Does AI materially impact cybersecurity strategies?

Image by Jackson Sophat from Unsplash

Artificial intelligence (AI) has been deployed across multiple industries to increase security, improve productivity or enhance user experiences.

AI arrived in the cybersecurity space claiming to cyber leaders that it was the solution to detecting and stopping advanced attacks. According to a global survey released in September 2021, just under half of executives think artificial intelligence is the best tool to counter nation-state cyberattacks.

It’s true that AI technologies can continually learn and improve, generalizing observations from past attacks to discover new malicious behaviors. However, while AI is lathered across almost every marketing campaign involved in promoting cybersecurity products, the promise of AI is generally hollow until the models can meet or exceed human levels of intelligence.

In cybersecurity today, AI is achieving and exceeding human intelligence in limited arenas. Detection of malicious emails and malware represents the most mature capabilities of AI in cybersecurity. Models learn from large amounts of malicious and benign examples to proactively identify and stop new cyberattacks. This capability has exceeded the previous human and rule-driven approaches to detecting these types of attacks.

Beyond malicious emails and files detection, AI models are also matching human intelligence in detecting sophisticated attacks via obfuscated scripts and information technology (IT) tools. Models, trained on large volumes of human investigations, have the ability to detect novel attacks that go unnoticed by even the most advanced antivirus and endpoint detection and response technologies.

While there is plenty of hype about the ability of AI to identify behavioral anomalies that indicate complex attacks, these models often still fall short of human capabilities. The output of this AI typically generates too many false positives, limiting the ability of humans to act, and leaving too much risk for automated response or containment. The output of these behavioral detections can be useful to help mature teams process large volumes of data and focus on potential threats, but it has not reached a level of maturity to directly benefit most teams.

Finally, despite the appeal of stories that pitch AI cyberattacks versus AI cyber defense, the reality is that humans are still at the heart of any complicated cyberattack and defensive actions. The tools of attackers are becoming more powerful and can be amplified with AI, but models with human-level creativity and intelligence are still science fiction in cybersecurity today. When evaluating how AI can help protect against sophisticated attacks, the quality of an approach can be judged by how it makes human defenders better — not how it replaces them.

Dustin Hillard, CTO, is responsible for leading product development and technology innovation at eSentire.

ON DEMAND: In this webinar, Regina Lester, Vice President of Security & Safety Operations at Toledo Zoo, will share her insights on implementing security technologies in the entertainment sector and the challenges all organizations face — large and small — when it comes to balancing budget and security.