Ignore the hype: Artificial intelligence (AI) can improve your security posture now. We’ve been waiting for AI to deliver benefits to cybersecurity for a long time.
ChatGPT aside, AI has been a hot-and-cold topic for decades, with periods of overhyped promises interspersed with periods of cynical rejection after failure to deliver on all of those promises.
No wonder plenty of security leaders are wary. Yet, despite the wariness, AI is helping to improve cybersecurity today and will increasingly provide substantial security benefits -- and challenges.
Human and Artificial Intelligence is required for a strong security posture
Creating a strong security posture involves three key elements:
- Comprehensive measurement.
- An understanding of external and internal threats, risky behaviors, and signals.
- Implementation of preventive measures.
To achieve these, collecting all relevant data and leveraging big data technology to manage, orchestrate, and make sense of it is important.
Nowadays, to effectively analyze and apply data, we need both human and machine-generated intelligence. As defined in Wikipedia, intelligence is "the ability to perceive or infer information, and to retain it as knowledge to be applied towards adaptive behaviors within an environment or context."
Human intelligence is challenging for security analysts to scale. Plus, with the increasing complexity of data, analysts require advanced skills and expertise that take years to develop -- and it’s a talent pool that’s in short supply.
Consequently, AI is a practical solution for scaling cybersecurity. With reliable AI systems, companies can reduce dependence on experts in both data and security fields.
Top 4 use cases in which AI can improve an organization’s overall security posture
Four ways to improve enterprise security using AI include:
- Advanced threat detection. AI can help identify signals, such as risky or anomalous behaviors, that traditional rule-based methods have had trouble detecting and measuring.
- Signal processing. Comprehension of the signals can make them meaningful and actionable: correlating, enriching, and assessing any potential exposures and threats.
- Risk modeling that incorporates all signals and situations from large amounts of data can provide a better understanding of potential risks.
- Clear risk statements. Language and machine learning models (LLMs) can facilitate the effective and timely articulation of risk information and its context to a broader audience.
Are AI algorithms ready for prime time?
The quality of AI algorithms depends on the training data. How do you ensure that the AI model lives up to expectations and does not add to alert fatigue by generating more false positives?
Over the years, AI systems have undergone significant advancements, and not all systems necessarily require supervised learning techniques. Unsupervised systems, such as anomaly detection, are commonly used and highly sought after in security applications. Anomaly detection, for instance, can significantly reduce false positive rates.
Furthermore, with the support of standard bodies, such as MITRE, who maintain an ontology of the continually evolving threat landscape, it is feasible to develop highly sophisticated AI systems without "training data."
AI solutions for cybersecurity are working today, for example in Resolution Intelligence Cloud from Netenrich. These solutions continue to improve, independently of hype, and should be part of any cybersecurity team’s arsenal.
Originally published at betanews.