How Do Security Professionals Feel About AI-Based Cybersecurity Technology?

What’s behind the recent adoption of AI-based cybersecurity technology? Research from Enterprise Strategy Group offers some information;

  • 29% of people want to employ AI cybersecurity to improve incident detection. This generally means improving correlating, curating, and enriching high-volume security alerts to create a cohesive incident detection through different tools.
  • 27% want to employ the technology to improve incident response. That means improving operation, making the right incidents a priority, and automating mediation tasks.
  • 24% want to employ the technology to make it easier for their organizations to find and communicate risks to their business. AI is employed to sort through a bulk of configuration errors, vulnerabilities, and threat intelligence to identify high-risk situations that need to be addressed immediately.
  • 22% want to use the technology to improve their understanding of cybersecurity situational awareness. This essentially means that they want to use AI to get a unified view of their security across an entire network.

It’s worth point out that for every one of those use cases, it’s not possible to use AI by itself just yet. Instead, they improve the power and effectiveness of already existing technologies, improving efficiency, efficacy, and value.

This generally happens in one of two ways. There are cases where machine learning is applied to an already existing security system as a helper app. Bay Dynamics and Symantec are good examples. They partnered together to apply the AI engines of Bay to Symantec DLP to reduce the noise associated with alerts from the program. Fortscale does something similar by back-ending endpoint detection and response (EDR), identity and access management (IAM), cloud access security brokers (CASB), and more.

There are also some AI-based solutions that work as stand-alone programs, but they are coupled together with a range of other technology in a security operations and analytics platform architecture (SOAPA). Vectra Networks and E8 security will usually be integrated with EDR and SIEM. Kenna Security works is connected to vulnerability scanners. Caspida and Splunk are integrated together, along with QRadar and Watson at IBM, and more.

There can be no doubt that AI-based security analytics are working their way into the industry, but it’s also worth noting that CISOs generally don’t care about how the sausage is made, to coin a phrase. They only care about results. The research from ESG suggests that only around 30% of cybersecurity pros feel they understand AI and machine learning and how it can be applied to cybersecurity analytics. This means that cybersecurity vendors touting AI algorithms, concepts, and data science knowledge are likely barking up the wrong tree. A CISO wants to improve the efficacy of security systems, the efficiency of security operations, and provide a secure environment for IT initiatives to flourish. AI is sure to be accepted as long as it can help them to achieve their aims.

AI could very well become a game-changer in the cybersecurity world in the future, and CISOs should be open to the idea. For now though, don’t expect anything too crazy.