AI in cybersecurity: Yesterday’s promise, today’s reality
Together, the consumerization of AI and advancement of AI use-cases for security are creating the level of trust and efficacy needed for AI to start making a real-world impact in security operation centers (SOCs). Digging further into this evolution, let’s take a closer look at how AI-driven technologies are making their way into the hands of cybersecurity analysts today.
Driving cybersecurity with speed and precision through AI
After years of trial and refinement with real-world users, coupled with ongoing advancement of the AI models themselves, AI-driven cybersecurity capabilities are no longer just buzzwords for early adopters, or simple pattern- and rule-based capabilities. Data has exploded, as have signals and meaningful insights. The algorithms have matured and can better contextualize all the information they’re ingesting—from diverse use cases to unbiased, raw data. The promise that we have been waiting for AI to deliver on all these years is manifesting.
For cybersecurity teams, this translates into the ability to drive game-changing speed and accuracy in their defenses—and perhaps, finally, gain an edge in their face-off with cybercriminals. Cybersecurity is an industry that is inherently dependent on speed and precision to be effective, both intrinsic characteristics of AI. Security teams need to know exactly where to look and what to look for. They depend on the ability to move fast and act swiftly. However, speed and precision are not guaranteed in cybersecurity, primarily due to two challenges plaguing the industry: a skills shortage and an explosion of data due to infrastructure complexity.
The reality is that a finite number of people in cybersecurity today take on infinite cyber threats. According to an IBM study, defenders are outnumbered—68% of responders to cybersecurity incidents say it’s common to respond to multiple incidents at the same time. There’s also more data flowing through an enterprise than ever before—and that enterprise is increasingly complex. Edge computing, internet of things, and remote needs are transforming modern business architectures, creating mazes with significant blind spots for security teams. And if these teams can’t “see,” then they can’t be precise in their security actions.
Today’s matured AI capabilities can help address these obstacles. But to be effective, AI must elicit trust—making it paramount that we surround it with guardrails that ensure reliable security outcomes. For example, when you drive speed for the sake of speed, the result is uncontrolled speed, leading to chaos. But when AI is trusted (i.e., the data we train the models with is free of bias and the AI models are transparent, free of drift, and explainable) it can drive reliable speed. And when it’s coupled with automation, it can improve our defense posture significantly—automatically taking action across the entire incident detection, investigation, and response lifecycle, without relying on human intervention.
Cybersecurity teams’ ‘right-hand man’
One of the common and mature use-cases in cybersecurity today is threat detection, with AI bringing in additional context from across large and disparate datasets or detecting anomalies in behavioral patterns of users. Let’s look at an example: