Artificial Intelligence and Cybersecurity: The Real Deal
Share with Your Network
What security professionals think about AI-based cybersecurity technology
What’s driving AI-based cybersecurity technology adoption? ESG research indicates:
- 29 percent want to use AI-based cybersecurity technology to accelerate incident detection. In many cases, this means doing a better job of curating, correlating, and enriching high-volume security alerts to piece together a cohesive incident detection story across disparate tools.
- 27 percent want to use AI-based cybersecurity technology to accelerate incident response. This means improving operations, prioritizing the right incidents, and even automating remediation tasks.
- 24 percent want to use AI-based cybersecurity technology to help their organization better identify and communicate risk to the business. In this case, AI is used to sort through mountains of software vulnerabilities, configuration errors, and threat intelligence to isolate high-risk situations that call for immediate attention.
- 22 percent want to use AI-based cybersecurity technology to gain a better understanding of cybersecurity situational awareness. In other words, CISOs want AI in the mix to give them a unified view of security status across the network.
It’s important to point out that in each of these use cases, AI-based solutions don’t operate in a vacuum yet. Rather they provide incremental analytics horsepower to existing technologies, driving greater efficacy, efficiency, and value.
This tends to happen in one of two ways. In some cases, machine learning technologies are applied to existing security defenses as helper apps. For example, Bay Dynamics and Symantec have formed a partnership that applies Bay’s AI engine behind Symantec DLP to help reduce the noise associated with DLP alerts. Fortscale does similar things by back-ending endpoint detection and response (EDR), identity and access management (IAM), cloud access security brokers (CASB), etc.
Alternatively, some AI-based solutions work on a stand-alone basis but are also tightly coupled with the various other technologies of a security operations and analytics platform architecture (SOAPA). Vectra Networks and E8 security are often integrated with SIEM and EDR. Kenna Security works hand in hand with vulnerability scanners. Splunk and Caspida are tightly integrated as are IBM QRadar and Watson, etc.
There’s no doubt that AI-based security analytics are invading the industry, but it’s worth noting that CISOs really don’t care or even understand how the sausage is made. ESG research indicates that only 30 percent of cybersecurity pros feel like they are very knowledgeable about AI/machine learning and its application to cybersecurity analytics. That means cybersecurity vendors that tout AI concepts, algorithms, and data science chops are barking up the wrong tree. CISOs want to enhance security efficacy, improve operational efficiency, and help deliver highly secure business-enabling IT initiatives. AI will be welcomed with open arms if it can help them achieve those goals.
In the future, AI could be a cybersecurity game-changer, and CISOs should be open to this possibility. In the meantime, don’t expect many organizations to throw the cybersecurity baby out with the AI bath water.