Using AI in Cybersecurity
Cybersecurity is becoming a major for challenge to organizations of all sizes, with threats proliferating in number and sophistication at breakneck pace. AI in cybersecurity can help meet that challenge.
March 22, 2021
By Scott Robinson
The Growing Problem of Enterprise Network Security
When it comes to integrating AI-based processes into security, it isn’t just useful; it’s become essential and is rapidly becoming mission critical to organizations of all sizes.
The rapidly expanding attack surface of virtually every enterprise, with the proliferation of Internet of Things (IoT) devices and cloud systems is a leading reason why artificial intelligence (AI) has become essential in security.
Organizations have moved from securing thousands of devices to potentially millions. Within this new surge in network traffic are billions of time-varying signals, all of which must be analyzed to assess risk. Security is becoming incredibly more complex in just a handful of years because there is far more to attack.
Add to this the fact that malicious attackers also have AI at their disposal: Their attacks have become more sophisticated and frequent – with AI allowing them to automate breach attempts. Those threats can’t possibly by handled manually with even the largest organizations now suffer from a severe lack of security professionals.
Many organizations exploit cloud technology to expand their digital operations geographically, but the downside is that this expansion augments network complexity and the attack surface further.
The global cost of a typical enterprise data breach has reached $3.86 million, according to a report by Norton, requiring an average recovery period of 196 days. The problem is getting worse to the point that enterprise security is now beyond human scale. New allies are needed in this effort, with AI in cybrsecurity rapidly becoming a much-needed savior.
How AI in Cybersecurity Solves Problems
If the list of new complications that have entered the cybersecurity mix is daunting, there’s nonetheless a positive: for every complication, there’s an AI opportunity. The list is long:
Automated threat detection. With AI, threats can be detected before they become costly. The security system can potentially be trained to detect a dedicated denial of service attack (DDoS) attack long before it becomes critical.
Threat exposure. Through AI, it’s now possible for a security system to be frequently updated on both global and industry-specific threats, and to prioritize them according to their local potential to occur.
Asset management. It’s stated above that much of the problem today is the proliferation of IoT, which opens up the attack surface; AI helps manage the burgeoning ocean of devices, to navigate their firmware updates and security patches, where no human security professional could reasonably be expected to do so.
Gap detection. In large and complex networks, it’s likewise prohibitively difficult for human professionals to test for potential gaps in security; AI can, however, handle it.
Self–learning systems. AI in cybersecurity makes it possible for a system to learn as it grows, with each success and failure, self-tuning to become increasingly efficient and effective.
Breach risk prediction. With self-learning, device management, ongoing gap detection and threat exposure, the system can learn to predict the risk of breach under a wide range of scenarios, and even to prioritize those risks – making it possible for the human security professionals to focus their attention on the greatest ones.
And a couple of AI positives fall into the category of “aftermath” – useful features to have when an attack has succeeded:
Incident response. AI can provide the detailed context of the attack and its impact for subsequent study, so that the human team can understand what went wrong and how cybersecurity can be improved.