML looked to be most utilized as ways to address the skills gap. Peter Evans, CMO at security solutions integrator Optiv, told me in an email comment that enterprise is turning to the technologies to eliminate manual tasks in security operations, adding:https://o1.qnsr.com/log/p.gif?;n=203;c=204663295;s=11915;x=7936;f=201904081034270;u=j;z=TIMESTAMP;a=20410779;e=i
Many of the tasks executed by the typical security practitioner or SOC analysts are repetitious, in some cases as much as 90 percent of the tasks. This begs for a solution whereby software is the proxy for labor, improving costs, efficiency, and risk response time. Enterprises are still in the early stages of adopting these technologies, but the trend is undeniable: Security operations is moving to an era where “software robots” will execute repetitive and mundane tasks, which will enable operations personnel to focus on higher-level tasks that actually improve security posture.
I think Evans makes a good point here. AI is in its beginning stages. And we aren’t sure where it is going to take us. Michael Nizich, director, Entrepreneurship & Technology Innovation Center/Director, NSA/DHS CAE Cyber Defense Education Program with the College of Engineering and Computing Sciences at New York Institute of Technology, believes that even in this early stage of AI/ML adoption, more solutions are starting to emerge that use some sort of AI to analyze historical logs and to analyze medical device data. On the other hand, Jeff Williams, co-founder and CTO, Contrast Security, doesn’t think that AI is going to get us very far in terms of cybersecurity, telling me via email:
For threats we understand, like SQL Injection, for example, we are better off using strong detection and prevention technologies where we have confidence in exactly what is being checked. For threats we don’t understand, AI/ML also don’t get us anywhere. We need data to train the models that simply doesn’t exist for novel threats. There are some corner cases where AI/ML can be very useful, but it’s not going to fundamentally change security.
So, looking at AI and ML in terms of 2018 security and compliance trends, I’d say that the technologies are generating buzz, but the jury is out on how (or if) they can be most effectively used.
Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom's Guide. You can reach Sue via Twitter: @sueporemba